DOCSLIB.ORG

High Vulnerabilities

Total Page:16

File Type:pdf, Size:1020Kb

Download full-text PDF Read full-text
High Vulnerabilities Vulnerability Summary for the Week of June 24, 2019 The vulnerabilities are based on the CVE vulnerability naming standard and are organized according to severity, determined by the Common Vulnerability Scoring System (CVSS) standard. The division of high, medium, and low severities correspond to the following scores: • High - Vulnerabilities will be labeled High severity if they have a CVSS base score of 7.0 - 10.0 • Medium - Vulnerabilities will be labeled Medium severity if they have a CVSS base score of 4.0 - 6.9 • Low - Vulnerabilities will be labeled Low severity if they have a CVSS base score of 0.0 - 3.9 Entries may include additional information provided by organizations and efforts sponsored by Ug-CERT. This information may include identifying information, values, definitions, and related links. Patch information is provided when available. Please note that some of the information in the bulletins is compiled from external, open source reports and is not a direct result of Ug-CERT analysis. High Vulnerabilities Primary CVSS Source & Description Published Vendor -- Product Score Patch Info CVE-2019- An issue was discovered in Mongoose before 2019-06- 12951 cesanta -- mongoose 6.15. The parse_mqtt() function in mg_mqtt.c has 7.5 24 MISC a critical heap-based buffer overflow. MISC A vulnerability in the web-based management CVE-2019- cisco -- interface of Cisco Data Center Network Manager 2019-06- 1619 7.5 data_center_network_manager (DCNM) could allow an unauthenticated, remote 26 BID attacker to bypass authentication and execute CISCO Primary CVSS Source & Description Published Vendor -- Product Score Patch Info arbitrary actions with administrative privileges on an affected device. The vulnerability is due to improper session management on affected DCNM software. An attacker could exploit this vulnerability by sending a crafted HTTP request to the affected device. A successful exploit could allow the attacker to gain administrative access on the affected device. A vulnerability in the web-based management interface of Cisco Data Center Network Manager (DCNM) could allow an unauthenticated, remote attacker to upload arbitrary files on an affected device. The vulnerability is due to incorrect CVE-2019- cisco -- permission settings in affected DCNM software. 2019-06- 1620 10.0 data_center_network_manager An attacker could exploit this vulnerability by 26 BID uploading specially crafted data to the affected CISCO device. A successful exploit could allow the attacker to write arbitrary files on the filesystem and execute code with root privileges on the affected device. CVE-2019- Citrix AppDNA before 7 1906.1.0.472 has 2019-06- 12292 citrix -- appdna 7.5 Incorrect Access Control. 24 CONFIRM MISC Primary CVSS Source & Description Published Vendor -- Product Score Patch Info HP Support Assistant 8.7.50 and earlier allows a CVE-2019- user to gain system privilege and allows 2019-06- 6328 hp -- support_assistant unauthorized modification of directories or files. 7.2 25 BID Note: A different vulnerability than CVE-2019- CONFIRM 6329. HP Support Assistant 8.7.50 and earlier allows a CVE-2019- user to gain system privilege and allows 2019-06- 6329 hp -- support_assistant unauthorized modification of directories or files. 7.2 25 BID Note: A different vulnerability than CVE-2019- CONFIRM 6328. CVE-2018- 20843 MISC In libexpat in Expat before 2.2.7, XML input MISC including XML names that contain a large MISC number of colons could make the XML parser 2019-06- MISC libexpat -- expat 7.8 consume a high amount of RAM and CPU 24 MISC resources while processing (enough to be usable MLIST for denial-of-service attacks). BUGTRAQ UBUNTU UBUNTU DEBIAN Primary CVSS Source & Description Published Vendor -- Product Score Patch Info CVE-2019- LiveZilla Server before 8.0.1.1 is vulnerable to 2019-06- 12939 livezilla -- livezilla SQL Injection in server.php via the p_ext_rse 7.5 24 BID parameter. MISC LiveZilla Server before 8.0.1.1 is vulnerable to CVE-2019- Denial Of Service (memory consumption) in 2019-06- livezilla -- livezilla 7.1 12940 knowledgebase.php via a large integer value of 24 MISC the depth parameter. LiveZilla Server before 8.0.1.1 is vulnerable to CVE-2019- 2019-06- livezilla -- livezilla SQL Injection in functions.internal.build.inc.php 7.5 12960 25 via the parameter p_dt_s_d. MISC Spring Security, versions 4.2.x up to 4.2.12, and older unsupported versions support plain text passwords using PlaintextPasswordEncoder. If an CVE-2019- pivotal_software -- application