Apache News Articles
Recent news articles refferecing the vendors vulnerabilities.
Security AffairsCVE-2024-45387Apache fixed a critical SQL Injection in Apache Traffic Control
Apache Software Foundation (ASF) addressed a critical SQL Injection vulnerability, tracked as CVE-2024-45387, in Apache Traffic Control.
19 hours ago
DevOps/SRE Blog Scanner and News Feed
Apache Traffic Control 8.0.2 fixes CVE-2024-45387, a critical 9.9 CVSS SQL injection flaw targeting privileged users.Ruijie cloud flaws risk 50,000 devices; Open Sesame bypasses MQTT. Patches issued...
1 day ago
The Hacker NewsCVE-2024-45387Critical SQL Injection Vulnerability in Apache Traffic Control Rated 9.9 CVSS — Patch Now
Apache Traffic Control 8.0.2 fixes CVE-2024-45387, a critical 9.9 CVSS SQL injection flaw targeting privileged users.
1 day ago
Cyber Security NewsCVE-2024-45387Apache Traffic Control Vulnerability Let Attackers Inject Malicious SQL Commands
A critical SQL injection vulnerability, identified as CVE-2024-45387, has been discovered in Apache Traffic Control, a widely used open-source platform for managing large-scale content delivery networks (CDNs).
1 day ago
DataconomyCritical Tomcat flaw could expose your servers to attack
The Apache Software Foundation (ASF) has released a security update for its Tomcat server software, addressing a critical vulnerability identified as
2 days ago
The Hacker NewsCVE-2024-56337Apache Tomcat Vulnerability CVE-2024-56337 Exposes Servers to RCE Attacks
Apache releases a security update for CVE-2024-56337, addressing RCE risks in Tomcat servers with critical configuration changes required for Java 8,
3 days ago
Apache fixes remote code execution bypass in Tomcat web server
Apache has released a security update that addresses an important vulnerability in Tomcat web server that could lead to an attacker achieving remote code execution.
3 days ago
SonatypeCVE-2024-53677CVE-2024-53677: A critical file upload vulnerability in Apache Struts2
Learn how to address CVE-2024-53677, a critical Apache Struts2 vulnerability. Discover mitigation steps to secure your software supply chain.
6 days ago
Orgs Scramble to Fix Actively Exploited Bug in Struts 2
A newly discovered vulnerability, CVE-2024-53677, in the aging Apache framework is going to cause major headaches for IT teams, since patching isn't enough to fix it.
1 week ago
Security AffairsCVE-2024-53677Threat actors are attempting to exploit Apache Struts vulnerability CVE-2024-53677
Researchers warn that threat actors are attempting to exploit a recently disclosed Apache Struts vulnerability CVE-2024-53677.
1 week ago
The Hacker NewsCVE-2024-53677Patch Alert: Critical Apache Struts Flaw Found, Exploitation Attempts Detected
CVE-2024-53677: Critical 9.5 CVSS Apache Struts flaw enables remote code execution; patch now in version 6.4.0.
1 week ago
Exploitation of Recent Critical Apache Struts 2 Flaw Begins
Malicious attacks exploiting a recently patched critical vulnerability in Apache Struts 2 leading to remote code execution (RCE).
1 week ago
The RegisterCVE-2024-53677Critical Apache Struts bug under active exploit
A critical security hole in Apache Struts 2 – patched last week – is currently being exploited using publicly available proof-of-concept (PoC) code. Struts is a Java-based web application framework widely...
1 week ago
Cyber Security NewsCVE-2024-53677Apache Struts RCE Vulnerability Actively Exploited in Wild Using Public PoC
A critical security vulnerability has been identified in Apache Struts, a popular open-source framework for building Java-based web applications actively using in attacks leveraging publish PoC that allows attackers to execute malicious files on the server.
1 week ago
New critical Apache Struts flaw exploited to find vulnerable servers
A recently patched critical Apache Struts 2 vulnerability tracked as CVE-2024-53677 is actively exploited using public proof-of-concept exploits to find vulnerable devices.
1 week ago
GBHackers NewsCVE-2024-53677Hackers Exploiting Apache Struts2 Vulnerability to upload Malicious Payloads
Hackers have begun exploiting a newly discovered vulnerability in Apache Struts2, a widely used open-source framework.
