Tag: apache
-
Orgs Scramble to Fix Actively Exploited Bug in Apache Struts 2
by
in SecurityNewsA newly discovered vulnerability, CVE-2024-53677, in the aging Apache framework is going to cause major headaches for IT teams, since patching isn’t enough to fix it. First seen on darkreading.com Jump to article: www.darkreading.com/application-security/actively-exploited-bug-struts-2
-
Breach Roundup: US Seeks Extradition of Alleged LockBit Coder
by
in SecurityNewsAlso: Interpol Says ‘Pig Butchering’ Shames Victims, A Data Leak Scandal in Mexico. This week, U.S. asks Israel to extradite an alleged LockBit coder, don’t say pig butchering, and an Apache Struts flaw. A hunt for alleged data thieves in Mexico, Europe probes TikTok and Netfilix fined 4.75 million. A ransomware attack against Texas medical…
-
CVE-2024-50379: A Critical Race Condition in Apache Tomcat
by
in SecurityNewsAn Apache Tomcat web server vulnerability has been published, exposing the platform to remote code execution through a race condition failure. First seen on securityboulevard.com Jump to article: securityboulevard.com/2024/12/cve-2024-50379-a-critical-race-condition-in-apache-tomcat/
-
Apache Tomcat Conditional Competition Code Execution Vulnerability (CVE-2024-50379)
by
in SecurityNewsOverview Recently, NSFOCUS CERT detected that Apache issued a security announcement, fixing the Apache Tomcat conditional competition code execution vulnerability (CVE-2024-50379). Due to the inconsistency between Windows file system and Tomcat in case-distinguishing processing of paths, when the write function of default servlet is enabled (set readonly=false and allow PUT method), unauthenticated attackers can construct…The…
-
Java-Webframework – Upload-Fehler wird zur kritischen Sicherheitslücke in Apache Struts
by
in SecurityNewsFirst seen on security-insider.de Jump to article: www.security-insider.de/-apache-struts-update-sicherheitsluecke-cyberangriffe-vermeidung-a-b065b1855e7fa826f76896bc115a878f/
-
Vulnerabilities in Azure Data Factory Open Door to Attacks
by
in SecurityNewsAzure Data Factory’s Apache Airflow Integration Flaw Can Expose Cloud Environments. Security researchers say now-resolved vulnerabilities in a Microsoft Azure integration with the Apache Airflow workflow management platform showcase growing sophistication of attackers. Palo Alto Unit 42 researchers said the flaws could allow hackers to deploy malware and steal data. First seen on govinfosecurity.com Jump…
-
Threat actors are attempting to exploit Apache Struts vulnerability CVE-2024-53677
by
in SecurityNewsResearchers warn that threat actors are attempting to exploit a recently disclosed Apache Struts vulnerability CVE-2024-53677. Researchers warn that threat actors are attempting to exploit the vulnerability CVE-2024-53677 (CVSS score of 9.5) in Apache Struts. A remote attacker could exploit this vulnerability to upload malicious files, potentially leading to arbitrary code execution. >>An attacker can…
-
Exploitation of Recent Critical Apache Struts 2 Flaw Begins
by
in SecurityNewsResearchers warn of malicious attacks exploiting a recently patched critical vulnerability in Apache Struts 2 leading to remote code execution (RCE). The post Exploitation of Recent Critical Apache Struts 2 Flaw Begins appeared first on SecurityWeek. First seen on securityweek.com Jump to article: www.securityweek.com/exploitation-of-recent-critical-apache-struts-2-flaw-begins/
-
Jetzt patchen! Angreifer nutzen kritische Sicherheitslücke in Apache Struts aus
by
in SecurityNewsDie Uploadfunktion von Apache Struts ist fehlerhaft und Angreifer können Schadcode hochladen. Sicherheitsforscher warnen vor Attacken. First seen on heise.de Jump to article: www.heise.de/news/Jetzt-patchen-Angreifer-nutzen-kritische-Sicherheitsluecke-in-Apache-Struts-aus-10212840.html
-
Patch Alert: Critical Apache Struts Flaw Found, Exploitation Attempts Detected
by
in SecurityNewsThreat actors are attempting to exploit a recently disclosed security flaw impacting Apache Struts that could pave the way for remote code execution.The issue, tracked as CVE-2024-53677, carries a CVSS score of 9.5 out of 10.0, indicating critical severity. The vulnerability shares similarities with another critical bug the project maintainers addressed in December 2023 (CVE-2023-50164,…
-
Critical security hole in Apache Struts under exploit
by
in SecurityNewsYou applied the patch that could stop possible RCE attacks last week, right? First seen on theregister.com Jump to article: www.theregister.com/2024/12/17/critical_rce_apache_struts/
-
Azure Data Factory Bugs Expose Cloud Infrastructure
by
in SecurityNewsThree vulnerabilities in the service’s Apache Airflow integration could have allowed attackers to take shadow administrative control over an enterprise cloud infrastructure, gain access to and exfiltrate data, and deploy malware. First seen on darkreading.com Jump to article: www.darkreading.com/cloud-security/azure-data-factory-bugs-expose-cloud-infrastructure
-
New critical Apache Struts flaw exploited to find vulnerable servers
by
