User After Free – Qualys ThreatPROTECT

Optionsbleed: Use-After-Free Leading to Memory Leak in Apache HTTP

Posted by Deepak Shanker on September 18, 2017September 18, 2017

Introduction: A user after free (UAF) vulnerability in Apache HTTP causes the server to respond with a corrupted ALLOW header while replying to a HTTP OPTIONS request. The Apache httpd enables attackers to read data from process memory if Limit directive is set for user in .htaccess file or if the file contains mis-configurations. This … Continue reading “Optionsbleed: Use-After-Free Leading to Memory Leak in Apache HTTP”

Firefox SVG Animation Remote Code Execution CVE-2016-9079

Posted by Deepak Shanker on December 19, 2016January 25, 2017

Introduction: A zero day exploit against Tor Browser and FireFox has been observed in the wild. The exploit is initiated when a target accesses a compromised web page or web page hosted by an attacker. The vulnerability has been assigned CVE Id – 2016-9079, Bugzilla id – 1321066. The exploit targets a use after free vulnerability … Continue reading “Firefox SVG Animation Remote Code Execution CVE-2016-9079”