Browsing Privacy | Researcher discloses zero-day vulnerability in FireEye

On Sunday, Kristian Erik Hermansen disclosed a zero-day vulnerability in FireEye’s core product, which if exploited, results in unauthorized file disclosure. As proof, he also posted a brief example of how to trigger the vulnerability and a copy of the /etc/passwd file. What’s more, he claims to have three other vulnerabilities, and says they’re for sale.

Based on the published information on Exploit-DB and Pastebin, the basic setup of the compromised appliance is exactly what you’d expect it to be; the box has Apache, pushing PHP, running as root.

The other listed services are also expected on a forward facing Web-appliance, including SSH and FTP. However, the disclosed flaw looks to be centered in a PHP script on the FireEye appliance itself.

Read the Full Article: Source – CSO Online
Browsing Privacy: (cso online) – Researcher discloses zero-day vulnerability in FireEye

source not found

Leave a Reply Cancel Reply

Keep Up To Date

Recent Posts

Tag cloud

Recent Comments

Categories

Navigation

Keep Up To Date

Related Article

Mum-of-four first woman JAILED for revenge porn after posting pictures of lesbian lover

Facebook dealt privacy blow as US-Europe data-sharing pact declared illegal

Safari users in the UK can sue Google over alleged privacy violations

Leave a Reply Cancel Reply

Keep Up To Date

Recent Posts

Tag cloud

Recent Comments

Categories