New Web Vulnerability - Cross-Site Tracing

From: Pete Soderling (peteat_private)
Date: Wed Jan 22 2003 - 11:24:22 PST

Next message: mindwarperat_private: "YabbSE Remote Code Execution Vulnerability"

Previous message: mattmurphyat_private: "Path Parsing Errata in Apache HTTP Server"
Next in thread: Marc Slemko: "Re: New Web Vulnerability - Cross-Site Tracing"
Reply: Marc Slemko: "Re: New Web Vulnerability - Cross-Site Tracing"
Reply: Andrew Clover: "Re: New Web Vulnerability - Cross-Site Tracing"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

I thought this news might interest the group ...

ExtremeTech (http://extremetech.com) just released an article on a new type of vulnerability recently reported to CERT, Cross-Site Tracing (XST).

"After months of extensive research, San Jose California-based WhiteHat Security has unmasked a flaw in one of the Web's cornerstone protocols which places all e-commerce sites, as well as scores of Internet users, in jeopardy.

This threat was discovered by application security research firm WhiteHat, and is detailed in David's story below. White Hat Security was started by a former CTO from Ungermann-Bass, and an Information Security officer at Yahoo!."

Read the entire post at: http://www.extremetech.com/article2/0,3973,841047,00.asp

--petesoder

Next message: mindwarperat_private: "YabbSE Remote Code Execution Vulnerability"
Previous message: mattmurphyat_private: "Path Parsing Errata in Apache HTTP Server"
Next in thread: Marc Slemko: "Re: New Web Vulnerability - Cross-Site Tracing"
Reply: Marc Slemko: "Re: New Web Vulnerability - Cross-Site Tracing"
Reply: Andrew Clover: "Re: New Web Vulnerability - Cross-Site Tracing"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

This archive was generated by hypermail 2b30 : Wed Jan 22 2003 - 12:59:01 PST