The Hillstone
Blog

by

August 6, 2018

Vulnerability Notification: Oracle WebLogic Server Activator Insecure Deserialization

[Overview] WebLogic Server is a Java application server platform for developing, integrating, deploying, and managing large distributed Web applications and database applications. Recently, Oracle released an update patch to fix the WebLogic Server deserialization vulnerability. [Vulnerability Details] CVE-2018-2893: The vulnerability is caused by deserializing suspicious data in a T3 protocol request. An unauthorized attacker could…
More
by

July 24, 2018

Vulnerability Notification: Asterisk PJSIP Endpoint Presence Disclosure

[Overview] Asterisk is an open source software that implements the Private Branch eXchange (PBX) of telephone, allowing multiple affiliated telephones or user agents to call each other and connect to other telephone services, including the Public Switched Telephone Network (PSTN), via trunks. Recently, Asterisk fixed an information disclosure vulnerability. [Vulnerability Details] CVE-2018-12227: This vulnerability is…
More
by

July 17, 2018

Announcing the Hillstone Security Audit platform (HSA) 2.0R4

We are proud to announce the release of the Hillstone Security Audit platform, HSA 2.0R4 This new version is based on a new architecture, has a new web user interface, and is optimized for operational stability, along with geo-location friendly features. New features highlights: New web-based user interface optimized for user experience and stability Support…
More
by

July 10, 2018

Vulnerability Notification: Adobe ColdFusion DataServicesCFProxy ROME Framework Insecure Deserialization

[Overview] Adobe ColdFusion is an application development platform. The Flex integration service includes ColdFusion, which allows Flash applications to communicate with the ColdFusion server via Java RMI. Recently, Adobe fixed a deserialization vulnerability in AdobeCloudFusion Flex integration service. [Vulnerability Details] CVE-2018-4939: This vulnerability is caused by a lack of input validation for RMI method parameters…
More
by

July 6, 2018

Challenges Impacting Advanced Threat Prevention for the Software-Defined Data Center

Few technologies have enhanced business agility and economics as much as data centre virtualization. By abstracting physical servers as software running on a hypervisor, server virtualization has enabled IT to deploy new virtual servers and applications in minutes, speeding time to market for new business services and initiatives. Storage virtualization followed close behind, allowing fast…
More