Most of our obstacles would melt away if, instead of cowering before them,
we should make up our minds to walk boldly through them.
Orison Swett Marden (1853-1924); US writer, moralist.

- Weekly summary -
Oxygen3 24h-365d, by Panda Software (http://www.pandasoftware.com)

Madrid, May 1 2004 - This week, Oxygen3 24h-365d has informed its
subscribers about the news summarized below, which is available at:
http://www.pandasoftware.com/about/press/oxygen3/oxygen.asp

- New updates for BEA WebLogic (04/26/04).
BEA has released four new updates for WebLogic Server and WebLogic Express
to correct vulnerabilities that could be exploited maliciously. The first of
the updates actually replaces a previous one released by BEA to resolve
problems in the assigning of privileges on creating new groups. The second
concerns the specification of URL patterns ending in * instead of /*. The
third vulnerability is caused when an application calls the remove() method
of an EJB with a remote view. Finally the fourth vulnerability occurs when
using the config.sh or config.cmd configuration tools.

- Denial of Service in IBM HTTP Server (04/27/04).
SecuriTytracker has reported that a denial of service vulnerability has been
detected in IBM HTTP Server. This security flaw affects versions 1.3.12.x,
1.3.19.x, 1.3.26.x, 1.3.28, 2.0.42.x and 2.0.47 of this server and lies in
the handling of SSL packets. All IBM products that need the IBM Global
Security Toolkit (GSKIT) component for SSL run-time support are affected by
this vulnerability. The vulnerable versions of GSKIT are those prior to the
following: 4.0.3.345, 5.0.5.92, 6.0.6.33 and 7.0.1.16.

- RSA Security cryptographic challenge resolved (04/28/04).
In just over three months, a team of mathematicians has managed to solve the
latest cryptographic challenge -the RSA 576- promoted by RSA Security. On
this occasion, the challenge involved determining the two prime numbers used
to generate the eight 'challenge' numbers, based on RSA 576-bit keys (174
decimal digits).

- (II) Evolution of computer viruses (04/29/04).
Until the worldwide web and e-mail were adopted as a standard means of
communication the world over, the main mediums through which viruses spread
were floppy disks, removable drives, CDs, etc., containing files that were
already infected or with the virus code in an executable boot sector. When a
virus entered a system it could go memory resident, infecting other files as
they were opened, or it could start to reproduce immediately, also infecting
other files on the system. The virus code could also be triggered by a
certain event, for example when the system clock reached a certain date or
time.

- Multiple vulnerabilities in HP Web JetAdmin (04/30/04).
According to Securiteam, several security flaws have been discovered in HP
Web JetAdmin, which could allow dangerous attacks to be triggered. All
vulnerabilities lie in the web server (HP-Web-Server-3.00.1696), a modular
service that supports plugins as well as .inc and .hts files for creating
active content.

NOTE: The address above may not show up on your screen as a single line.
This would prevent you from using the link to access the web page. If this
happens, just use the 'cut' and 'paste' options to join the pieces of the
URL.