using an affected version of Spring 2019-06- 7.5 11272 spring_security Security is leveraging PlaintextPasswordEncoder 26 CONFIRM and a user has a null encoded password, a malicious user (or attacker) can authenticate using a password of "null". PostgreSQL versions 10.x before 10.9 and 2019-06- CVE-2019- postgresql -- postgresql 9.0 versions 11.x before 11.4 are vulnerable to a 26 10164 Primary CVSS Source & Description Published Vendor -- Product Score Patch Info stack-based buffer overflow. Any authenticated CONFIRM user can overflow a stack-based buffer by MISC changing the user's own password to a purpose- crafted value. This often suffices to execute arbitrary code as the PostgreSQL operating system account. The QMP migrate command in QEMU version 4.0.0 and earlier is vulnerable to OS command CVE-2019- injection, which allows the remote attacker to 2019-06- qemu -- qemu 10.0 12928 achieve code execution, denial of service, or 24 MISC information disclosure by sending a crafted QMP command to the listening server. The QMP guest_exec command in QEMU 4.0.0 and earlier is prone to OS command injection, CVE-2019- which allows the attacker to achieve code 2019-06- qemu -- qemu 10.0 12929 execution, denial of service, or information 24 MISC disclosure by sending a crafted QMP command to the listening server. apps/gsudo.c in gsudo in ToaruOS through 1.10.9 CVE-2019- has a buffer overflow allowing local privilege 2019-06- toaruos -- toaruos 7.2 12937 escalation to the root user via the DISPLAY 23 MISC environment variable. Medium Vulnerabilities CVS Source & Primary Publishe S Description Patch Vendor -- Product d Scor Info e The Roundcube component of Analogic CVE- Poste.io 2.1.6 uses .htaccess to protect the 2019- logs/ folder, which is effective with the 2019-06- analogic -- poste.io 4.0 12938 Apache HTTP Server but is ineffective 24 MISC with nginx. Attackers can read logs via MISC the webmail/logs/sendmail URI. CVE- The fix for CVE-2019-0199 was 2019- incomplete and did not address HTTP/2 10072 connection window exhaustion on write BID in Apache Tomcat versions 9.0.0.M1 to MISC 9.0.19 and 8.5.0 to 8.5.40 . By not 2019-06- apache -- tomcat 5.0 CONFIR sending WINDOW_UPDATE messages 21 M for the connection window (stream 0) CONFIR clients were able to cause server-side M threads to block eventually leading to CONFIR thread exhaustion and a DoS. M The issue searching component in Jira CVE- 2019-06- atlassian -- jira before version 8.1.0 allows remote 4.0 2019- 26 attackers to deny access to Jira service 11583 CVS Source & Primary Publishe S Description Patch Vendor -- Product d Scor Info e via denial of service vulnerability in issue BID search when ordering by "Epic Name". MISC CVE- BCN Quark Quarking Password Manager 2019- 3.1.84 suffers from a clickjacking 12880 vulnerability caused by allowing * within 2019-06- bcnquark -- quarking_password_manager 4.3 MISC web_accessible_resources. An attacker 24 FULLDIS can take advantage of this vulnerability C and cause significant harm. MISC CVE- arch/powerpc/mm/mmu_context_book3s 2019- 64.c in the Linux kernel before 5.1.15 for 12817 powerpc has a bug where unrelated MLIST processes may be able to read/write to 2019-06- BID canonical -- ubuntu_linux 6.9 one another's virtual memory under 25 CONFIR certain conditions via an mmap above M 512 TB. Only a subset of powerpc MISC systems are affected. FEDORA UBUNTU A vulnerability in the web-based 2019-06- CVE- cisco -- data_center_network_manager 5.0 management interface of Cisco Data 26 2019-1621 CVS Source & Primary Publishe S Description Patch Vendor -- Product d Scor Info e Center Network Manager (DCNM) could BID allow an unauthenticated, remote attacker CISCO to gain access to sensitive files on an affected device. The vulnerability is due to incorrect permissions settings on affected DCNM software. An attacker could exploit this vulnerability by connecting to the web-based management interface of an affected device and requesting specific URLs. A successful exploit could allow the attacker to download arbitrary files from the underlying filesystem of the affected device. A vulnerability in the web-based management interface of Cisco Data Center Network Manager (DCNM) could allow an unauthenticated, remote attacker CVE- to retrieve sensitive information from an 2019-06- 2019-1622 cisco -- data_center_network_manager 5.0 affected device. The vulnerability is due 26 BID to improper access controls for certain CISCO URLs on affected DCNM software. An attacker could exploit this vulnerability by connecting to the web-based CVS Source & Primary Publishe S Description Patch Vendor -- Product d Scor Info e management interface of an affected device and requesting specific URLs. A successful exploit could allow the attacker to download log files and diagnostic information from the affected device. CVE- 2019- 12280 MISC FULLDIS C PC-Doctor Toolbox before 7.3 has an 2019-06- dell -- supportassist_for_business_pcs 6.8 CONFIR Uncontrolled Search Path Element. 