Tag: apache
-
Max Severity Bug in Apache Roller Enabled Persistent Access
by
in SecurityNewsThe remediated flaw gave adversaries a way to maintain access to the app through password resets. First seen on darkreading.com Jump to article: www.darkreading.com/vulnerabilities-threats/max-severity-bug-apache-roller-persistent-access
-
Apache Parquet Critical RCE via Deserialization (CVE-2025-30065)
by
in SecurityNewsSummary On April 5, 2025, a critical deserialization vulnerability (CVE-2025-30065) affecting Apache Parquet was disclosed. Apache Parquet is an open source, column-oriented data file format First seen on research.kudelskisecurity.com Jump to article: research.kudelskisecurity.com/2025/04/08/apache-parquet-critical-rce-via-deserialization-cve-2025-30065/
-
U.S. CISA adds Ivanti Connect Secure, Policy Secure and ZTA Gateways flaw to its Known Exploited Vulnerabilities catalog
by
in SecurityNewsU.S. Cybersecurity and Infrastructure Security Agency (CISA) adds Ivanti Connect Secure, Policy Secure and ZTA Gateways flaw to its Known Exploited Vulnerabilities catalog. The U.S. Cybersecurity and Infrastructure Security Agency (CISA) added an Apache Tomcat path equivalence vulnerability, tracked as CVE-2025-22457, to its Known Exploited Vulnerabilities (KEV) catalog. The vulnerability CVE-2025-22457 is a stack-based buffer overflow…
-
Significant big data environment risk likely with maximum severity Apache Parquet bug
by
in SecurityNewsFirst seen on scworld.com Jump to article: www.scworld.com/brief/significant-big-data-environment-risk-likely-with-maximum-severity-apache-parquet-bug
-
RCE Vulnerability in Apache Parquet Poses Risk to Big Data Systems
by
in SecurityNewsFirst seen on scworld.com Jump to article: www.scworld.com/brief/rce-vulnerability-in-apache-parquet-poses-risk-to-big-data-systems
-
Big hole in big data: Critical deserialization bug in Apache Parquet allows RCE
by
in SecurityNewsNo known exploits yet: Neither Endor Labs nor NIST’s NVD entry reported any exploit attempts using CVE-2025-30065 as of publication of this article. Apache silently pushed a fix with the release of 1.15.1 on March 16, 2025, with a GitHub redirect to changes made in the update.Endor Labs advised prompt patching of the vulnerability, which…
-
Critical Apache Parquet Vulnerability Leads to Remote Code Execution
by
in SecurityNewsA critical vulnerability in Apache Parquet can be exploited to execute arbitrary code remotely, leading to complete system compromise. The post Critical Apache Parquet Vulnerability Leads to Remote Code Execution appeared first on SecurityWeek. First seen on securityweek.com Jump to article: www.securityweek.com/critical-apache-parquet-vulnerability-leads-to-remote-code-execution/
-
Critical flaw in Apache Parquet’s Java Library allows remote code execution
by
in SecurityNewsExperts warn of a critical vulnerability impacting Apache Parquet’s Java Library that could allow remote code execution. Apache Parquet’s Java Library is a software library for reading and writing Parquet files in the Java programming language. Parquet is a columnar storage file format that is optimized for use with large-scale data processing frameworks, such as…
-
Critical Apache Parquet Vulnerability Allows Remote Code Execution
by
in SecurityNewsA severe vulnerability has been identified in the Apache Parquet Java library, specifically within itsparquet-avromodule. This flaw, tracked as CVE-2025-30065, exposes systems to potential Remote Code Execution (RCE) attacks. It has been ratedCriticalwith a CVSS score of 10.0, indicating the highest level of severity. The root cause is categorized asDeserialization of Untrusted Data (CWE-502). The vulnerability impacts systems…
-
Apache Traffic Server Flaw Allows Request Smuggling Attacks
by
in SecurityNewsA critical vulnerability has been discovered in Apache Traffic Server (ATS), an open-source caching proxy server. Identified as CVE-2024-53868, this flaw enables attackers to exploit request smuggling via malformed chunked messages. Users of Apache Traffic Server are urged to upgrade to secure versions of the software immediately to mitigate potential risks. CVE-2024-53868 Details The vulnerability was…
-
Critical Flaw in Apache Parquet Allows Remote Attackers to Execute Arbitrary Code
by
