Red Hat Security Blog: March 2016 archives

  • Security risks with higher level languages in middleware products

    Java-based high-level application-specific languages provide significant flexibility when using middleware products such as BRMS. This flexibility comes at a price as there are significant security concerns in their use. In this article the usage of Drools language and MVEL in JBoss BRMS is looked at to demonstrate some of these concerns. Other middleware products might be exposed to similar risks. Java is an extremely feature-rich portable language that is used to build a great range of...
    Posted 2016-03-23T13:30:00+00:00 - 0
  • Go home SSLv2, you’re DROWNing

    The SSLv2 protocol had its 21st birthday last month, but it’s no cause to celebrate with an alcohol beverage, since the protocol was already deprecated when it turned 18. Announced today is an attack called DROWN that takes advantage of systems still using SSLv2. Many cryptographic libraries already disable SSLv2 by default, and updates from the OpenSSL project and Red Hat today catch up. What is DROWN? CVE-2016-0800, also known as DROWN, stands for Decrypting RSA using Obsolete and Weakened...
    Posted 2016-03-01T13:00:00+00:00 - 0