25 M BID MISC MISC MISC MISC FasterXML jackson-databind 2.x before CVE- 2.9.9 might allow attackers to have a 2019-06- 2019- fasterxml -- jackson-databind 4.3 variety of impacts by leveraging failure to 24 12384 block the logback-core class from MISC CVS Source & Primary Publishe S Description Patch Vendor -- Product d Scor Info e polymorphic deserialization.
Load more

Recommended publications
  • Interfacing Apache HTTP Server 2.4 with External Applications
    Interfacing Apache HTTP Server 2.4 with External Applications Jeff Trawick Interfacing Apache HTTP Server 2.4 with External Applications Jeff Trawick November 6, 2012 Who am I? Interfacing Apache HTTP Server 2.4 with External Applications Met Unix (in the form of Xenix) in 1985 Jeff Trawick Joined IBM in 1990 to work on network software for mainframes Moved to a different organization in 2000 to work on Apache httpd Later spent about 4 years at Sun/Oracle Got tired of being tired of being an employee of too-huge corporation so formed my own too-small company Currently working part-time, coding on other projects, and taking classes Overview Interfacing Apache HTTP Server 2.4 with External Applications Jeff Trawick Huge problem space, so simplify Perspective: \General purpose" web servers, not minimal application containers which implement HTTP \Applications:" Code that runs dynamically on the server during request processing to process input and generate output Possible web server interactions Interfacing Apache HTTP Server 2.4 with External Applications Jeff Trawick Native code plugin modules (uhh, assuming server is native code) Non-native code + language interpreter inside server (Lua, Perl, etc.) Arbitrary processes on the other side of a standard wire protocol like HTTP (proxy), CGI, FastCGI, etc. (Java and \all of the above") or private protocol Some hybrid such as mod fcgid mod fcgid as example hybrid Interfacing Apache HTTP Server 2.4 with External Applications Jeff Trawick Supports applications which implement a standard wire protocol, no restriction on implementation mechanism Has extensive support for managing the application[+interpreter] processes so that the management of the application processes is well-integrated with the web server Contrast with mod proxy fcgi (pure FastCGI, no process management) or mod php (no processes/threads other than those of web server).
    [Show full text]
  • Vasili Korol
    Vasili Korol Senior Software Developer Odense, Denmark Age: 35 mob.: +45 20 68 50 23 Married, have son (born 2010) e-mail: [email protected] ​ Personal Statement ⚬ Strong IT skills (16+ years of versatile experience) ⚬ Background in physics research ⚬ Work effectively both as team member and leader ⚬ Enthusiastic and committed ⚬ Spoken languages: Russian (native), English (fluent), Danish (Prøve i Dansk 3 / level B2) ​ ​ ​ ​ Education 2006–2008: Master’s degree (with distinction) in applied physics. ​ 2002–2006: Bachelor’s degree (with distinction) in applied physics. Under- to postgraduate student at St. Petersburg State Polytechnical University, Faculty of Physics and Technology, Dept. of Cosmic Physics. The thesis “Search for possible space-time variations of the fine-structure constant and isotopic shifts” (a supervisor Prof. ​ M.G. Kozlov). ​ 1992-2002: School education in St. Petersburg, Russia and Belfast, UK (in 1993). Professional Career 2015 – Feb 2021: Software developer in the QuantBio research group at the University of ​ ​ ​ ​ Southern Denmark (SDU), Institute of Physics, Chemistry and Pharmacy (HPC section). I am the principal developer of VIKING, a service providing a web interface for configuring ​ ​ ​ and running scientific computational tasks on supercomputers. I designed the software architecture, developed the system core and coordinated the work of several developers. 2014 – 2015: Lead programmer (Perl) at Internet Projects LLC, russian informational portals subscribe.ru and sendsay.ru (St. Petersburg, Russia). ​ ​ ​ Worked with a team of developers on projects targeted at developing an API for news aggregation and content processing services. This involved integration with various online platforms (Facebook, Twitter, Vkontakte, LiveJournal, Google Analytics), web scraping and designing instruments for user publications at the portals and beyond.
