Tag: apache
-
New Apache InLong Vulnerability (CVE-2025-27522) Exposes Systems to Remote Code Execution Risks
A newly disclosed vulnerability, tracked as CVE-2025-27522, has been discovered in Apache InLong, a widely used real-time data streaming platform. The Apache InLong vulnerability introduces the potential for remote code execution (RCE). First seen on thecyberexpress.com Jump to article: thecyberexpress.com/apache-inlong-cve-2025-27522/
-
Apache Tomcat CGI Servlet Flaw Enables Security Constraint Bypass
A newly disclosed vulnerability, CVE-2025-46701, has been identified in Apache Tomcat’s CGI servlet, allowing attackers to bypass security constraints under specific conditions. The flaw, announced on May 29, 2025, is rooted in the improper handling of case sensitivity within the pathInfo component of URLs mapped to the CGI servlet. When Tomcat is deployed on a…
-
Apache InLong JDBC Vulnerability Enables Deserialization of Untrusted Data
A moderate-severity vulnerability, tracked as CVE-2025-27522, has been disclosed in Apache InLong, a popular data integration platform. The flaw, affecting versions 1.13.0 through 2.1.0, centers on the deserialization of untrusted data during JDBC (Java Database Connectivity) verification processing. This vulnerability is classified as a secondary mining bypass for the previously reported CVE-2024-26579, indicating that earlier…
-
Apache Tomcat RCE Vulnerability Exposed with PoC Released
Tags: apache, container, control, cve, cyber, data-breach, flaw, malicious, open-source, rce, remote-code-execution, vulnerabilityA critical security vulnerability, tracked as CVE-2025-24813, has been discovered in Apache Tomcat, a widely used open-source Java servlet container and web server. This flaw, stemming from improper handling of file paths, particularly those containing internal dots (e.g., file.Name)”, can allow attackers to bypass security controls, leading to remote code execution (RCE), information disclosure, and…
-
Apache ActiveMQ Vulnerability Allows Attackers to Induce DoS Condition
Tags: apache, attack, cyber, dos, flaw, malicious, mitigation, open-source, service, software, vulnerabilityCritical vulnerability in Apache ActiveMQ (CVE-2024-XXXX) exposes brokers to denial-of-service (DoS) attacks by allowing malicious actors to exhaust system memory through specially crafted OpenWire commands. The flaw, tracked as AMQ-6596, affects multiple legacy versions of the widely used open-source messaging platform and has prompted urgent mitigation directives from the Apache Software Foundation. The vulnerability stems…
-
F5 labs releases PoC for Apache Parquet flaw
First seen on scworld.com Jump to article: www.scworld.com/brief/f5-labs-releases-poc-for-apache-parquet-flaw
-
Misconfigured Apache Pinot instances under attack
First seen on scworld.com Jump to article: www.scworld.com/brief/misconfigured-apache-pinot-instances-under-attack
-
Apache Parquet exploit tool detect servers vulnerable to critical flaw
A proof-of-concept exploit has been publicly released for a maximum severity Apache Parquet vulnerability, tracked as CVE-2025-30065, making it easy to find vulnerable servers. First seen on bleepingcomputer.com Jump to article: www.bleepingcomputer.com/news/security/apache-parquet-exploit-tool-detect-servers-vulnerable-to-critical-flaw/
-
Microsoft Alerts That Default Helm Charts May Expose Kubernetes Apps to Data Leaks
Microsoft’s cybersecurity research team has issued a stark warning about the risks of using default Helm charts and Kubernetes deployment templates, revealing that popular cloud-native applications like Apache Pinot, Meshery, and Selenium Grid are being deployed with critical security gaps. These misconfigurations-often prioritizing convenience over protection-allow attackers to hijack databases, execute arbitrary code, and gain…
-
Apache Parquet Java Vulnerability CVE-2025-46762 Exposes Systems to Remote Code Execution Attacks
