This Metasploit module uses the Jenkins Groovy script console to execute OS commands using Java.
d399ceb32f8d20399dd647bec028b96de469f3d117d253352dc348ede3915dd0
Apache OFBiz versions 11.04.01 and 10.04.04 suffer from reflective cross site scripting vulnerabilities.
3c9f6192cc77dba64d6b0b5e7c44426c420c4b521505da89f12f97bfba4f3b24
Security Explorations has successfully confirmed that a complete Java security sandbox bypass can be still gained under the recent version of Java 7 Update 11.
2c0a7f2862f4d546c45170b13f44126996fbdec8d1119e3f9d1012ddc23afa5a
This document specifies a mechanism for protecting hosts connected to a broadcast network against rogue DHCPv6 servers. The aforementioned mechanism is based on DHCPv6 packet-filtering at the layer-2 device on which the packets are received. The aforementioned mechanism has been widely deployed in IPv4 networks ('DHCP snooping'), and hence it is desirable that similar functionality be provided for IPv6 networks.
46631cfae65fdb6654ab9e329ade0ad4a20f0dd648446b6619a9a7a7b9676a5d
The subtle way in which the IPv6 and IPv4 protocols co-exist in typical networks, together with the lack of proper IPv6 support in popular Virtual Private Network (VPN) products, may inadvertently result in VPN traffic leaks. That is, traffic meant to be transferred over a VPN connection may leak out of such connection and be transferred in the clear on the local network. This document discusses some scenarios in which such VPN leakages may occur, either as a side effect of enabling IPv6 on a local network, or as a result of a deliberate attack from a local attacker. Additionally, it discusses possible mitigations for the aforementioned issue.
9effe2e0fcf845f3f698a422ede8446c43df6f4d6472aafb96dd9a13c554fe6a
This document document provides advice on the filtering of IPv4 packets based on the IPv4 options they contain. Additionally, it discusses the operational and interoperability implications of dropping packets based on the IP options they contain.
f955987c95afee36773fb986f0bf5b02f89c6d9a9973c325dcbc1e926676ad9a
This document discusses the security implications of native IPv6 support and IPv6 transition/co-existence technologies on "IPv4-only" networks, and describes possible mitigations for the aforementioned issues.
903ddcb4eca069a1e4d2bb9516b478eda66b60596e5457b418a1891a5c85d510
The IPv6 specification allows packets to contain a Fragment Header without the packet being actually fragmented into multiple pieces (we refer to these packets as "atomic fragments"). Such packets typically result from hosts that have received an ICMPv6 "Packet Too Big" error message that advertises a "Next-Hop MTU" smaller than 1280 bytes, and are currently processed by some implementations as "fragmented traffic". Thus, by forging ICMPv6 "Packet Too Big" error messages an attacker can cause hosts to employ "atomic fragments", and then launch any fragmentation-based attacks against such traffic. This document discusses the generation of the aforementioned "atomic fragments", the corresponding security implications, and formally updates RFC 2460 and RFC 5722 such that fragmentation-based attack vectors against traffic employing "atomic fragments" are completely eliminated.
feac00abce76ecd39bf1bb5b6c8804af13f2781cf51012a6d77c2a65a15888df
This Internet Draft specifies the security implications of predictable fragment identification values in IPv6. It primarily focuses on countermeasures and mitigations.
38ea3e1b37df89d887edc1122b9c494c6779e2d1a05a220fd84e7a860c114607
When an IPv6 node processing an IPv6 packet does not support an IPv6 option whose two-highest-order bits of the Option Type are '10', it is required to respond with an ICMPv6 Parameter Problem error message, even if the Destination Address of the packet was a multicast address. This feature provides an amplification vector, opening the door to an IPv6 version of the 'Smurf' Denial-of-Service (DoS) attack found in IPv4 networks. This document discusses the security implications of the aforementioned options, and formally updates RFC 2460 such that this attack vector is eliminated. Additionally, it describes a number of operational mitigations that could be deployed against this attack vector.
fb4961bf8357488cad14ec9267d3578def97ef7eb554541ecd35f6f1114d3f2c
Neighbor Discovery is one of the core protocols of the IPv6 suite, and provides in IPv6 similar functions to those provided in the IPv4 protocol suite by the Address Resolution Protocol (ARP) and the Internet Control Message Protocol (ICMP). Its increased flexibility implies a somewhat increased complexity, which has resulted in a number of bugs and vulnerabilities found in popular implementations. This document provides guidance in the implementation of Neighbor Discovery, and documents issues that have affected popular implementations, in the hopes that the same issues do not repeat in other implementations.
00f877672b0a83b4dcaf16a1fcdecc660203df4d41d883646ee612d312f28996