Tag: apache
-
Apache Tomcat Flaw Could Allow RCE Attacks on Servers
Tags: apache, attack, cyber, flaw, open-source, rce, remote-code-execution, risk, software, vulnerabilityApache Tomcat, a widely used open-source web server software, has faced numerous security vulnerabilities in recent years. Some critical issues put servers at risk of remote code execution (RCE) and other attacks. These vulnerabilities highlight the importance of keeping software up-to-date and properly configured to prevent potential exploits. Detailed Vulnerabilities: Below is a formatted table…
-
Experts warn of mass exploitation of critical PHP flaw CVE-2024-4577
Threat actors exploit PHP flaw CVE-2024-4577 for remote code execution. Over 1,000 attacks detected globally. GreyNoise researchers warn of a large-scale exploitation of a critical vulnerability, tracked as CVE-2024-4577 (CVSS 9.8), in PHP. An attacker could exploit the vulnerability to achieve remote code execution on vulnerable servers using Apache and PHP-CGI. The flawCVE-2024-4577(CVSS score: 9.8)is…
-
New Apache Traffic Server Flaws Allow Malformed Request Exploits
The Apache Software Foundation has disclosed several vulnerabilities affecting its Traffic Server software. These vulnerabilities allow malicious actors to exploit malformed requests and access control list (ACL) issues, posing serious security risks to users. The vulnerabilities, identified by CVE numbersCVE-2024-38311,CVE-2024-56195,CVE-2024-56196, andCVE-2024-56202, havebeen reported byvarious researchers and affect multiple versions of the Apache Traffic Server. Description…
-
Threat Actors Exploit PHP-CGI RCE Vulnerability to Attack Windows Machines
Tags: apache, attack, cve, cyber, cybersecurity, exploit, rce, remote-code-execution, threat, vulnerability, windowsA recent cybersecurity threat has emerged where unknown attackers are exploiting a critical remote code execution (RCE) vulnerability in PHP-CGI on Windows systems. This vulnerability, identified as CVE-2024-4577, allows attackers to execute arbitrary PHP code on servers using Apache with a vulnerable PHP-CGI setup. The attackers are primarily targeting organizations in Japan across various sectors,…
-
Chainguard “FIPS” Apache Cassandra
Chainguard modified Cassandra so organizations needing FIPS-approved encryption can finally use it”, without risky workarounds or costly custom fixes. Apache Cassandr ia a powerful open-source database used by companies worldwide, but it wasn’t built with FIPS compliance in mind. Why Is This a Big Deal? Cassandra powers mission-critical systems for Netflix, Apple, and even the…
-
Critical Flaw in Apache Ignite (CVE-2024-52577) Allows Attackers to Execute Code Remotely
A severe security vulnerability (CVE-2024-52577) in Apache Ignite, the open-source distributed database and computing platform, has been disclosed. The flaw enables remote attackers to execute arbitrary code on vulnerable servers by exploiting insecure deserialization mechanisms in specific configurations. First reported on February 14, 2025, this issue impacts all Apache Ignite versions from 2.6.0 up to…
-
Apache Fineract SQL Injection Vulnerability Allows Malicious Data Injection
The Apache Software Foundation has disclosed a critical SQL injection vulnerability in its widely utilized financial platform, Apache Fineract. The flaw, tracked as CVE-2024-32838, affects multiple API endpoints and poses a significant risk to applications built on this platform. This vulnerability allows authenticated attackers to inject malicious SQL data, potentially compromising sensitive information and the overall…
-
CISA warnt vor Angriffen auf Linux, Apache OFBiz, .NET und Paessler PRTG
DIe US-amerikanische Cybersicherheitsbehörde CISA warnt vor beobachteten Angriffen auf Lücken in Linux, Apache OFBiz, .NET und Paessler PRTG. First seen on heise.de Jump to article: www.heise.de/news/CISA-warnt-vor-Angriffen-auf-Linux-Apache-OFBiz-NET-und-Paessler-PRTG-10271835.html
-
CISA Adds Actively Exploited Apache and Microsoft Vulnerabilities to its Database