A vulnerability has been identified in Apache Parquet Java, which could leave systems exposed to remote code execution (RCE) attacks. Apache Parquet contributor Gang Wu discovered, this flaw, tracked as CVE-2025-46762, in the parquet-avro module and publicly disclosed it on May 2. First seen on thecyberexpress.com Jump to article: thecyberexpress.com/apache-parquet-java-flaw-cve-2025-46762/
-
Apache Parquet Java Vulnerability Enables Remote Code Execution
A high-severity vulnerability (CVE-2025-46762) has been discovered in Apache Parquet Java, exposing systems using the parquet-avro module to remote code execution (RCE) attacks. The flaw, disclosed by Apache Parquet contributor Gang Wu on May 2, 2025, impacts versions up to and including 1.15.1. Technical Breakdown of the Vulnerability The vulnerability stems from insecure schema parsing…
-
U.S. CISA adds SonicWall SMA100 and Apache HTTP Server flaws to its Known Exploited Vulnerabilities catalog
U.S. Cybersecurity and Infrastructure Security Agency (CISA) adds SonicWall SMA100 and Apache HTTP Server flaws to its Known Exploited Vulnerabilities catalog. The U.S. Cybersecurity and Infrastructure Security Agency (CISA) added Qualitia Active! Mail, Broadcom Brocade Fabric OS, and Commvault Web Server flaws to its Known Exploited Vulnerabilities (KEV) catalog. Below are the descriptions for these flaws:…
-
CISA Issues Alert on Actively Exploited Apache HTTP Server Escape Vulnerability
The Cybersecurity and Infrastructure Security Agency (CISA) has issued an urgent alert regarding a newly discovered and actively exploited vulnerability in the widely used Apache HTTP Server. The flaw, catalogued as CVE-2024-38475, affects the server’s mod_rewrite module and poses significant risks to organizations worldwide. Details of the Vulnerability CVE-2024-38475 is classified as an >>improper escaping…
-
Apache ActiveMQ Vulnerability Lets Remote Hackers Execute Arbitrary Code
A high vulnerability in Apache ActiveMQ’s .NET Message Service (NMS) library has been uncovered, enabling remote attackers to execute arbitrary code on unpatched systems. Tracked as CVE-2025-29953, this flaw carries a high CVSS score of 8.1 and impacts all versions of ActiveMQ before the latest security update. Vulnerability Overview The flaw resides in theBodyaccessor method of…
-
Max Severity Bug in Apache Roller Enabled Persistent Access
The remediated flaw gave adversaries a way to maintain access to the app through password resets. First seen on darkreading.com Jump to article: www.darkreading.com/vulnerabilities-threats/max-severity-bug-apache-roller-persistent-access
-
Apache Parquet Critical RCE via Deserialization (CVE-2025-30065)
Summary On April 5, 2025, a critical deserialization vulnerability (CVE-2025-30065) affecting Apache Parquet was disclosed. Apache Parquet is an open source, column-oriented data file format First seen on research.kudelskisecurity.com Jump to article: research.kudelskisecurity.com/2025/04/08/apache-parquet-critical-rce-via-deserialization-cve-2025-30065/
-
U.S. CISA adds Ivanti Connect Secure, Policy Secure and ZTA Gateways flaw to its Known Exploited Vulnerabilities catalog
U.S. Cybersecurity and Infrastructure Security Agency (CISA) adds Ivanti Connect Secure, Policy Secure and ZTA Gateways flaw to its Known Exploited Vulnerabilities catalog. The U.S. Cybersecurity and Infrastructure Security Agency (CISA) added an Apache Tomcat path equivalence vulnerability, tracked as CVE-2025-22457, to its Known Exploited Vulnerabilities (KEV) catalog. The vulnerability CVE-2025-22457 is a stack-based buffer overflow…
-
Significant big data environment risk likely with maximum severity Apache Parquet bug
First seen on scworld.com Jump to article: www.scworld.com/brief/significant-big-data-environment-risk-likely-with-maximum-severity-apache-parquet-bug
-