    [Show full text]
  • Using Fastcgi with Apache HTTP Server 2.4
    Using FastCGI with Apache HTTP Server 2.4 Jeff Trawick The world of FastCGI Using FastCGI with Apache HTTP Server 2.4 FastCGI with Apache httpd 2.4 Jeff Trawick Choosing mod fcgid http://emptyhammock.com/ mod proxy fcgi [email protected] mod authnz fcgi Other tools April 8, 2014 PHP Applications and FastCGI Future 1/97 Revisions Using FastCGI with Apache HTTP Server 2.4 Jeff Trawick The world of FastCGI 2014-04-10 FastCGI with Apache httpd Add Require expr ... to /www/tools/ 2.4 configuration in More classic CGI configuration Choosing slide to resolve a potential security hole. Thank mod fcgid mod proxy fcgi you Eric Covener! mod authnz fcgi Other tools PHP Applications and FastCGI Future 2/97 Get these slides... Using FastCGI with Apache HTTP Server 2.4 Jeff Trawick The world of FastCGI FastCGI with Apache httpd 2.4 http://emptyhammock.com/projects/info/slides.html Choosing mod fcgid mod proxy fcgi mod authnz fcgi Other tools PHP Applications and FastCGI Future 3/97 Table of Contents Using FastCGI with Apache HTTP Server 1 The world of FastCGI 2.4 Jeff Trawick 2 FastCGI with Apache httpd 2.4 The world of FastCGI 3 Choosing FastCGI with Apache httpd 4 mod fcgid 2.4 Choosing 5 mod proxy fcgi mod fcgid mod proxy fcgi 6 mod authnz fcgi mod authnz fcgi Other tools 7 Other tools PHP Applications 8 PHP Applications and FastCGI and FastCGI Future 9 Future 4/97 Introduction | Who am I? Using FastCGI with Apache HTTP Server 2.4 I've worked at Jeff Trawick several large corporations, for over two decades The world of FastCGI my own one-person company, Emptyhammock, for the FastCGI with last two years Apache httpd 2.4 I've worked on Choosing several products which were primarily based on or mod fcgid otherwise included Apache HTTP Server mod proxy fcgi lower-level networking products mod authnz fcgi web applications Other tools PHP I've developed or maintained some of the FastCGI Applications and FastCGI support in the Apache HTTP Server project.
    [Show full text]
  • NGINX Modules Reference
    Nginx, Inc. NGINX Plus Reference Guide NGINX Plus - release 11, based on 1.11.5 core October 19, 2016 Copyright Notice © 2012-2016 Nginx, Inc. All rights reserved. NGINX, NGINX Plus and any Nginx, Inc. product or service name or logo used herein are trademarks of Nginx, Inc. All other trademarks used herein belong to their respective owners. The trademarks and logos displayed herein may not be used without the prior written consent of Nginx, Inc. or their respective owners. This documentation is provided \AS IS" and is subject to change without notice and should not be interpreted as a commitment by Nginx, Inc. This documentation may not be copied, modified or distributed without authorization of Nginx, Inc. and may be used only in connection with Nginx, Inc. products and services. Nginx, Inc. assumes no responsibility or liability for any errors or inaccuracies that may appear in this documentation. 1 Preface About NGINX NGINX® (\engine x") is a high performance, high concurrency web server excelling at large scale content delivery, web acceleration and protecting application containers. Its precise integration with modern operating systems allows unprecedented levels of efficiency even when running on commodity hardware. Nginx, Inc. develops and maintains NGINX open source distribution, and offers commercial support and professional services for NGINX. About NGINX Plus • Offers additional features on top of the free open source NGINX version. • Prepared, tested and supported by NGINX core engineering team led by the original author Igor Sysoev. For more information • Find more details about NGINX products and support at https://www.nginx.com/. • For online NGINX documentation visit http://nginx.org/en/docs.