in SecurityNewsA maximum severity security vulnerability has been disclosed in Apache Parquet’s Java Library that, if successfully exploited, could allow a remote attacker to execute arbitrary code on susceptible instances.Apache Parquet is a free and open-source columnar data file format that’s designed for efficient data processing and retrieval, providing support for complex data, high-performance First seen…
-
Max severity RCE flaw discovered in widely used Apache Parquet
by
in SecurityNewsA maximum severity remote code execution (RCE) vulnerability has been discovered impacting all versions of Apache Parquet up to and including 1.15.0. First seen on bleepingcomputer.com Jump to article: www.bleepingcomputer.com/news/security/max-severity-rce-flaw-discovered-in-widely-used-apache-parquet/
-
Hackers Exploit Apache Tomcat Flaw to Hijack Servers and Steal SSH Credentials
by
in SecurityNews
Tags: apache, attack, botnet, credentials, cyber, data-breach, exploit, flaw, hacker, linux, vulnerability, windowsA newly discovered attack campaign has exposed vulnerabilities in Apache Tomcat servers, allowing hackers to hijack resources and steal SSH credentials. Researchers from Aqua Nautilus revealed that these attacks, which weaponized botnets within 30 hours of discovery, employ encrypted payloads and advanced persistence mechanisms to infiltrate systems running both Windows and Linux platforms. The attackers…
-
U.S. CISA adds Apache Tomcat flaw to its Known Exploited Vulnerabilities catalog
by
in SecurityNewsU.S. Cybersecurity and Infrastructure Security Agency (CISA) adds Apache Tomcat flaw to its Known Exploited Vulnerabilities catalog. The U.S. Cybersecurity and Infrastructure Security Agency (CISA) added an Apache Tomcat path equivalence vulnerability, tracked as CVE-2025-24813, to its Known Exploited Vulnerabilities (KEV) catalog. The Apache Tomcat vulnerability CVE-2025-24813 was recently disclosed and is being actively exploited just 30…
-
CISA Alerts on Active Exploitation of Apache Tomcat Vulnerability
by
in SecurityNews
Tags: apache, cisa, cve, cyber, cybersecurity, exploit, flaw, infrastructure, open-source, risk, vulnerabilityThe Cybersecurity and Infrastructure Security Agency (CISA) has issued a high-priority alert regarding the active exploitation of CVE-2025-24813, a critical vulnerability within Apache Tomcat. This newly identified flaw poses a significant risk to organizations using affected versions of the popular open-source web server. CVE-2025-24813: Apache Tomcat Path Equivalence Vulnerability CVE-2025-24813, classified as a >>Path Equivalence…
-
Altgeräte bedrohen Sicherheit in Unternehmen
by
in SecurityNews
Tags: access, apache, authentication, botnet, bug, cisco, cloud, cve, cyberattack, dns, endpoint, firewall, Hardware, intelligence, Internet, ivanti, lazarus, linux, macOS, network, open-source, password, radius, ransomware, risk, router, sans, service, software, supply-chain, threat, update, vulnerabilitySchwachstellen in alten Netzwerkgeräten stellen ein erhebliches Sicherheitsrisiko für Unternehmen dar.Eine Analyse von Ciscos Threat-Intelligence-Team Talos zeigt, zwei der drei häufigsten Schwachstellen, auf die es Angreifer im Jahr 2024 abgesehen hatten, waren in alten Netzwerkgeräten zu finden. Das Problem ist, dass Hersteller dazu keine Patches mehr herausgeben.’Dies unterstreicht, wie wichtig es ist, veraltete Komponenten des…
-
Volume of attacks on network devices shows need to replace end of life devices quickly
by
in SecurityNews
Tags: access, apache, attack, authentication, best-practice, breach, cloud, control, credentials, cve, cyber, dns, endpoint, espionage, exploit, firewall, flaw, government, group, Hardware, infrastructure, injection, Internet, ivanti, lazarus, macOS, monitoring, network, north-korea, open-source, password, risk, router, russia, sans, service, software, threat, tool, update, vulnerabilityCVE-2023-1389, a vulnerability in TP-Link Archer AX21 router;CVE-2024-3400, a hole in Palo Alto Networks PAN-OS firewall operating system;CVE-2023-36845, a vulnerability in Juniper Networks Junos OS operating system;CVE-2021-44529, a vulnerability in Ivanti Endpoint Manager Cloud Service Appliance;CVE-2023-38035, a hole in Ivanti Sentry security gateway;CVE-2024-36401, a vulnerability in OSGeo GeoServer;CVE-2024-0012, a vulnerability in Palo Alto Neworks PAN-OS…
-
