Hello Pebblers,
Please be aware that 3 vulnerabilities in Pebble have been found and
reported to JPCERT. I have worked with JPCERT to fix these
vulnerabilities, and have released Pebble 2.6.4 to fix them. I recommend
upgrading to Pebble 2.6.4 as soon as possible to address these issues.
Details of the vulnerabilities can be found here:
http://jvndb.jvn.jp/en/contents/2012/JVNDB-2012-000098.html - DoS
vulnerability, recommended for any internet facing Pebble installation.
You can work around this by disabling comments.
http://jvndb.jvn.jp/en/contents/2012/JVNDB-2012-000099.html - HTTP header
injection vulnerability, there are multiple ways to exploit this, the most
obvious being using it to make a reflected XSS attack. You can work around
this by using a servlet container that has in built HTTP header injection
prevention.
http://jvndb.jvn.jp/en/contents/2012/JVNDB-2012-000100.html - Open redirect
vulnerability. The main attack vector here is phishing attempts. There
are no work arounds.
Cheers,
James
------------------------------------------------------------------------------
LogMeIn Central: Instant, anywhere, Remote PC access and management.
Stay in control, update software, and manage PCs from one command center
Diagnose problems and improve visibility into emerging IT issues
Automate, monitor and manage. Do more in less time with Central
http://p.sf.net/sfu/logmein12331_d2d
_______________________________________________
Pebble-user mailing list
[email protected]
https://lists.sourceforge.net/lists/listinfo/pebble-user