1 week ago
The RegisterCVE-2024-53677Apache issues patches for critical Struts 2 RCE bug
We now know the remote code execution vulnerability in Apache Struts 2 disclosed back in November carries a near-maximum severity rating following the publication of the CVE. According to the National...
2 weeks ago
The Hacker NewsCVE-2024-47561Critical Apache Avro SDK Flaw Allows Remote Code Execution in Java Applications
Urgent patch advised for Apache Avro Java SDK flaw (CVE-2024-47561) that allows code execution.
3 months ago
These vulnerabilities in Apache HTTP Server enable HTTP Request Smuggling and SSL Authentication Bypass, posing severe threats to organizations worldwide
PoC exploit codes are available for both vulnerabilities
3 months ago
cyfirmaCVE-2024-40725 and CVE-2024-40898 Vulnerabilities in Apache’s HTTP Server : Vulnerability Analysis and Exploitation - CYFIRMA
Published On : 2024-09-11 EXECUTIVE SUMMARY CVE-2024-40725 and CVE-2024-40898 are vulnerabilities in Apache’s HTTP Server. CVE-2024-40725 affects the mod_proxy module, where enabling the ProxyPass...
3 months ago
Duo SecurityApache Fixes OFBiz Remote Code Execution Flaw
Apache has issued a fix in OFBiz (Open For Business) that addresses an unauthenticated remote code execution bug.
4 months ago
CSO OnlineApache OFBiz patches new critical remote code execution flaw
The vulnerability represents a bypass of fixes put in place this year for three critical RCE flaws that had the same root cause and have since been used in attacks.
4 months ago
The Cyber ExpressCVE-2024-45195Critical Apache OFBiz RCE Vulnerability Patched CVE-2024-45195
Apache OFBiz has released a critical patch for a RCE vulnerability. Users are urged to update their installations immediately.
4 months ago
The Hacker NewsCVE-2024-45195Apache OFBiz Update Fixes High-Severity Flaw Leading to Remote Code Execution
Apache OFBiz vulnerability CVE-2024-45195 patched, preventing unauthenticated remote code execution on Linux and Windows.
4 months ago
Apache Makes Another Attempt at Patching Exploited RCE in OFBiz
The latest Apache OFBiz update patches CVE-2024-45195, a bypass of a recently disclosed remote code execution bug exploited in attacks.
4 months ago
The Cyber ExpressCVE-2024-38856CISA Flags Apache OFBiz Vulnerability (CVE-2024-38856)
CISA flags CVE-2024-38856 in Apache OFBiz as critical. Upgrade to version 18.12.15 to avoid exploitation risks. CVE-2024-36104 also affects earlier versions.
4 months ago
eSecurity PlanetCVE-2024-38856Vulnerability Recap 8/13/24: Windows, OpenSSH, Apache
It’s been a startling week in vulnerability news, mainly due to a few older vulnerabilities coming to light. While it doesn’t look like they’ve been
4 months ago
eSecurity PlanetCVE-2024-38856Vulnerability Recap 8/12/24: Windows, OpenSSH, Apache
It’s been a startling week in vulnerability news, mainly due to a few older vulnerabilities coming to light. While it doesn’t look like they’ve been
4 months ago
TomitribeCVE-2024-21733CVE-2024-21733 - Tomitribe
Severity3.1 Description Generation of Error Message Containing Sensitive Information vulnerability in Apache Tomcat.This issue affects Apache Tomcat: from 8.5.7 through 8.5.63, from 9.0.0-M11...
5 months ago
CISA warns about actively exploited Apache OFBiz RCE flaw
The U.S. Cybersecurity & Infrastructure Security Agency is warning of two vulnerabilities exploited in attacks, including a path traversal impacting Apache OFBiz.
5 months ago
【威胁预警】IntelBroker 正在出售 NPM 和 GitHub 访问权限,以访问一种知名的编程语言,包括私有存储库
欢迎光临! 登录 DNSlog CN-SEC中文网·在线工具 设备默认密码查询 在线工具集合 娱乐一下 友情链接 CN-SEC 中文网 聚合网络安全,存储安全技术文章,融合安全最新讯息 登录 首页 安全新闻 云安全 安全博客 安全漏洞 安全文章 逆向工程 安全开发 安全工具 安全闲碎 搜索热点...
