Tuesday, August 2, 2016

securityonion-squert - 20141015-0ubuntu0securityonion19 resolves XSS issue and disables Apache autoindex module

Manuel Mancera discovered a XSS issue in Squert:
https://github.com/int13h/squert/issues/76
https://groups.google.com/d/topic/security-onion/-x_PQQwm4bQ/discussion

securityonion-squert - 20141015-0ubuntu0securityonion19 resolves this XSS issue and also disables the Apache autoindex module:

Issue 967: Squert: Parameter not escaped in ip2c.php
https://github.com/Security-Onion-Solutions/security-onion/issues/967

Issue 969: Squert: prevent directory listing for subdirectories
https://github.com/Security-Onion-Solutions/security-onion/issues/969

Updating
This package is now available in our stable repo.  Please see the following page for full update instructions:
https://github.com/Security-Onion-Solutions/security-onion/wiki/Upgrade

Want to show your support for Security Onion?
Security Onion t-shirts are available in our CafePress store!
http://www.cafepress.com/securityonion/11820053

Conference
Security Onion Conference will be on Friday September 9 and registration is open!
https://securityonion.net/conference

Training
Need training?  Please see:
https://securityonionsolutions.com

Support
Need support?  Please see:
https://github.com/Security-Onion-Solutions/security-onion/wiki/Support

Thanks!

No comments:

Search This Blog

Featured Post

Security Onion 2.4.170 now available including JA4, more SOC dashboards, and updated components!

Security Onion 2.4.170 is now available and includes JA4, more SOC dashboards, and updated components including Elastic 8.18.4, Suricata 7.0...

Popular Posts

Blog Archive