Folks,
we have been notified about possible DoS attack which involves calling
_non_existent operation on the application server side with corrupted
target object ID. We have successfully duplicated this issue and prepared
a fix. The fix has been tested for regressions and it is regression free.
If you are using MICO application on the public network, we strongly
recommend you to apply it. It is against the MICO 2.3.12 release.
See http://mico.org/down.html or get it directly from
http://mico.org/errata/mico-2.3.12-secfix1.diff
Cheers,
Karel
------------------------------------------------------------------------
Karel Gardas, Principal Software Engineer, ObjectSecurity Ltd.
St John's Innovation Centre, Cowley Rd., Cambridge CB4 0WS, UK
Tel. +44 1223 420252, Fax. +44 870 762 6041
USA: Tel.+1-800-898-9148, Fax +1-360-933-9591
[EMAIL PROTECTED], www.objectsecurity.com
------------------------------------------------------------------------
_______________________________________________
Mico-devel mailing list
[email protected]
http://www.mico.org/mailman/listinfo/mico-devel
