#rfc

rixty_dixet@squeet.me

#ThisWeekinSecurity: #Oracle #Opera, #Passkeys, and #AirTag #RFC

Bild/Foto

There’s a problem with Opera. No, not that kind of opera. The Oracle kind. Oracle OPERA is a Property Management Solution (PMS) that is in use in a bunch of big-name hotels around the world. The PMS is the system that handles reservations and check-ins, talks to the phone system to put room extensions in the proper state, and generally runs the back-end of the property. It’s old code, and handles a bunch of tasks. And researchers at Assetnote found a serious vulnerability. CVE-2023-21932 is an arbitrary file upload issue, and rates at least a 7.2 CVSS.

https://hackaday.com/2023/05/05/this-week-in-security-oracle-opera-passkeys-and-airtag-rfc/

christophs@diaspora.glasswings.com

HTTP/2: The Sequel is Always Worse | PortSwigger Research

HTTP/2 is easily mistaken for a transport-layer protocol that can be swapped in with zero security implications for the website behind it. In this paper, I'll introduce multiple new classes of HTTP/2-exclusive threats caused by both implementation flaws and RFC imperfections.

#http2 #http #security #rfc

https://portswigger.net/research/http2