    [Show full text]
  • Server Side Java with Apache/Ix Page 1 of 3
    Server side Java with Apache/iX Page 1 of 3 Jazz home > Papers & Training Server side Java with » Return to original page Apache/iX (please notice that I am only tasting software, not testing it ;-) When I recently played with a trial version of Java Web Server from Sun (on MPE/iX, of course), I learned a little bit about the concept of Servlets for implementing server side functionality in Java. I found the servlet technology and associated API quite interesting, not just because of its underlying concept and architecture, but also because it allowed me -still a Java beginner- to implement a few examples of using server side Java to generate dynamic web pages with amazingly small effort. So I thought, I'd write up this little piece to share some of the experiences with you. Last, but not least, because it also can be used with Apache/iX - but we'll cover that later. What the h*** is a servlet? A servlet is basically a user-supplied extension of the web server's default functionality. Like an Applet is a piece of Java bytecode that is executed inside the web browser to implement some functionality on the client side, a Servlet is a piece of Java bytecode that is executed inside the web server to implement some functionality on the server side. In typical cases it would be used to generate web pages with dynamic content on-the-fly or provide some web interface to a server side application. The servlet technology is just another means to avoid the classic CGI child process implementation and its associated overhead for short-lived process creation as well as hassle with state management to make a sequence of inherently independent http requests form some kind of logical transaction from the user perspective.
    [Show full text]
  • Dynamic Web Content Technologies
    Dynamic web content technologies CSCI 470: Web Science • Keith Vertanen Overview • Dynamic content – What it is – Sources of input • CGI (Common Gateway Interface) – FastCGI • Server-side scripng – PHP, ASP, JSP • Web server modules • Custom web server 2 Stac vs. dynamic • Stac content – Images and pages don't change • Always the same, liKe a file server – Fast to deliver, easy to cache • Dynamic content – Same URL results in different delivered HTML • e.g. different preference on # of products to display – May change as user interac?on progresses • e.g. adding items to a shopping cart – Need something besides just HTTP and HTML • HTTP is stateless • HTML is not programmable (e.g. condi?onal, loops) 3 Input to dynamic pages • Form fields – <INPUT> tags inside the <FORM> tag – URL encoding (percent-encoded) • if GET: in the URL, if POST: in the HTTP payload • Unreserved characters: – ABCDEFGHIJKLMNOPQRSTUVWXYZ abcdefghijKlmnopqrstuvwxyz0123456789-_.~ • Reserved characters: – !*'();:@&=$,/?#[] – Converted to %XX, where XX is ASCII in hexadecimal – %20 = space (also +), %21 = !, %23 = #, %25 = %, … • Most languages have URL encode/decode func?ons 4 Input to dynamic pages • Cookies – Differen?ate clients hing same page • Other input sources: – User agent (browser) – HTTP referer • Misspelled since original RFC 1945 • The page you came from to get to this one – Client's IP address – Time of day – … 5 CGI • CGI (Common Gateway Interface) – In use since 1993 – Requests a URL in a special locaon/file extension • e.g. h~p://www.blah.com/cgi-bin/looKup
    [Show full text]
  • Fastcgi 1 Fastcgi
    FastCGI 1 FastCGI FastCGI es un protocolo para interconectar programas interactivos con un servidor web. FastCGI es una variación de la ya conocida Common Gateway Interface (CGI ó Interfaz Común de Entrada). El principal objetivo de FastCGI es reducir la carga asociada con el hecho de interconectar el servidor web y los programas Common Gateway Interface, permitiéndole a un servidor atender más peticiones a la vez. Ventajas • Independencia del lenguaje utilizado. Libertad de elección de la plataforma de desarrollo: C++, PHP, Perl, Java, entre otros. • Se utiliza un proceso separado. Libertad de elección del servidor web. Facilidad para el tratamiento de errores y depuración. • Es posible la ejecución en host separado. Mayor libertad para configuración del sistema, tanto en el diseño de la red como en la elección de los sistemas operativos. Disminución de la carga de trabajo del servidor principal. En resumen, la libertad de diseño de CGI a la velocidad de un módulo del servidor.. Historia CGI es un protocolo para interconectar aplicaciones externas con servidores web. Las aplicaciones CGI corren en un proceso separado que es creado al inicio de cada petición y es finalizado cuando termina su trabajo. Este modelo de "un nuevo proceso por cada petición" hace que los programas CGI sean muy fáciles de implementar, pero limita la eficiencia y la escalabilidad. En altas cargas, la sobrecarga en el sistema operativo por la creación y destrucción de procesos se torna significativa y limita la escalabilidad. Además, el modelo de procesos CGI limita las técnicas de reutilización de recursos (como ser la reutilización de conexiones a base de datos, caché en memoria, etc).
