Apache selective HttpOnly

You can test it with regex101 In case you need to append the HttpOnly flag to all except some cookie, you can use a code like this in Apache conf: Header edit Set-Cookie “(?i)^((?:(?!(YOUR-TOKEN))(?!;\s?HttpOnly).)+)$” “$1; HttpOnly” in this way at YOUR-TOKEN the HttpOnly flag is not attached.  

DirtyCow – CVE-2016-5195

DirtyCow Local Privilege Escalation Test with RH Detection Script : [root@condor ~]# bash rh_cve_20165195.sh Your kernel is 3.10.0-327.36.1.el7.x86_64 which IS vulnerable. Red Hat recommends that you update your kernel. Alternatively, you can apply partial mitigation described at https://access.redhat.com/security/vulnerabilities/2706661 . [root@condor ~]# Exploit code Sample test on a Centos [root@condor ~]# cat /etc/redhat-release CentOS Linux release Read More …