5 months ago
RCE possible with critical Apache OFBiz zero-day
Such a security issue — which is a patch bypass for the already addressed path traversal flaw, tracked as CVE-2024-36104 — stems from an authentication mechanism vulnerability enabling unauthenticated access to critical endpoints.
5 months ago
IT ProCVE-2024-38856A new critical vulnerability in Apache OFBiz has been uncovered – here's what you need to know
SonicWall has found another major flaw in the Apache OFBiz enterprise resource planning software, marking the latest in a slew of vulnerabilities over the last year
5 months ago
Apache OFBiz RCE Vulnerability Discovered, Patch Now – Gridinsoft Blog
Cybersecurity researchers have discovered a critical zero-day vulnerability CVE-2024-38856 with CVSS score of 9.8 in Apache OFBiz.
5 months ago
The Hacker NewsCVE-2024-38856New Zero-Day Flaw in Apache OFBiz ERP Allows Remote Code Execution
Critical zero-day vulnerability in Apache OFBiz ERP system allows unauthorized remote code execution. Patch available for versions prior to 18.12.15.
5 months ago
eSecurity PlanetCVE-2024-32113Vulnerability Recap 8/5/24: Windows, VMware, Android, Apple
This week, some recently patched vulnerabilities got attention because they’re still being exploited, including Apache OfBiz and VMware eSXI hypervisors.
5 months ago
Critical Apache OfBiz Vulnerability Allows Preauth RCE
The enterprise resource planning platform bug CVE-2024-38856 has a vulnerability-severity score of 9.8 out of 10 on the CVSS scale and offers a wide avenue into enterprise applications for cyberattackers.
5 months ago
Researchers warn of a new critical Apache OFBiz flaw
Researchers urge organizations using Apache OFBiz to address a critical bug, following reports of active exploitation of another flaw.
5 months ago
Help Net SecurityCVE-2024-38856Critical Apache OFBiz pre-auth RCE flaw fixed, update ASAP! (CVE-2024-38856) - Help Net Security
CVE-2024-38856 may be exploited by remote, unauthenticated attackers to execute arbitrary code on vulnerable systems.
5 months ago
The Cyber ExpressCVE-2024-36268CVE-2024-36268: Critical Flaw Found In Apache InLong
Given the critical nature of CVE-2024-36268 and reliance on Apache InLong across various industries, the immediate action cannot be overstated.
5 months ago
Apache Superset: Update für IT-Sicherheitswarnung (Risiko: hoch)
Für Apache Superset wurde ein Update zur IT-Sicherheitswarnung einer bekannten Schwachstelle veröffentlicht. Wie sich betroffene User verhalten sollten, erfahren Sie hier.
5 months ago
ASEC – AhnLabApache Product Security Update Advisory (CVE-2024-39877, CVE-2024-41107)
OverviewApache has released updates to fix vulnerabilities in their products. Users of affected versions are advised to update to the latest version.Affected ProductsCVE-2024-39877Apache-airflow version: 2.4.0Apache-airflow version: ~ 2.9.3 (excluded) CVE-2024-41107Apache CloudStack versions: 4.5.0 ...
5 months ago
SploitusCVE-2024-41107💀 Exploit for CVE-2024-41107
Exploit for CVE-2024-41107 | Sploitus | Exploit & Hacktool Search Engine
5 months ago
SploitusCVE-2024-41107💀 Exploit for CVE-2024-41107
Exploit for CVE-2024-41107 | Sploitus | Exploit & Hacktool Search Engine
5 months ago
Apache CloudStack 的重要安全公告:CVE-2024-38346 和 CVE-2024-39864
Apache 软件基金会发布了紧急安全公告,披露了两个严重漏洞(CVE-2024-38346和CVE-2024-39864),这些漏洞影响了广泛使用的开源云计算平台 Apache CloudStack。这些漏洞对使用 CloudStack 管理虚拟化基础设施的组织构成了重大风险。
5 months ago
Apache CloudStack: Warnung vor neuer IT-Sicherheitslücke
Das BSI hat einen aktuellen IT-Sicherheitshinweis für Apache CloudStack veröffentlicht. Mehr über die betroffenen Betriebssysteme und Produkte sowie CVE-Nummern erfahren Sie hier auf news.de.
5 months ago