Tag: apache
-
Patch Alert: Critical Apache Struts Flaw Found, Exploitation Attempts Detected
by
in SecurityNewsThreat actors are attempting to exploit a recently disclosed security flaw impacting Apache Struts that could pave the way for remote code execution.The issue, tracked as CVE-2024-53677, carries a CVSS score of 9.5 out of 10.0, indicating critical severity. The vulnerability shares similarities with another critical bug the project maintainers addressed in December 2023 (CVE-2023-50164,…
-
Critical security hole in Apache Struts under exploit
by
in SecurityNewsYou applied the patch that could stop possible RCE attacks last week, right? First seen on theregister.com Jump to article: www.theregister.com/2024/12/17/critical_rce_apache_struts/
-
New critical Apache Struts flaw exploited to find vulnerable servers
by
in SecurityNewsA recently patched critical Apache Struts 2 vulnerability tracked as CVE-2024-53677 is actively exploited using public proof-of-concept exploits to find vulnerable devices. First seen on bleepingcomputer.com Jump to article: www.bleepingcomputer.com/news/security/new-critical-apache-struts-flaw-exploited-to-find-vulnerable-servers/
-
Azure Data Factory Bugs Expose Cloud Infrastructure
by
in SecurityNewsThree vulnerabilities in the service’s Apache Airflow integration could have allowed attackers to take shadow administrative control over an enterprise cloud infrastructure, gain access to and exfiltrate data, and deploy malware. First seen on darkreading.com Jump to article: www.darkreading.com/cloud-security/azure-data-factory-bugs-expose-cloud-infrastructure
-
Apache Struts Arbitrary File Upload Vulnerability S2-067 (CVE-2024-53677)
by
in SecurityNewsOverview Recently, NSFOCUS CERT monitored that Apache released a security bulletin, fixing the Apache Struts arbitrary file upload vulnerability S2-067 (CVE-2024-53677). Due to a logical defect in the file upload function, an unauthenticated attacker can perform path traversal by controlling the file upload parameters, thereby uploading malicious files to achieve remote code execution. The CVSS…The…
-
Hackers Exploiting Apache Struts2 Vulnerability to Upload Malicious Payloads
by
in SecurityNewsHackers have begun exploiting a newly discovered vulnerability in Apache Struts2, a widely used open-source framework for developing Java web applications. The vulnerability, assigned the identifier CVE-2024-53677, has a critical CVSS score of 9.5, indicating its potential for severe impact if left unaddressed. Background on the Vulnerability Apache Struts2 announced the vulnerability last week, highlighting…
-
Apache issues patches for critical Struts 2 RCE bug
by
in SecurityNewsMore details released after devs allowed weeks to apply fixes First seen on theregister.com Jump to article: www.theregister.com/2024/12/12/apache_struts_2_vuln/
-
Mauri Ransomware Leverages Apache ActiveMQ Vulnerability to Deploy CoinMiners
by
in SecurityNewsThe Apache ActiveMQ server is vulnerable to remote code execution (CVE-2023-46604), where attackers can exploit this vulnerability by manipulating serialized class types in the OpenWire protocol to load malicious class configurations from external sources. Successful exploitation allows attackers to execute arbitrary code on the vulnerable server, leading to potential system compromise, which has been actively…
-
[Updated] Log4Shell: Critical Severity Apache Log4j Remote Code Execution Being Actively Exploited (CVE-2021-44228 CVE-2021-45046)
by
in SecurityNewsUpdate December 17th, 2021: Log4j 2.15.0 Vulnerability Upgraded from Low to Critical Severity (CVSS 9.0) RCE possible in non-default configurations Th… First seen on research.kudelskisecurity.com Jump to article: research.kudelskisecurity.com/2021/12/10/log4shell-critical-severity-apache-log4j-remote-code-execution-being-actively-exploited-cve-2021-44228/
-
CVE-2023-46604 Apache ActiveMQ RCE vulnerability
by
in SecurityNewsWritten by Joshua Cartlidge of the Kudelski Security Threat Detection & Research Team Summary On October 25, 2023, Apache disclosed an ActiveMQ Re… First seen on research.kudelskisecurity.com Jump to article: research.kudelskisecurity.com/2023/11/03/cve-2023-46604-apache-activemq-rce-vulnerability/
-
Apache Fixes OFBiz Remote Code Execution Flaw
by
in SecurityNewsFirst seen on duo.com Jump to article: duo.com/decipher/apache-fixes-ofbiz-remote-code-execution-flaw
-
Apache OfBiz: Schwachstelle ermöglicht Codeschmuggel
by
in SecurityNewsEine aktualisierte Version der ERP-Software Apache OfBiz schließt Sicherheitslecks, die das Ausführen von Schadcode ermöglichen. First seen on heise.de Jump to article: www.heise.de/news/Apache-OfBiz-Schwachstelle-ermoeglicht-Codeschmuggel-10075408.html
-
Sicherheitspatches: Apache Traffic Server über mehrere Lücken angreifbar