Apache Tomcat Vulnerability Exploited to Execute Malicious Arbitrary Code on Servers
by
in SecurityNewsA critical remote code execution (RCE) vulnerability, tracked as CVE-2025-24813, is being actively exploited in Apache Tomcat servers. Critical RCE Flaw in Apache Tomcat The flaw allows attackers to upload malicious files via unauthenticated HTTP PUT requests, followed by a GET request to trigger deserialization, leading to arbitrary code execution. Affected versions include Tomcat 9.0.0-M1…
-
Critical Apache Tomcat RCE vulnerability exploited
by
in SecurityNewsAttack attempts via;CVE-2025-24813 are underway, but successful attacks require specific, non-default configurations, according to GreyNoise. First seen on cybersecuritydive.com Jump to article: www.cybersecuritydive.com/news/threat-activity-targeting-critical-apache-tomcat-rce-vulnerability/743313/
-
Apache Tomcat – Kritische Sicherheitslücke 30 Stunden nach Bekanntwerden ausgenutzt
by
in SecurityNewsFirst seen on security-insider.de Jump to article: www.security-insider.de/apache-tomcat-schwachstelle-remote-code-ausfuehrung-a-8a07574bd2f519dca1b584a4b989aa3e/
-
CVE-2025-24813: Apache Tomcat Vulnerable to RCE Attacks
by
in SecurityNewsIntroductionCVE-2025-24813 was originally published on March 10 with a medium severity score of 5.5, and Apache Tomcat released an update to fix it. On March 12, the first attack was detected in Poland by Wallarm researchers, even before a Proof-of-Concept (PoC) was made public. After the PoC was released on March 13 on GitHub and…
-
Hackers Actively Exploit Apache Tomcat Servers via CVE-2025-24813 Patch Now
by
in SecurityNewsA concerning development has emerged with the active exploitation of Apache Tomcat servers through the recently disclosed vulnerability, CVE-2025-24813. This vulnerability allows attackers to potentially execute remote code (RCE) if successfully exploited. The cybersecurity firm GreyNoise has identified multiple IPs involved in these attacks across several regions, highlighting the urgency for organizations to update their…
-
Tomcat RCE Vulnerability Exploited in the Wild Mitigation Steps Outlined
by
in SecurityNews
Tags: apache, cve, cyber, cybersecurity, exploit, malicious, mitigation, rce, remote-code-execution, update, vulnerabilityA recent vulnerability in Apache Tomcat, identified as CVE-2025-24813, has sparked concerns among cybersecurity professionals due to its potential for exploitation in unauthenticated remote code execution (RCE), severe information leakage, and malicious content injection. This vulnerability was publicly disclosed on March 10, 2025, along with a patch, and has already seen initial exploit attempts by…
-
Stealthy Apache Tomcat Critical Exploit Bypasses Security Filters: Are You at Risk?
By simply sending HTTP requests, attackers can trigger the deserialisation of malicious data in Tomcat’s session storage and gain control. First seen on techrepublic.com Jump to article: www.techrepublic.com/article/news-apache-tomcat-vulnerability/
-
Apache Tomcat flaw actively exploited; could allow ‘devastating’ RCE
by
in SecurityNewsFirst seen on scworld.com Jump to article: www.scworld.com/news/apache-tomcat-flaw-actively-exploited-could-allow-devastating-rce
-
Tomcat PUT to active abuse as Apache deals with critical RCE flaw
by
in SecurityNews
Tags: apache, api, attack, authentication, backdoor, cve, cvss, data, encryption, exploit, flaw, malicious, rce, remote-code-execution, tactics, threat, update, vulnerability) exploit released for the flaw, CVE-2025-24813, just 30 hours after it was publicly disclosed.”A devastating new remote code execution (RCE) vulnerability is now actively exploited in the wild,” Wallarm said in a blog post. “Attackers need just one PUT API request to take over vulnerable Apache Tomcat servers.”PUT API requests are used to update…
-
CVE-2025-24813: Actively Exploited Apache Tomcat Vulnerability
by
in SecurityNewsA newly disclosed security flaw in Apache Tomcat is being actively exploited, following the release of a public proof-of-concept (PoC) just 30 hours after its disclosure. Affected Apache Tomcat Versions The vulnerability, tracked as CVE-2025-24813, impacts the following versions: Apache… First seen on sensorstechforum.com Jump to article: sensorstechforum.com/cve-2025-24813-actively-exploited-apache-tomcat-vulnerability/