The cyber world has been rattled by the recent discovery of a critical zero-day vulnerability in Apache OFBiz, known as CVE-2023-51467. Researchers at SonicWall unveiled this flaw, which poses a significant threat by enabling attackers to bypass authentication and carry out a Server-Side Request Forgery (SSRF). The vulnerability is severe, with a CVSS score of… Continue reading Apache OFBiz Vulnerability Exposes Millions of Systems
Tag: Apache
New Apache Struts 2 Vulnerability Allows for RCE
A newly discovered critical security flaw in Apache Struts 2, a widely used open-source web application framework, has spurred an urgent call for users to patch their systems. The flaw, CVE-2023-50164, poses a severe risk of remote code execution (RCE). New Apache Struts 2 RCE Vulnerability Discovered Recently, Apache has issued a security advisory highlighting… Continue reading New Apache Struts 2 Vulnerability Allows for RCE
Apache ActiveMQ Vulnerability Exploited In The Wild
Recent Apache ActiveMQ vulnerability, that allows for remote code execution, is reportedly exploited in real-world attacks. Analysts noticed several exploitation cases that used this vulnerability to infect Linux systems with Kinsing malware. That is a rare sight of a high-profile vulnerability being exploited to infect exclusively Linux machines. Apache ActiveMQ Vulnerability Allows for RCE Analysts… Continue reading Apache ActiveMQ Vulnerability Exploited In The Wild
New Vulnerability in Apache Commons Text Is Already Being Attacked by Hackers
According to WordPress security firm Defiant, attempts have already been made to exploit a new vulnerability in Apache Commons Text (CVE-2022-42889). Called Text4Shell and affects versions 1.5 to 1.9 of the library. Some believe that this issue could become the new Log4Shell. The issue scored 9.8 out of 10 on the CVSS vulnerability rating scale.… Continue reading New Vulnerability in Apache Commons Text Is Already Being Attacked by Hackers
Chinese hack group Aquatic Panda exploits Log4Shell to hack educational institutions
Specialists of information security company CrowdStrike warn: the Chinese cyber-espionage hack group Aquatic Panda uses the Log4Shell vulnerabilities, with the help of which a large educational institution was compromised. Let me remind you that the CVE-2021-44228 vulnerability, also called Log4Shell and LogJam, was discovered in the popular Log4j logging library in early December. The researchers… Continue reading Chinese hack group Aquatic Panda exploits Log4Shell to hack educational institutions
Another vulnerability found in Log4j, this time it is a denial of service
Log4Shell, recently discovered in the popular logging library Log4j, which is part of the Apache Logging Project, continues to get worse, as another vulnerability has been found. This time it is time a “denial of service” vulnerability. The problem was originally discovered while catching bugs on Minecraft servers, but the Log4j library is present in… Continue reading Another vulnerability found in Log4j, this time it is a denial of service
Apache Log4j Vulnerability explained by Google
On December 17th, 2021 in their blog Google Open Source Insights Team explained the whole situation they observed concerning Apache Log4j Vulnerability. They described the widespread vulnerability and current progress in fixing the open source JVM ecosystem. Also Team shared their thoughts on how long it will possibly take for this vulnerability to be fixed… Continue reading Apache Log4j Vulnerability explained by Google
Log4j vulnerability threatens 35,000 Java packages
Google scanned Maven Central, the largest Java repository to date, and found that the Log4j vulnerability threatened 35,863 Java packages. The packages are vulnerable to either the original Log4Shell exploit (CVE-2021-44228) or the second RCE problem discovered after the patch was released (CVE-2021-45046). This vulnerability has gripped the information security ecosystem since its disclosure on… Continue reading Log4j vulnerability threatens 35,000 Java packages
0-day In Log4j Library Poses A Threat To Many Applications & Servers
The Apache Software Foundation has released an emergency security update that fixes a 0-day vulnerability (CVE-2021-44228) in the popular Log4j logging library, which is part of the Apache Logging Project. The patch was released as part of the 2.15.0 release. The vulnerability was named Log4Shell and scored 10 out of 10 points on the CVSS… Continue reading 0-day In Log4j Library Poses A Threat To Many Applications & Servers