Tags: apache, cisa, cyber, cybersecurity, exploit, flaw, framework, infrastructure, kev, microsoft, network, software, vulnerabilityThe Cybersecurity and Infrastructure Security Agency (CISA) has updated its Known Exploited Vulnerabilities Catalog with several critical security flaws, prompting heightened vigilance among organizations using affected software platforms. Among these newly added vulnerabilities are severe flaws in Apache OFBiz, Microsoft .NET Framework, and Paessler PRTG Network Monitor. These vulnerabilities, if exploited, could enable attackers to…
-
Critical Apache Solr Vulnerability Grants Write Access to Attackers on Windows
A new security vulnerability has been uncovered in Apache Solr, affecting versions 6.6 through 9.7.0. The issue, classified as a Relative Path Traversal vulnerability, exposes Solr instances running on Windows to potential risks of arbitrary file path manipulation and write-access. Tracked as SOLR-17543, this vulnerability could permit attackers to exploit the >>configset upload
-
Apache Solr For Windows instances Vulnerability Allows Arbitrary Path Write-Access
A critical security vulnerability (CVE-2024-52012) affecting Apache Solr instances on Windows has been identified, allowing attackers to gain arbitrary file path write access using the >>configset upload
-
Python administrator moves to improve software security
The administrators of the Python Package Index (PyPI) have begun an effort to improve the hundreds of thousands of software packages that are listed. The attempt, which began earlier last year, is to identify and stop malware-laced packages from proliferating across the open-source community that contributes and consumes Python software. As previously reported, hijacking Python…
-
AWS declares it’s Iceberg all the way until customers say otherwise
Cloud giant explains its thinking behind support for Apache open table format First seen on theregister.com Jump to article: www.theregister.com/2025/01/20/aws_iceberg_support/
-
Apache CXF Vulnerability Triggers DoS Attack
Colm O hEigeartaigh announced a critical vulnerability affecting various versions of Apache CXF, a widely-used framework for building web services. This issue, documented as CVE-2025-23184, poses a significant risk as it can lead to a Denial of Service (DoS) attack due to improper handling of temporary files. The vulnerability has been confirmed in specific versions…
-
The biggest data breach fines, penalties, and settlements so far
Tags: access, apache, attack, breach, business, china, ciso, communications, compliance, control, credentials, credit-card, cyberattack, cybercrime, cybersecurity, data, data-breach, email, finance, flaw, framework, GDPR, google, hacker, Hardware, identity, Internet, law, leak, linkedin, microsoft, mobile, monitoring, network, office, phone, privacy, regulation, risk, service, software, technology, tool, training, update, vulnerabilitySizable fines assessed for data breaches in recent years suggest that regulators are getting more serious about cracking down on organizations that don’t properly protect consumer data.Hit with a $ 1.3 billion fine for unlawfully transferring personal data from the European Union to the US, Meta tops the list of recent big-ticket sanctions, with one…
-
Azure compromise possible with Apache Airflow vulnerabilities
First seen on scworld.com Jump to article: www.scworld.com/brief/azure-compromise-possible-with-apache-airflow-vulnerabilities
-
Misconfigured Kubernetes RBAC in Azure Airflow Could Expose Entire Cluster to Exploitation
Cybersecurity researchers have uncovered three security weaknesses in Microsoft’s Azure Data Factory Apache Airflow integration that, if successfully exploited, could have allowed an attacker to gain the ability to conduct various covert actions, including data exfiltration and malware deployment.”Exploiting these flaws could allow attackers to gain persistent access as shadow administrators First seen on thehackernews.com…
-
Critical Apache Vulnerabilities: Update Now to Avoid Major Risks
