We are back after a very long break due to work. In this episode we have brand new intro music, discuss the yahoo hack and a apache tomcat vulnerability, and record in the same room for the first time in 2.5 years.
Have I been pwned?: https://haveibeenpwned.com/
Apache misconfiguration: Below are examples of misconfigurtions in the web.xml file.
<init-param> <param-name>readonly</param-name> <param-value>false</param-value> </init-param>
Is this context "read only", so HTTP commands like PUT and DELETE are rejected? [true]
New intro music provided by GIANT MONSTERS ON THE HORIZON:
http://giantmonstersonthehorizon.com/ https://www.facebook.com/giantmonstersonthehorizon/ https://open.spotify.com/artist/4HmglWNfF7jAYQxbEjv9Xt