by
in SecurityNews
Tags: apacheUm Netzwerke zu schützen, sollten Admins die aktuellen Versionen von Apache Traffic Server installieren. First seen on heise.de Jump to article: www.heise.de/news/Sicherheitsupdates-Angreifer-koennen-Apache-Traffic-Server-crashen-lassen-10036352.html
-
Critical Apache Avro SDK Flaw Allows Remote Code Execution in Java Applications
by
in SecurityNewsA critical security flaw has been disclosed in the Apache Avro Java Software Development Kit (SDK) that, if successfully exploited, could allow the ex… First seen on thehackernews.com Jump to article: thehackernews.com/2024/10/critical-apache-avro-sdk-flaw-allows.html
-
Apache Avro SDK Flaw Could Enable Java Apps RCE
by
in SecurityNewsFirst seen on scworld.com Jump to article: www.scworld.com/brief/apache-avro-sdk-flaw-could-enable-java-apps-rce
-
RCE in Java apps likely with critical Apache Avro SDK vulnerability
by
in SecurityNewsFirst seen on scworld.com Jump to article: www.scworld.com/brief/rce-in-java-apps-likely-with-critical-apache-avro-sdk-vulnerability
-
Critical Apache Avro SDK RCE flaw impacts Java applications
by
in SecurityNewsA critical vulnerability in the Apache Avro Java Software Development Kit (SDK) could be exploited to execute arbitrary code on vulnerable instances. … First seen on securityaffairs.com Jump to article: securityaffairs.com/169469/security/apache-avro-java-sdk-critical-flaw.html
-
CVE-2024-45195 – Kritische Schwachstelle in Apache OFBiz erlaubt Code-Ausführung
by
in SecurityNewsFirst seen on security-insider.de Jump to article: www.security-insider.de/ofbiz-updates-sicherheitsluecken-schliessen-a-f0c2bba805a440d188cad18437132f49/
-
CISA warns of actively exploited Apache HugeGraph-Server bug
by
in SecurityNewsThe U.S. Cybersecurity and Infrastructure Agency (CISA) has added five flaws to its Known Exploited Vulnerabilities (KEV) catalog, among which is a re… First seen on bleepingcomputer.com Jump to article: www.bleepingcomputer.com/news/security/cisa-warns-of-actively-exploited-apache-hugegraph-server-bug/
-
U.S. CISA adds Microsoft Windows, Apache HugeGraph-Server, Oracle JDeveloper, Oracle WebLogic Server, and Microsoft SQL Server bugs to its Known Exploited Vulnerabilities catalog
by
in SecurityNews
Tags: apache, cisa, cybersecurity, exploit, infrastructure, kev, microsoft, oracle, sql, vulnerability, windowsU.S. Cybersecurity and Infrastructure Security Agency (CISA) adds Microsoft Windows, Apache HugeGraph-Server, Oracle JDeveloper, Oracle WebLogic Serve… First seen on securityaffairs.com Jump to article: securityaffairs.com/168592/security/u-s-cisa-windows-apache-hugegraph-oracle-jdeveloper-oracle-weblogic-sql-server-bugs-to-its-known-exploited-vulnerabilities-catalog.html
-
Apache OFBiz behebt neuen kritischen Fehler
by
in SecurityNews
Tags: apacheFirst seen on csoonline.com Jump to article: www.csoonline.com/de/a/apache-ofbiz-behebt-neuen-kritischen-fehler
-
CVE-2024-38856 and CVE-2024-45195 Apache OFBiz Security Vulnerabilities August 2024
by
in SecurityNewsCritical Security Vulnerabilities (CVE-2024-38856 and CVE-2024-45195) in Apache OFBiz Expose Enterprise Systems to Potential Data Breaches and Disrupt… First seen on securityboulevard.com Jump to article: securityboulevard.com/2024/09/cve-2024-38856-and-cve-2024-45195-apache-ofbiz-security-vulnerabilities-august-2024/
-
Apache Flaw: High Severity Vulnerability Fix Via Update
by
in SecurityNewsOrganizations worldwide leverage technological solutions for increased efficiency and productivity. However, given the rapid advancements of online th… First seen on securityboulevard.com Jump to article: securityboulevard.com/2024/09/apache-flaw-high-severity-vulnerability-fix-via-update/
-
Apache OFBiz Update Fixes High-Severity Flaw Leading to Remote Code Execution
by
in SecurityNewsA new security flaw has been addressed in the Apache OFBiz open-source enterprise resource planning (ERP) system that, if successfully exploited, coul… First seen on thehackernews.com Jump to article: thehackernews.com/2024/09/apache-ofbiz-update-fixes-high-severity.html
-
Hackers Exploiting Apache OFBiz RCE Vulnerability in the Wild
by
in SecurityNewsA critical vulnerability in the Apache OFBiz framework has been actively exploited by hackers. The flaw designated CVE-2024-45195, allows for unauthen… First seen on gbhackers.com Jump to article: gbhackers.com/apache-ofbiz-rce-vulnerability/
-
Attacks Target Recent Apache OFBiz Bug
by
in SecurityNewsFirst seen on duo.com Jump to article: duo.com/decipher/attacks-target-recent-apache-ofbiz-bug
-
Apache OFBiz: Aktueller Sicherheitspatch repariert ältere Patches
by
in SecurityNews
Tags: apacheFirst seen on heise.de Jump to article: www.heise.de/news/Apache-OFBiz-Aktueller-Sicherheitspatch-repariert-aeltere-Patches-9859389.html