The Cyber Security Agency of Singapore has issued a warning about several critical vulnerabilities found in Apache software products. The Apache Software Foundation has rolled out security patches addressing these vulnerabilities, which could pose risks to users and organizations relying on these tools. Among the affected vulnerabilities are CVE-2024-43441, CVE-2024-45387, and CVE-2024-52046. First seen on…
-
Researchers warn of active exploitation of critical Apache Struts 2 flaw
Exploitation activity was observed about a week after the CVE was disclosed.; First seen on cybersecuritydive.com Jump to article: www.cybersecuritydive.com/news/active-exploitation-apache-struts-2-flaw/736199/
-
Apache MINA CVE-2024-52046: CVSS 10.0 Flaw Enables RCE via Unsafe Serialization
Tags: apache, cve, cvss, flaw, framework, network, rce, remote-code-execution, software, vulnerabilityThe Apache Software Foundation (ASF) has released patches to address a maximum severity vulnerability in the MINA Java network application framework that could result in remote code execution under specific conditions.Tracked as CVE-2024-52046, the vulnerability carries a CVSS score of 10.0. It affects versions 2.0.X, 2.1.X, and 2.2.X.”The ObjectSerializationDecoder in Apache MINA uses Java’s First…
-
Apache fixes Traffic Control bug that attackers could exploit
First seen on scworld.com Jump to article: www.scworld.com/news/apache-fixes-traffic-control-bug-that-attackers-could-exploit
-
Breach Roundup: Cyberattack Disrupts Japan Airlines
Also, US Court Rules NSO Group Violated Hacking Laws With Pegasus Spyware. This week, cyberattack disrupts Japan Airlines, U.S. court rules NSO Group violated hacking laws, the European Space Agency’s web store hacked, FTC orders Marriott to overhaul data security, Sophos patches critical firewall flaws and Apache fixes critical SQL injection in Traffic Control. First…
-
Apache warns of critical flaws in MINA, HugeGraph, Traffic Control
The Apache Software Foundation has released security updates to address three severe problems that affect MINA, HugeGraph-Server, and Traffic Control products. First seen on bleepingcomputer.com Jump to article: www.bleepingcomputer.com/news/security/apache-warns-of-critical-flaws-in-mina-hugegraph-traffic-control/
-
Apache fixed a critical SQL Injection in Apache Traffic Control
Apache Software Foundation (ASF) addressed a critical SQL Injection vulnerability, tracked as CVE-2024-45387, in Apache Traffic Control. The Apache Software Foundation (ASF) released security updates to address a critical security vulnerability, tracked as CVE-2024-45387 (CVSS score 9.9), in Traffic Control. Traffic Control allows operators to set up a Content Delivery Network to quickly and efficiently deliver content…
-
Apache Auth-Bypass Vulnerability Lets Attackers Gain Control Over HugeGraph-Server
The Apache Software Foundation has issued a security alert regarding a critical vulnerability in Apache HugeGraph-Server. The flaw, identified as CVE-2024-43441, could potentially allow authentication bypass due to an issue with assumed-immutable data in JWT tokens. The vulnerability impacts versions 1.0 to 1.3 of Apache HugeGraph-Server, prior to the release of version 1.5.0. Users running…
-
Critical SQL Injection Vulnerability in Apache Traffic Control Rated 9.9 CVSS, Patch Now
The Apache Software Foundation (ASF) has shipped security updates to address a critical security flaw in Traffic Control that, if successfully exploited, could allow an attacker to execute arbitrary Structured Query Language (SQL) commands in the database.The SQL injection vulnerability, tracked as CVE-2024-45387, is rated 9.9 out of 10.0 on the CVSS scoring system.”An SQL…
-
Apache Foundation fixed a severe Tomcat vulnerability
The Apache Software Foundation fixed a Tomcat server software flaw that could lead to remote code execution under certain conditions. The Apache Software Foundation (ASF) addressed an important vulnerability, tracked as CVE-2024-56337, in its Tomcat server software. The researchers warn that exploiting this vulnerability could result in remote code execution under certain conditions. Apache Tomcat…