Download
| Alert*
oval:org.secpod.oval:def:1600323
fail2ban is installed oval:org.secpod.oval:def:1600322 The apache-auth.conf, apache-nohome.conf, apache-noscript.conf, and apache-overflows.conf files in Fail2ban before 0.8.10 do not properly validate log messages, which allows remote attackers to block arbitrary IP addresses via certain messages in a request. oval:org.secpod.oval:def:601710 Two vulnerabilities were discovered in Fail2ban, a solution to ban hosts that cause multiple authentication errors. When using Fail2ban to monitor Postfix or Cyrus IMAP logs, improper input validation in log parsing could enable a remote attacker to trigger an IP ban on arbitrary addresses, resultin ... oval:org.secpod.oval:def:601322 fail2ban is installed oval:org.secpod.oval:def:601054 Krzysztof Katowicz-Kowalewski discovered a vulnerability in fail2ban, a log monitoring and system which can act on attack by preventing hosts to connect to specified services using the local firewall. When using fail2ban to monitor Apache logs, improper input validation in log parsing could enable a ... oval:org.secpod.oval:def:120888 Fail2Ban scans log files and bans IP addresses that makes too many password failures. It updates firewall rules to reject the IP address. These rules can be defined by the user. Fail2Ban can read multiple log files such as sshd or Apache web server ones. Fail2Ban is able to reduce the rate of incorr ... |