    [Show full text]
  • C Server Pages: an Architecture for Dynamic Web Content Generation
    C Server Pages: An Architecture for Dynamic Web Content Generation John Millaway Phillip Conrad Dept. of Computer and Information Sciences Dept. of Computer and Information Sciences Temple University Temple University 1805 N. Broad St. 1805 N. Broad St. Philadelphia, PA 19122 Philadelphia, PA 19122 [email protected] [email protected] ABSTRACT curs heavyweight process creation overhead. Approaches that in- This paper introduces C Server Pages (CSP), a highly efficient ar- volve simple template substitution by the web server itself based on chitecture for the creation and implementation of dynamic web so called server-side includes (SSIs) are lightweight, but not very pages. The CSP scripting language allows dynamic web contents to powerful. Application servers such as ColdFusion [3] introduce a be expressed using a combination of C code and HTML. A novel heavyweight run time layer. Interpreted languages such as Java, feature of CSP is that the C portions of the CSP source file are PHP, and Perl are typically slower than compiled languages such compiled into dynamic load libraries that become part of the run- as C. New languages specifically designed for the generation of ning web server, thus avoiding both the overhead of interpreted lan- server side content present an additional learning curve for already guages such as Perl, Java and PHP, as well as the need to create a overburdened developers [8]. separate process. We present an overview of the architecture and This paper introduces an alternative architecture called C Server implementation, and provide results of performance benchmarks Pages (CSP), based on combining languages familiar to many de- showing that CSP outperforms similar mainstream technologies, velopers: HTML, and C.
    [Show full text]
  • Storefront 1903
    StoreFront 1903 Citrix Product Documentation | docs.citrix.com June 10, 2019 StoreFront 1903 Contents StoreFront 1903 3 What’s new 4 Fixed issues 5 Known issues 7 Third party notices 7 System requirements 7 Plan your StoreFront deployment 15 User access options 20 User authentication 29 Optimize the user experience 41 StoreFront high availability and multi-site configuration 46 Install, set up, upgrade, and uninstall 50 Create a new deployment 62 Join an existing server group 68 Reset a server to factory defaults 69 Migrate Web Interface features to StoreFront 71 Configure server groups 77 Configure authentication and delegation 80 Configure the authentication service 81 XML service-based authentication 89 Configure Kerberos constrained delegation for XenApp 6.5 89 Configure smart card authentication 93 Configure the password expiry notification period 98 © 1999-2019 Citrix Systems, Inc. All rights reserved. 2 StoreFront 1903 Configure and manage stores 99 Create or remove a store 100 Create an unauthenticated store 106 Export store provisioning files for users 108 Advertise and hide stores to users 109 Manage the resources made available in stores 110 Manage remote access to stores through Citrix Gateway 111 Configure two StoreFront stores to share a common subscription datastore 114 Manage subscription data for a store 116 Advanced store settings 122 Manage a Citrix Receiver for Web site 127 Create a Citrix Receiver for Web site 128 Configure Citrix Receiver for Web sites 129 Support for the unified user experience 135 Create and manage
    [Show full text]
  • Server Side Programming
    SAN DIEGO COMMUNITY COLLEGE DISTRICT CONTINUING EDUCATION COURSE OUTLINE SECTION I SUBJECT AREA AND COURSE NUMBER COMP 623 COURSE TITLE SERVER SIDE PROGRAMMING TYPE COURSE NON-FEE VOCATIONAL CATALOG COURSE DESCRIPTION In this course students will learn how to deliver dynamic content on Web sites. This course covers Server Side programming, (such as ASP.NET, CGI, Java VM, MySQL, and Fast CGI). Students will also learn about extending Web server software through configuring and scripting. (FT) LECTURE/LABORATORY HOURS 250 ADVISORY NONE RECOMMENDED SKILL LEVEL Possess a 10th grade reading level; ability to communicate effectively in the English language; knowledge of math concepts at the 8th grade level; ability to use a mouse, menus, open and close windows and save files within the Macintosh or Windows operating system; and ability to use an internet browser. INSTITUTIONAL STUDENT LEARNING OUTCOMES 1. Social Responsibility SDCE students demonstrate interpersonal skills by learning and working cooperatively in a diverse environment. 