in SecurityNewsA recently patched critical Apache Struts 2 vulnerability tracked as CVE-2024-53677 is actively exploited using public proof-of-concept exploits to find vulnerable devices. First seen on bleepingcomputer.com Jump to article: www.bleepingcomputer.com/news/security/new-critical-apache-struts-flaw-exploited-to-find-vulnerable-servers/
-
Apache Struts Arbitrary File Upload Vulnerability S2-067 (CVE-2024-53677)
by
in SecurityNewsOverview Recently, NSFOCUS CERT monitored that Apache released a security bulletin, fixing the Apache Struts arbitrary file upload vulnerability S2-067 (CVE-2024-53677). Due to a logical defect in the file upload function, an unauthenticated attacker can perform path traversal by controlling the file upload parameters, thereby uploading malicious files to achieve remote code execution. The CVSS…The…
-
Hackers Exploiting Apache Struts2 Vulnerability to Upload Malicious Payloads
by
in SecurityNewsHackers have begun exploiting a newly discovered vulnerability in Apache Struts2, a widely used open-source framework for developing Java web applications. The vulnerability, assigned the identifier CVE-2024-53677, has a critical CVSS score of 9.5, indicating its potential for severe impact if left unaddressed. Background on the Vulnerability Apache Struts2 announced the vulnerability last week, highlighting…
-
Apache issues patches for critical Struts 2 RCE bug
by
in SecurityNewsMore details released after devs allowed weeks to apply fixes First seen on theregister.com Jump to article: www.theregister.com/2024/12/12/apache_struts_2_vuln/
-
Mauri Ransomware Leverages Apache ActiveMQ Vulnerability to Deploy CoinMiners
by
in SecurityNewsThe Apache ActiveMQ server is vulnerable to remote code execution (CVE-2023-46604), where attackers can exploit this vulnerability by manipulating serialized class types in the OpenWire protocol to load malicious class configurations from external sources. Successful exploitation allows attackers to execute arbitrary code on the vulnerable server, leading to potential system compromise, which has been actively…
-
[Updated] Log4Shell: Critical Severity Apache Log4j Remote Code Execution Being Actively Exploited (CVE-2021-44228 CVE-2021-45046)
by
in SecurityNewsUpdate December 17th, 2021: Log4j 2.15.0 Vulnerability Upgraded from Low to Critical Severity (CVSS 9.0) RCE possible in non-default configurations Th… First seen on research.kudelskisecurity.com Jump to article: research.kudelskisecurity.com/2021/12/10/log4shell-critical-severity-apache-log4j-remote-code-execution-being-actively-exploited-cve-2021-44228/
-
CVE-2023-46604 Apache ActiveMQ RCE vulnerability
by
in SecurityNewsWritten by Joshua Cartlidge of the Kudelski Security Threat Detection & Research Team Summary On October 25, 2023, Apache disclosed an ActiveMQ Re… First seen on research.kudelskisecurity.com Jump to article: research.kudelskisecurity.com/2023/11/03/cve-2023-46604-apache-activemq-rce-vulnerability/
-
Apache Fixes OFBiz Remote Code Execution Flaw
by
in SecurityNewsFirst seen on duo.com Jump to article: duo.com/decipher/apache-fixes-ofbiz-remote-code-execution-flaw
-
Apache OfBiz: Schwachstelle ermöglicht Codeschmuggel
by
in SecurityNewsEine aktualisierte Version der ERP-Software Apache OfBiz schließt Sicherheitslecks, die das Ausführen von Schadcode ermöglichen. First seen on heise.de Jump to article: www.heise.de/news/Apache-OfBiz-Schwachstelle-ermoeglicht-Codeschmuggel-10075408.html
-
Sicherheitspatches: Apache Traffic Server über mehrere Lücken angreifbar
by
in SecurityNews
Tags: apacheUm Netzwerke zu schützen, sollten Admins die aktuellen Versionen von Apache Traffic Server installieren. First seen on heise.de Jump to article: www.heise.de/news/Sicherheitsupdates-Angreifer-koennen-Apache-Traffic-Server-crashen-lassen-10036352.html
-
Critical Apache Avro SDK Flaw Allows Remote Code Execution in Java Applications
by
in SecurityNewsA critical security flaw has been disclosed in the Apache Avro Java Software Development Kit (SDK) that, if successfully exploited, could allow the ex… First seen on thehackernews.com Jump to article: thehackernews.com/2024/10/critical-apache-avro-sdk-flaw-allows.html
-
Apache Avro SDK Flaw Could Enable Java Apps RCE
by
in SecurityNewsFirst seen on scworld.com Jump to article: www.scworld.com/brief/apache-avro-sdk-flaw-could-enable-java-apps-rce
-
RCE in Java apps likely with critical Apache Avro SDK vulnerability
by
in SecurityNewsFirst seen on scworld.com Jump to article: www.scworld.com/brief/rce-in-java-apps-likely-with-critical-apache-avro-sdk-vulnerability
-
Critical Apache Avro SDK RCE flaw impacts Java applications
by
in SecurityNewsA critical vulnerability in the Apache Avro Java Software Development Kit (SDK) could be exploited to execute arbitrary code on vulnerable instances. … First seen on securityaffairs.com Jump to article: securityaffairs.com/169469/security/apache-avro-java-sdk-critical-flaw.html
-
CVE-2024-45195 – Kritische Schwachstelle in Apache OFBiz erlaubt Code-Ausführung
by
in SecurityNewsFirst seen on security-insider.de Jump to article: www.security-insider.de/ofbiz-updates-sicherheitsluecken-schliessen-a-f0c2bba805a440d188cad18437132f49/