Author Archives: Bill Murphy

Exponential Widening of Your Attack Surface. More Work Being Done From Home

With Corona | COVID. RedZone in conjunction with SonicWall can help you secure your business as you re-tool and come up with new business models. Defense should not get in the way of your offense as you:

  • Race to digitize
  • Support Proliferation of apps and devices
  • Expand virtualized capabilities
  • Support legislation and regulations around the world (e.g., GDPR)
  • Secure borderless cloud apps and infrastructure
  • Pervasive use of clouds and sensors everywhere
  • This is the new world

CVE-2019-14868

In ksh version 20120801, a flaw was found in the way it evaluates certain environment variables. An attacker could use this flaw to override or bypass environment restrictions to execute shell commands. Services and applications that allow remote unauthenticated attackers to provide one of those environment variables could allow them to exploit this issue remotely.

View Full Alert

CVE-2018-11802

In Apache Solr, the cluster can be partitioned into multiple collections and only a subset of nodes actually host any given collection. However, if a node receives a request for a collection it does not host, it proxies the request to a relevant node and serves the request. Solr bypasses all authorization settings for such requests. This affects all Solr versions prior to 7.7 that use the default authorization mechanism of Solr (RuleBasedAuthorizationPlugin).

View Full Alert

CVE-2019-11254

The Kubernetes API Server component in versions 1.1-1.14, and versions prior to 1.15.10, 1.16.7 and 1.17.3 allows an authorized user who sends malicious YAML payloads to cause the kube-apiserver to consume excessive CPU cycles while parsing YAML.

View Full Alert