Tag: apache
-
Apache Tomcat Vulnerability CVE-2024-56337 Exposes Servers to RCE Attacks
Tags: apache, attack, cve, flaw, mitigation, rce, remote-code-execution, software, update, vulnerabilityThe Apache Software Foundation (ASF) has released a security update to address an important vulnerability in its Tomcat server software that could result in remote code execution (RCE) under certain conditions.The vulnerability, tracked as CVE-2024-56337, has been described as an incomplete mitigation for CVE-2024-50379 (CVSS score: 9.8), another critical security flaw in the same product…
-
Apache fixes remote code execution bypass in Tomcat web server
Apache has released a security update that addresses an important vulnerability in Tomcat web server that could lead to an attacker achieving remote code execution. First seen on bleepingcomputer.com Jump to article: www.bleepingcomputer.com/news/security/apache-fixes-remote-code-execution-bypass-in-tomcat-web-server/
-
Orgs Scramble to Fix Actively Exploited Bug in Apache Struts 2
A newly discovered vulnerability, CVE-2024-53677, in the aging Apache framework is going to cause major headaches for IT teams, since patching isn’t enough to fix it. First seen on darkreading.com Jump to article: www.darkreading.com/application-security/actively-exploited-bug-struts-2
-
Breach Roundup: US Seeks Extradition of Alleged LockBit Coder
Also: Interpol Says ‘Pig Butchering’ Shames Victims, A Data Leak Scandal in Mexico. This week, U.S. asks Israel to extradite an alleged LockBit coder, don’t say pig butchering, and an Apache Struts flaw. A hunt for alleged data thieves in Mexico, Europe probes TikTok and Netfilix fined 4.75 million. A ransomware attack against Texas medical…
-
CVE-2024-50379: A Critical Race Condition in Apache Tomcat
An Apache Tomcat web server vulnerability has been published, exposing the platform to remote code execution through a race condition failure. First seen on securityboulevard.com Jump to article: securityboulevard.com/2024/12/cve-2024-50379-a-critical-race-condition-in-apache-tomcat/
-
Apache Tomcat Conditional Competition Code Execution Vulnerability (CVE-2024-50379)
Overview Recently, NSFOCUS CERT detected that Apache issued a security announcement, fixing the Apache Tomcat conditional competition code execution vulnerability (CVE-2024-50379). Due to the inconsistency between Windows file system and Tomcat in case-distinguishing processing of paths, when the write function of default servlet is enabled (set readonly=false and allow PUT method), unauthenticated attackers can construct…The…
-
Java-Webframework – Upload-Fehler wird zur kritischen Sicherheitslücke in Apache Struts
First seen on security-insider.de Jump to article: www.security-insider.de/-apache-struts-update-sicherheitsluecke-cyberangriffe-vermeidung-a-b065b1855e7fa826f76896bc115a878f/
-
Vulnerabilities in Azure Data Factory Open Door to Attacks
Azure Data Factory’s Apache Airflow Integration Flaw Can Expose Cloud Environments. Security researchers say now-resolved vulnerabilities in a Microsoft Azure integration with the Apache Airflow workflow management platform showcase growing sophistication of attackers. Palo Alto Unit 42 researchers said the flaws could allow hackers to deploy malware and steal data. First seen on govinfosecurity.com Jump…
-
Threat actors are attempting to exploit Apache Struts vulnerability CVE-2024-53677
Researchers warn that threat actors are attempting to exploit a recently disclosed Apache Struts vulnerability CVE-2024-53677. Researchers warn that threat actors are attempting to exploit the vulnerability CVE-2024-53677 (CVSS score of 9.5) in Apache Struts. A remote attacker could exploit this vulnerability to upload malicious files, potentially leading to arbitrary code execution. >>An attacker can…
-
Exploitation of Recent Critical Apache Struts 2 Flaw Begins
Researchers warn of malicious attacks exploiting a recently patched critical vulnerability in Apache Struts 2 leading to remote code execution (RCE). The post Exploitation of Recent Critical Apache Struts 2 Flaw Begins appeared first on SecurityWeek. First seen on securityweek.com Jump to article: www.securityweek.com/exploitation-of-recent-critical-apache-struts-2-flaw-begins/
-
Jetzt patchen! Angreifer nutzen kritische Sicherheitslücke in Apache Struts aus
Die Uploadfunktion von Apache Struts ist fehlerhaft und Angreifer können Schadcode hochladen. Sicherheitsforscher warnen vor Attacken. First seen on heise.de Jump to article: www.heise.de/news/Jetzt-patchen-Angreifer-nutzen-kritische-Sicherheitsluecke-in-Apache-Struts-aus-10212840.html
-
Patch Alert: Critical Apache Struts Flaw Found, Exploitation Attempts Detected
Threat actors are attempting to exploit a recently disclosed security flaw impacting Apache Struts that could pave the way for remote code execution.The issue, tracked as CVE-2024-53677, carries a CVSS score of 9.5 out of 10.0, indicating critical severity. The vulnerability shares similarities with another critical bug the project maintainers addressed in December 2023 (CVE-2023-50164,…
