WordPress security company Wordfence on Thursday said it started detecting exploitation attempts targeting the newly disclosed flaw in Apache Commons Text on October 18, 2022. The vulnerability, tracked as CVE-2022-42889 aka Text4Shell, has been assigned a severity ranking of 9.8 out of a possible 10.0 on the CVSS scale and affects versions 1.5 through 1.9 […]
Many people are concerned about an RCE flaw in the Apache Commons Text library. They believe that this RCE flaw may turn out to be the next successive “Log4shell” flaw. The new RCE flaw in Apache Commons Text is tracked as CVE-2022-42889 and the flaw has been dubbed “Text4Shell.” The GitHub security analyst Alvaro Munoz […]
An update to the Apache Commons Text library addresses a major vulnerability that may have allowed remote code execution, according to the Apache Software Foundation (ASF).Alvaro Munoz’s issue, CVE-2022-42889, originally reported on the Apache dev list on October 13, 2022. The vulnerability is being related to the Log4Shell vulnerability, which affects Apache Log4j 2, a […]
Information security specialists reported the detection of two severe flaws in Apache Traffic Server (ATS), a modular, high-performance reverse proxy and forward proxy server, generally comparable to Nginx and Squid. As per the report, successful exploitation of these flaws would allow performing dangerous cyberattack variants. Below are brief descriptions of the reported flaws and their […]
A full white paper was released this week on a recently fixed a critical remote code execution (RCE) vulnerability in Apache Cassandra, a distributed NoSQL database that offers high scalability very popular with companies like Cisco, Netflix, Reddit, Twitter, Urban Airship, OpenX, and more. Tracked as CVE-2021-44521, the vulnerability only affects non-default database configurations, which […]
Researchers have revealed details of a now-patched high-severity security vulnerability in Apache Cassandra that, if left unaddressed, could be abused to gain remote code execution (RCE) on affected installations. “This Apache security vulnerability is easy to exploit and has the potential to wreak havoc on systems, but luckily only manifests in non-default configurations of Cassandra,” […]
Microsoft is warning of continuing attempts by nation-state adversaries and commodity attackers to take advantage of security vulnerabilities uncovered in the Log4j open-source logging framework to deploy malware on vulnerable systems. “Exploitation attempts and testing have remained high during the last weeks of December,” Microsoft Threat Intelligence Center (MSTIC) said in revised guidance published earlier […]
An urgent update has been released (Apache HTTP Server 2.4.52) recently by the Apache Software Foundation to resolve critical vulnerabilities in its Apache HTTP Server. The discovered vulnerability was marked as critical and it could be exploited by the threat actors to take control of a vulnerable system. Apart from this, even CISA, the U.S. […]
The Apache Software Foundation (ASF) on Tuesday rolled out fresh patches to contain an arbitrary code execution flaw in Log4j that could be abused by threat actors to run malicious code on affected systems, making it the fifth security shortcoming to be discovered in the tool in the span of a month. Tracked as CVE-2021-44832, […]
The developers of the Apache Software Foundation announced the release of a new version of Apache HTTP Server, hoping to fully address a newly detected critical vulnerability that would allow remote code execution in affected deployments. In this regard, the U.S. Cybersecurity and Infrastructure Security Agency (CISA) also issued an alert urgently requesting Apache HTTP […]
The issues with Log4j continued to stack up as the Apache Software Foundation (ASF) on Friday rolled out yet another patch — version 2.17.0 — for the widely used logging library that could be exploited by malicious actors to stage a denial-of-service (DoS) attack. Tracked as CVE-2021-45105 (CVSS score: 7.5), the new vulnerability affects all […]
Threat actors are actively weaponizing unpatched servers affected by the newly identified “Log4Shell” vulnerability in Log4j to install cryptocurrency miners, Cobalt Strike, and recruit the devices into a botnet, even as telemetry signs point to exploitation of the flaw nine days before it even came to light. Netlab, the networking security division of Chinese tech […]
Apache has released Log4j version 2.15.0 to address the critical RCE vulnerability and users are urged to apply the update immediately. The Apache Foundation’s Log4j is a widely used open-source tool by enterprise apps and cloud services. The bad news is that a security vulnerability has been identified in this tool, reported by Alibaba Cloud […]
Experts report the release of an exploit for a remote code execution (RCE) vulnerability in Log4j, an open source logging utility used in all kinds of web applications, including those used by the world’s largest corporations. News about these vulnerabilities began to unfold through websites frequented by Minecraft players. These platforms warned game users that […]
Apache HTTP managers recommend users keep their deployments up to date due to the recent detection of an actively exploited vulnerability. Tracked as CVE-2021-40438, the flaw was described as a server-side request forgery (SSRF) exploited on httpd web servers with mod_proxy module enabled. According to the report, the vulnerability can be exploited by threat actors […]
Cybersecurity specialists have confirmed that Apache OpenOffice is affected by a remote code execution (RCE) flaw that has been addressed only in its beta version, so active implementations are still affected. In other words, users of this open source suite with millions of downloads are operating vulnerable versions. Specialist Eugene Lim released a report containing […]
The developers at Apache Software Foundation have recently fixed a critical RCE flaw (CVE-2021-26295) in Apache OFBiz. This flaw could allow an unauthenticated attacker to remotely execute and take control of a vulnerable open source Enterprise Resource Planning system (ERP). Apache OFBiz is a Java-based platform that is designed to automate various corporate processes. OFBiz […]
The Apache Software Foundation on Friday addressed a high severity vulnerability in Apache OFBiz that could have allowed an unauthenticated adversary to remotely seize control of the open-source enterprise resource planning (ERP) system. Tracked as CVE-2021-26295, the flaw affects all versions of the software prior to 17.12.06 and employs an “unsafe deserialization” as an attack […]
According to penetration testing specialists, a few weeks ago it was reported the finding of a zero-day vulnerability in Apache Solr, an open source enterprise search platform used by some major companies such as Adobe, Bloomber, eBay, Instagram and Netflix. Although there is even a published proof of concept, the risk of exploitation is still […]
Recently, Solr officially released a security update to fix RCE vulnerability (CVE-2019-12409) due to a bad config default. Solr is apache’s top-level open source project, which is a full-text search server based on lucene developed using Java. After we analysis and judgment. This vulnerability affects to new versions 8.1.1, 8.2.0. Solr users should not expose […]
Recently, the security team found the Apache Flink arbitrary Jar package to upload the attack data that caused the remote code execution vulnerability. The attacker can use this vulnerability to upload any Jar package in the Apache Flink Dashboard page and use Metasploit to execute arbitrary code in the Apache Flink server. Apache Flink is […]