2. Effective Communication SDCE students demonstrate effective communication skills. CEISO 02/07; Revised 12/18/13 SERVER SIDE PROGRAMMING PAGE 2 INSTITUTIONAL STUDENT LEARNING OUTCOMES (CONTINUED) 3. Critical Thinking SDCE students critically process information, make decisions, and solve problems independently or cooperatively. 4. Personal and Professional Development SDCE students pursue short term and life-long learning goals, mastering necessary skills and using resource management and self advocacy skills to cope with changing situations in their lives. COURSE GOALS To provide instruction in how dynamic content is delivered on the Web. Students will learn about Server-Side includes, the Common Gateway Interface (CGI), and about writing and debugging CGI scripts.
    [Show full text]
  • Metaprogramming for the Web? (Newbie Intro to OSIS2016 “State of the Art Web Technologies” Workshop)
    metaprogramming for the Web? (newbie intro to OSIS2016 “state of the art web technologies” workshop) Basile STARYNKEVITCH gcc-melt.org and starynkevitch.net/Basile/ [email protected] or [email protected] CEA, LIST (Software Reliability Lab.), Palaiseau, France [within Université Paris Saclay] June 28th, 2016, Open Source Innovation Spring, Jussieu, Paris, France Basile Starynkevitch metaprogramming for the Web? June 28th, 2016 (OSIS2016) ? 1 / 18 Overview 1 Introduction 2 [Meta-] programming for the web 3 A few newbie technical questions Slides available at starynkevitch.net/Basile/starynkevitch-osis2016.pdf under (Creative Commons Attribution Share Alike 4.0 International license) LATEX/ Beamer source code on github.com/bstarynk/osis2016webtech/ All opinions are mine only Basile Starynkevitch metaprogramming for the Web? June 28th, 2016 (OSIS2016) ? 2 / 18 Introduction 1 Introduction 2 [Meta-] programming for the web 3 A few newbie technical questions Basile Starynkevitch metaprogramming for the Web? June 28th, 2016 (OSIS2016) ? 3 / 18 Introduction Introduction (audience) Expected audience (OSIS2016) : developers curious of Web technologies web developers curious on non-mainstream Web technologies free-software friendly and knowledgable Basile Starynkevitch metaprogramming for the Web? June 28th, 2016 (OSIS2016) ? 4 / 18 Introduction Why am I (Basile) interested by web technologies? I am a compiler & static source code analysis guy (gcc-melt.org), very far from the Web! Web technologies are about half of IT economy static
    [Show full text]
  • A Comparison of Portable Dynamic Web Content Technologies for the Apache Server
    A Comparison of Portable Dynamic Web Content Technologies for the Apache Server December 16, 2012 1 Introduction Dynamic web content typically entails user input on a web page processed by the server to affect the generation of a corresponding new page. In most applications the server- side processing is the key to the whole process. The web server is responsible for handling user input, start a program that processes it (or just pass it to an already running program), get the results and send them back to the user. The processing program often communicates with a database to find stored information and keeps session data to remember the user’s previous state. To achieve the above, there are a number of different approaches: • Per-request execution: Every time dynamic content is needed, start a new program to process the request. • A pool of the requested processes or threads is already running. Each new request is handled by a separate process or thread. • Templating: We have already designed the page. Its request-specific contents are added and it is sent back to the user. • Web server extensions: The web server itself is extended through proprietary APIs to handle dynamic content. The third approach implies that the previous two produce themselves the HTML code for every request. Also, the third technique requires the presence of either the second (usually) or the first (seldom). The technologies that work for today’s web sites, according to the previous classifi- cation, are the following: • Per-request execution: Common Gateway Interface (CGI). • Fast CGI, Java Servlets.
    [Show full text]