-
Critical security hole in Apache Struts under exploit
You applied the patch that could stop possible RCE attacks last week, right? First seen on theregister.com Jump to article: www.theregister.com/2024/12/17/critical_rce_apache_struts/
-
New critical Apache Struts flaw exploited to find vulnerable servers
A recently patched critical Apache Struts 2 vulnerability tracked as CVE-2024-53677 is actively exploited using public proof-of-concept exploits to find vulnerable devices. First seen on bleepingcomputer.com Jump to article: www.bleepingcomputer.com/news/security/new-critical-apache-struts-flaw-exploited-to-find-vulnerable-servers/
-
Azure Data Factory Bugs Expose Cloud Infrastructure
Three vulnerabilities in the service’s Apache Airflow integration could have allowed attackers to take shadow administrative control over an enterprise cloud infrastructure, gain access to and exfiltrate data, and deploy malware. First seen on darkreading.com Jump to article: www.darkreading.com/cloud-security/azure-data-factory-bugs-expose-cloud-infrastructure
-
Apache Struts Arbitrary File Upload Vulnerability S2-067 (CVE-2024-53677)
Overview Recently, NSFOCUS CERT monitored that Apache released a security bulletin, fixing the Apache Struts arbitrary file upload vulnerability S2-067 (CVE-2024-53677). Due to a logical defect in the file upload function, an unauthenticated attacker can perform path traversal by controlling the file upload parameters, thereby uploading malicious files to achieve remote code execution. The CVSS…The…
-
Hackers Exploiting Apache Struts2 Vulnerability to Upload Malicious Payloads
Hackers have begun exploiting a newly discovered vulnerability in Apache Struts2, a widely used open-source framework for developing Java web applications. The vulnerability, assigned the identifier CVE-2024-53677, has a critical CVSS score of 9.5, indicating its potential for severe impact if left unaddressed. Background on the Vulnerability Apache Struts2 announced the vulnerability last week, highlighting…
-
Apache issues patches for critical Struts 2 RCE bug
More details released after devs allowed weeks to apply fixes First seen on theregister.com Jump to article: www.theregister.com/2024/12/12/apache_struts_2_vuln/
-
Mauri Ransomware Leverages Apache ActiveMQ Vulnerability to Deploy CoinMiners
The Apache ActiveMQ server is vulnerable to remote code execution (CVE-2023-46604), where attackers can exploit this vulnerability by manipulating serialized class types in the OpenWire protocol to load malicious class configurations from external sources. Successful exploitation allows attackers to execute arbitrary code on the vulnerable server, leading to potential system compromise, which has been actively…
-
[Updated] Log4Shell: Critical Severity Apache Log4j Remote Code Execution Being Actively Exploited (CVE-2021-44228 CVE-2021-45046)
Update December 17th, 2021: Log4j 2.15.0 Vulnerability Upgraded from Low to Critical Severity (CVSS 9.0) RCE possible in non-default configurations Th… First seen on research.kudelskisecurity.com Jump to article: research.kudelskisecurity.com/2021/12/10/log4shell-critical-severity-apache-log4j-remote-code-execution-being-actively-exploited-cve-2021-44228/
-
CVE-2023-46604 Apache ActiveMQ RCE vulnerability
Written by Joshua Cartlidge of the Kudelski Security Threat Detection & Research Team Summary On October 25, 2023, Apache disclosed an ActiveMQ Re… First seen on research.kudelskisecurity.com Jump to article: research.kudelskisecurity.com/2023/11/03/cve-2023-46604-apache-activemq-rce-vulnerability/
-
Apache Fixes OFBiz Remote Code Execution Flaw
First seen on duo.com Jump to article: duo.com/decipher/apache-fixes-ofbiz-remote-code-execution-flaw
-
Apache OfBiz: Schwachstelle ermöglicht Codeschmuggel
Eine aktualisierte Version der ERP-Software Apache OfBiz schließt Sicherheitslecks, die das Ausführen von Schadcode ermöglichen. First seen on heise.de Jump to article: www.heise.de/news/Apache-OfBiz-Schwachstelle-ermoeglicht-Codeschmuggel-10075408.html
-
Sicherheitspatches: Apache Traffic Server über mehrere Lücken angreifbar
Tags: apacheUm Netzwerke zu schützen, sollten Admins die aktuellen Versionen von Apache Traffic Server installieren. First seen on heise.de Jump to article: www.heise.de/news/Sicherheitsupdates-Angreifer-koennen-Apache-Traffic-Server-crashen-lassen-10036352.html
-
Critical Apache Avro SDK Flaw Allows Remote Code Execution in Java Applications
A critical security flaw has been disclosed in the Apache Avro Java Software Development Kit (SDK) that, if successfully exploited, could allow the ex… First seen on thehackernews.com Jump to article: thehackernews.com/2024/10/critical-apache-avro-sdk-flaw-allows.html
-
Apache Avro SDK Flaw Could Enable Java Apps RCE
First seen on scworld.com Jump to article: www.scworld.com/brief/apache-avro-sdk-flaw-could-enable-java-apps-rce
-
RCE in Java apps likely with critical Apache Avro SDK vulnerability
First seen on scworld.com Jump to article: www.scworld.com/brief/rce-in-java-apps-likely-with-critical-apache-avro-sdk-vulnerability