apache
-
A vulnerability, which was classified as problematic, has been found in Apache Xerces C++ up to 3.2.2. This issue affects some unknown processing of the component External DTD Scanning. The manipulation leads to use after free. The identification of this vulnerability is CVE-2024-23807. The attack needs to be approached within the local network. There is…
-
A vulnerability was found in Apache Tomcat up to 1.2.48. It has been classified as critical. Affected is an unknown function of the component mod_jk. The manipulation leads to improper access controls. This vulnerability is traded as CVE-2023-41081. It is possible to launch the attack remotely. There is no exploit available. It is recommended to…
-
A vulnerability classified as problematic was found in Apache CloudStack 4.16.x. This vulnerability affects unknown code of the component Comment Handler. The manipulation leads to improper access controls. This vulnerability was named CVE-2025-22828. The attack can be initiated remotely. There is no exploit available.
-
A vulnerability, which was classified as critical, has been found in Apache HTTP Server up to 2.2.3. Affected by this issue is some unknown functionality of the component mod_rewrite. The manipulation leads to numeric error. This vulnerability is handled as CVE-2006-3747. Access to the local network is required for this attack to succeed. Furthermore, there…
-
A vulnerability was found in Apache Software Foundation Mod Jk up to 2.0.1. It has been classified as critical. This affects an unknown part of the component mod_jk2. The manipulation leads to memory corruption. This vulnerability is uniquely identified as CVE-2007-6258. It is possible to initiate the attack remotely. Furthermore, there is an exploit available.
-
submitted by /u/arqf_ [link] [comments]
-
The Apache Software Foundation (ASF) has shipped security updates to address a critical security flaw in Traffic Control that, if successfully exploited, could allow an attacker to execute arbitrary Structured Query Language (SQL) commands in the database. The SQL injection vulnerability, tracked as CVE-2024-45387, is rated 9.9 out of 10.0 on the CVSS scoring system.…
-
A vulnerability classified as critical was found in Oracle Instantis EnterpriseTrack 17.1/17.2/17.3. Affected by this vulnerability is an unknown functionality of the component Apache HTTP Server. The manipulation leads to improper access controls. This vulnerability is known as CVE-2019-0211. It is possible to launch the attack on the local host. Furthermore, there is an exploit…
-
A vulnerability was found in Apache MINA up to 2.0.26/2.1.9/2.2.3. It has been classified as critical. This affects an unknown part of the component ObjectSerializationDecoder. The manipulation leads to deserialization. This vulnerability is uniquely identified as CVE-2024-52046. It is possible to initiate the attack remotely. There is no exploit available. It is recommended to upgrade…
-
A critical SQL injection vulnerability, identified as CVE-2024-45387, has been discovered in Apache Traffic Control, a widely used open-source platform for managing large-scale content delivery networks (CDNs). This vulnerability affects versions 8.0.0 through 8.0.1 of the software and has been assigned a CVSS score of 9.9, indicating its severe impact on system confidentiality, integrity, and…
-
A vulnerability was found in Apache MINA up to 2.0.26/2.1.9/2.2.3. It has been classified as critical. This affects an unknown part of the component ObjectSerializationDecoder. The manipulation leads to deserialization. This vulnerability is uniquely identified as CVE-2024-52046. It is possible to initiate the attack remotely. There is no exploit available. It is recommended to upgrade…
-
A critical-severity security flaw has been uncovered in Apache Traffic Control, a popular open-source platform used to build large-scale content delivery networks (CDNs). This vulnerability, identified as CVE-2024-45387 and assigned… The post CVE-2024-45387 (CVSS 9.9): Critical SQL Injection Vulnerability Found in Apache Traffic Control appeared first on Cybersecurity News.
-
Overview Cyble’s December 19 IT vulnerability report to clients highlighted nine vulnerabilities at high risk of attack, including five under active discussion on dark web forums. Cyble vulnerability intelligence and dark web researchers also noted threat actor claims of zero-day vulnerabilities for sale affecting Palo Alto Networks devices and Chrome and Edge browsers. In total,…
-
Introduction to Malware Binary Triage (IMBT) Course Looking to level up your skills? Get 10% off using coupon code: MWNEWS10 for any flavor. Enroll Now and Save 10%: Coupon Code MWNEWS10 Note: Affiliate link – your enrollment helps support this platform at no extra cost to you. Overview Cyble’s December 19 IT vulnerability report to…
-
The Apache Software Foundation fixed a Tomcat server software flaw that could lead to remote code execution under certain conditions. The Apache Software Foundation (ASF) addressed an important vulnerability, tracked as CVE-2024-56337, in its Tomcat server software. The researchers warn that exploiting this vulnerability could result in remote code execution under certain conditions. Apache Tomcat…
-
A major security issue has been discovered in Apache Tomcat, a popular tool used by countless organizations for hosting web applications. This vulnerability, named CVE-2024-56337, can allow hackers to run harmful code on affected servers. For businesses using this technology, it’s a serious risk that needs immediate attention. What went wrong? The issue stems from…
-
submitted by /u/arqf_ [link] [comments]
-
A vulnerability in Apache Struts2, a popular open-source web application framework for Java, has been identified, potentially enabling remote code execution. This flaw allows attackers to manipulate file upload parameters for path traversal, leading to the upload of malicious files and subsequent remote code execution. Successful exploitation could grant attackers the ability to install programs,…
-
submitted by /u/quellaman [link] [comments]