HP Security Research Blog
The HP Security Research blog provides a platform for security experts from across HP to discuss innovative research, industry observations, and updates on the threat landscape to help organizations proactively identify and manage risk.

Double-Dip: Using the latest IE 0-day to get RCE and an ASLR Bypass

Could the latest 0-day used in the wild be stealthier?

The attack discovered last week used two vulnerabilities but it could have been stealthier. A bug was exploited in flash to bypass ASLR and another in IE to gain RCE. ZDI's research proved that the IE bug can be exploited to bypass ASLR+DEP without using a Flash bug.

Labels: 0day| ASLR| DEP| exploit| IE| IE0day| ZDI

Protect your Struts1 applications

Since the last post on how to mitigate the Struts 2 zero day on the wild we have received many queries from customers wondering if their legacy Struts 1 applications were also vulnerable to this same attack. Keep reading ...

Tags: 0day| Struts1
Labels: 0day| Struts1

Struts2 zero day in the wild

Remote code execution zero day in up-to-date Struts 2 applications:

 

Several months ago the Struts2 team announced security vulnerability S2-020 that allowed ClassLoader manipulation resulting in Remote Code Execution on certain application servers like Tomcat 8.

Tags: 0day| Struts2
Labels: 0day| Struts2
Search
Showing results for 
Search instead for 
Do you mean 
About the Author(s)
Follow Us


HP Blog

HP Software Solutions Blog

Labels
The opinions expressed above are the personal opinions of the authors, not of HP. By using this site, you accept the Terms of Use and Rules of Participation