ime member of this list, so I may
> not see any replies or questions made only to the list.
> >
> >
> > -Original Message-
> > From: Permeh, Ryan
> > Sent: Friday, July 24, 2009 9:53 AM
> > To: li...@zopyx.com
> > Cc: zope@zope.org
> > Sub
ssage-
> From: Permeh, Ryan
> Sent: Friday, July 24, 2009 9:53 AM
> To: li...@zopyx.com
> Cc: zope@zope.org
> Subject: RE: [Zope] HTTP Request Denial of Service Vulnerability
>
> It is not related the specified hotfix. I'm getting details now, but this is
> how it
iday, July 24, 2009 9:53 AM
> To: li...@zopyx.com
> Cc: zope@zope.org
> Subject: RE: [Zope] HTTP Request Denial of Service Vulnerability
>
> It is not related the specified hotfix. I'm getting details now, but this is
> how it seems:
> 1. this is from the Foundstone product
t; of this list, so I may not see any replies or questions made only to
> the list.
>
>
> -Original Message-
> From: Permeh, Ryan
> Sent: Friday, July 24, 2009 9:53 AM
> To: li...@zopyx.com
> Cc: zope@zope.org
> Subject: RE: [Zope] HTTP Request Denial of Ser
ly the specific issue in
question is very relevant on either side.
-Original Message-
From: Andreas Jung [mailto:li...@zopyx.com]
Sent: Friday, July 24, 2009 10:22 AM
To: Permeh, Ryan
Cc: zope@zope.org
Subject: Re: [Zope] HTTP Request Denial of Service Vulnerability
That's why I usually
via
> secur...@mcafee.com. I am not a full time member of this list, so I may not
> see any replies or questions made only to the list.
>
>
> -Original Message-
> From: Permeh, Ryan
> Sent: Friday, July 24, 2009 9:53 AM
> To: li...@zopyx.com
> Cc: zope@zope
: zope@zope.org
Subject: RE: [Zope] HTTP Request Denial of Service Vulnerability
It is not related the specified hotfix. I'm getting details now, but this is
how it seems:
1. this is from the Foundstone product, not a public advisory. The Foundstone
product is a vulnerability scanner, a
+---[ ryan_per...@mcafee.com ]--
|
| 1. This is likely a false positive, unless the original poster was running
ridiculously old software.
Ridiculously old software is not outside the realms of probability
--
Andrew Milton
a...@theinternet.com.au
_
text in 2002, but it obviously doesn't apply now.
-Original Message-
From: Andreas Jung [mailto:li...@zopyx.com]
Sent: Friday, July 24, 2009 9:43 AM
To: Permeh, Ryan
Cc: zope@zope.org
Subject: Re: [Zope] HTTP Request Denial of Service Vulnerability
Hi,
On 24.07.09 18:24, ryan_per
On 24.07.09 18:43, Andreas Jung wrote:
> Hi,
>
>
>
>
> On 24.07.09 18:24, ryan_per...@mcafee.com wrote:
>
>> I manage product security at McAfee, of which Foundstone is a part. I am
>> not aware of releasing such an advisory, and am looking into this. Could we
>> get details regarding where
Hi,
On 24.07.09 18:24, ryan_per...@mcafee.com wrote:
> I manage product security at McAfee, of which Foundstone is a part. I am not
> aware of releasing such an advisory, and am looking into this. Could we get
> details regarding where this was found? Was this posted to a web site? A
> s
I manage product security at McAfee, of which Foundstone is a part. I am not
aware of releasing such an advisory, and am looking into this. Could we get
details regarding where this was found? Was this posted to a web site? A
security mailing list? And when was it posted? This may have a v
On Jul 19, 2009, at 11:04 PM, TsungWei Hu wrote:
> The observation and recommendation is specifically generated by
> Foundstone Labs' software.
> It's my fault to suggest that might be related to Hotfix-2008-08-12.
> From my side, I will try to stop improper information from
> Foundstone lab.
The observation and recommendation is specifically generated by Foundstone
Labs' software.
It's my fault to suggest that might be related to Hotfix-2008-08-12.
>From my side, I will try to stop improper information from Foundstone lab.
Thanks, marr
On Mon, Jul 20, 2009 at 12:20 PM, Andreas Jung
+---[ Chris McDonough ]--
| This may be true. However, I notice that whomever makes the Foundstone
website
| can't spell either ("Costumer" for "Customer" in the "How you found out about
| us" dropdown). ;-) So... guilty till proven innocent as far as I'm concerned.
Do
On 20.07.09 04:06, TsungWei Hu wrote:
> I have a Plone 3.2.3 site that runs with Zope 2.10.8 and receive a
> security notice as follows. Is it sufficient to fix this just
> installing http://www.zope.org/Products/Zope/Hotfix-2008-08-12 ?
> Thanks, /marr/
>
>
> Although the Zope development environm
g about this
>> conclusion...
>>
>> You recently issued a security warning to the effect:
>>
>> """
>> = Name =
>>
>> Zope HTTP Request Denial of Service Vulnerability
>>
>> = Description =
>>
>> A vulnerability in
ning to the effect:
>
> """
> = Name =
>
> Zope HTTP Request Denial of Service Vulnerability
>
> = Description =
>
> A vulnerability in Zope may allow a remote attacker to manually
> shutdown the system.
>
> = Observation =
>
> The Z
I just sent the below via http://www.foundstone.com/us/contact-form.aspx . I'd
suggest that others do the same; this company is totally wrong about this
conclusion...
You recently issued a security warning to the effect:
"""
= Name =
Zope HTTP Request Denial of S
ng
> http://www.zope.org/Products/Zope/Hotfix-2008-08-12 ? Thanks, /marr/
>
> = Name =
>
> Zope HTTP Request Denial of Service Vulnerability
>
> = Description =
>
> A vulnerability in Zope may allow a remote attacker to manually shutdown
> the system.
>
> = Ob
I have a Plone 3.2.3 site that runs with Zope 2.10.8 and receive a security
notice as follows. Is it sufficient to fix this just installing
http://www.zope.org/Products/Zope/Hotfix-2008-08-12 ? Thanks, /marr/
= Name =
Zope HTTP Request Denial of Service Vulnerability
= Description =
A
21 matches
Mail list logo