RCE Vulnerability in Apache Parquet Poses Risk to Big Data Systems
First seen on scworld.com Jump to article: www.scworld.com/brief/rce-vulnerability-in-apache-parquet-poses-risk-to-big-data-systems
-
Big hole in big data: Critical deserialization bug in Apache Parquet allows RCE
No known exploits yet: Neither Endor Labs nor NIST’s NVD entry reported any exploit attempts using CVE-2025-30065 as of publication of this article. Apache silently pushed a fix with the release of 1.15.1 on March 16, 2025, with a GitHub redirect to changes made in the update.Endor Labs advised prompt patching of the vulnerability, which…
-
Critical Apache Parquet Vulnerability Leads to Remote Code Execution
A critical vulnerability in Apache Parquet can be exploited to execute arbitrary code remotely, leading to complete system compromise. The post Critical Apache Parquet Vulnerability Leads to Remote Code Execution appeared first on SecurityWeek. First seen on securityweek.com Jump to article: www.securityweek.com/critical-apache-parquet-vulnerability-leads-to-remote-code-execution/
-
Critical flaw in Apache Parquet’s Java Library allows remote code execution
Experts warn of a critical vulnerability impacting Apache Parquet’s Java Library that could allow remote code execution. Apache Parquet’s Java Library is a software library for reading and writing Parquet files in the Java programming language. Parquet is a columnar storage file format that is optimized for use with large-scale data processing frameworks, such as…
-
Critical Apache Parquet Vulnerability Allows Remote Code Execution
A severe vulnerability has been identified in the Apache Parquet Java library, specifically within itsparquet-avromodule. This flaw, tracked as CVE-2025-30065, exposes systems to potential Remote Code Execution (RCE) attacks. It has been ratedCriticalwith a CVSS score of 10.0, indicating the highest level of severity. The root cause is categorized asDeserialization of Untrusted Data (CWE-502). The vulnerability impacts systems…
-
Critical Flaw in Apache Parquet Allows Remote Attackers to Execute Arbitrary Code
A maximum severity security vulnerability has been disclosed in Apache Parquet’s Java Library that, if successfully exploited, could allow a remote attacker to execute arbitrary code on susceptible instances.Apache Parquet is a free and open-source columnar data file format that’s designed for efficient data processing and retrieval, providing support for complex data, high-performance First seen…
-
Apache Traffic Server Flaw Allows Request Smuggling Attacks
A critical vulnerability has been discovered in Apache Traffic Server (ATS), an open-source caching proxy server. Identified as CVE-2024-53868, this flaw enables attackers to exploit request smuggling via malformed chunked messages. Users of Apache Traffic Server are urged to upgrade to secure versions of the software immediately to mitigate potential risks. CVE-2024-53868 Details The vulnerability was…
-
Max severity RCE flaw discovered in widely used Apache Parquet
A maximum severity remote code execution (RCE) vulnerability has been discovered impacting all versions of Apache Parquet up to and including 1.15.0. First seen on bleepingcomputer.com Jump to article: www.bleepingcomputer.com/news/security/max-severity-rce-flaw-discovered-in-widely-used-apache-parquet/
-
Hackers Exploit Apache Tomcat Flaw to Hijack Servers and Steal SSH Credentials
Tags: apache, attack, botnet, credentials, cyber, data-breach, exploit, flaw, hacker, linux, vulnerability, windowsA newly discovered attack campaign has exposed vulnerabilities in Apache Tomcat servers, allowing hackers to hijack resources and steal SSH credentials. Researchers from Aqua Nautilus revealed that these attacks, which weaponized botnets within 30 hours of discovery, employ encrypted payloads and advanced persistence mechanisms to infiltrate systems running both Windows and Linux platforms. The attackers…