Apache News Articles
Recent news articles refferecing the vendors vulnerabilities.
Apache Patches Critical Remote Code Execution Vulnerability in Tomcat
The Apache Software Foundation has issued an urgent security advisory regarding a critical remote code execution (RCE) vulnerability in Apache Tomcat, now tracked as CVE-2024-56337. This security flaw, which...
1 week ago
GBHackers NewsCVE-2025-23184Apache CXF Vulnerability Triggers DoS Attack
Colm O hEigeartaigh announced a critical vulnerability affecting various versions of Apache CXF, a widely-used framework for building web services.
2 weeks ago
TheCyberThroneCVE-2024-45387Exploit Code released for Apache Traffic Control Flaw CVE-2024-45387
What is CVE-2024-45387? CVE-2024-45387 is a critical vulnerability identified in Apache Traffic Control, specifically affecting the Traffic Ops module in versions 8.0.0 to 8.0.1. The nature of this vulnerability is an SQL injection flaw, which allows an attacker to inject and execute arbitrary SQL c...
1 month ago
The Cyber ExpressCVE-2024-43441The Cyber Security Agency Of Singapore Alerts CVE-2024-43441
The Cyber Security Agency of Singapore warns of CVE-2024-43441 and other Apache vulnerabilities, urging users to update as soon as possible.
1 month ago
The Cyber ExpressCVE-2024-43441The Cyber Security Agency Of Singapore Alerts CVE-2024-43441
The Cyber Security Agency of Singapore warns of CVE-2024-43441 and other Apache vulnerabilities, urging users to update as soon as possible.
1 month ago
DatabricksCVE-2024-23945Open Source Security at Databricks
The Databricks Product Security team is deeply committed to ensuring the security and integrity of its products, which are built on top of and integrated with a variety of open source projects. Recognizing...
1 month ago
The Hacker NewsCVE-2024-52046Apache MINA CVE-2024-52046: CVSS 10.0 Flaw Enables RCE via Unsafe Serialization
Critical Apache MINA flaw CVE-2024-52046 with CVSS 10.0 enables RCE via serialization flaws. Patch required.
1 month ago
Cyber Security NewsCVE-2024-52046Apache MINA Vulnerability Let Attackers Execute Remote Code
A new critical vulnerability (CVE-2024-52046) has been discovered in Apache MINA, potentially allowing attackers to execute remote code.
1 month ago
Security AffairsCVE-2024-45387Apache fixed a critical SQL Injection in Apache Traffic Control
Apache Software Foundation (ASF) addressed a critical SQL Injection vulnerability, tracked as CVE-2024-45387, in Apache Traffic Control.
1 month ago
DevOps/SRE Blog Scanner and News Feed
Apache Traffic Control 8.0.2 fixes CVE-2024-45387, a critical 9.9 CVSS SQL injection flaw targeting privileged users.Ruijie cloud flaws risk 50,000 devices; Open Sesame bypasses MQTT. Patches issued...
1 month ago
TheCyberThroneCVE-2024-45387CVE-2024-45387 Critical Bug in Apache Traffic Control
CVE-2024-45387 represents a significant security concern within the Traffic Ops component of Apache Traffic Control, specifically impacting versions The heart of this vulnerability is an SQL injection flaw. Essentially, it allows a privileged user—such as those with roles like admin, federation, ope...
1 month ago
The Hacker NewsCVE-2024-45387Critical SQL Injection Vulnerability in Apache Traffic Control Rated 9.9 CVSS — Patch Now
Apache Traffic Control 8.0.2 fixes CVE-2024-45387, a critical 9.9 CVSS SQL injection flaw targeting privileged users.
1 month ago
Cyber Security NewsCVE-2024-45387Apache Traffic Control Vulnerability Let Attackers Inject Malicious SQL Commands
A critical SQL injection vulnerability, identified as CVE-2024-45387, has been discovered in Apache Traffic Control, a widely used open-source platform for managing large-scale content delivery networks (CDNs).
1 month ago
DataconomyCritical Tomcat flaw could expose your servers to attack
The Apache Software Foundation (ASF) has released a security update for its Tomcat server software, addressing a critical vulnerability identified as
1 month ago
Security AffairsCVE-2024-50379Apache Foundation fixed a severe Tomcat vulnerability
The Apache Software Foundation fixed a Tomcat server software flaw that could lead to remote code execution under certain conditions.
1 month ago
The Hacker NewsCVE-2024-56337Apache Tomcat Vulnerability CVE-2024-56337 Exposes Servers to RCE Attacks
Apache releases a security update for CVE-2024-56337, addressing RCE risks in Tomcat servers with critical configuration changes required for Java 8,
1 month ago
Apache fixes remote code execution bypass in Tomcat web server
Apache has released a security update that addresses an important vulnerability in Tomcat web server that could lead to an attacker achieving remote code execution.
1 month ago
SonatypeCVE-2024-53677CVE-2024-53677: A critical file upload vulnerability in Apache Struts2
Learn how to address CVE-2024-53677, a critical Apache Struts2 vulnerability. Discover mitigation steps to secure your software supply chain.
2 months ago
Orgs Scramble to Fix Actively Exploited Bug in Struts 2
A newly discovered vulnerability, CVE-2024-53677, in the aging Apache framework is going to cause major headaches for IT teams, since patching isn't enough to fix it.
2 months ago
Security AffairsCVE-2024-53677Threat actors are attempting to exploit Apache Struts vulnerability CVE-2024-53677
Researchers warn that threat actors are attempting to exploit a recently disclosed Apache Struts vulnerability CVE-2024-53677.
2 months ago
The Hacker NewsCVE-2024-53677Patch Alert: Critical Apache Struts Flaw Found, Exploitation Attempts Detected
CVE-2024-53677: Critical 9.5 CVSS Apache Struts flaw enables remote code execution; patch now in version 6.4.0.
2 months ago
Exploitation of Recent Critical Apache Struts 2 Flaw Begins
Malicious attacks exploiting a recently patched critical vulnerability in Apache Struts 2 leading to remote code execution (RCE).
2 months ago
The RegisterCVE-2024-53677Critical Apache Struts bug under active exploit
A critical security hole in Apache Struts 2 – patched last week – is currently being exploited using publicly available proof-of-concept (PoC) code. Struts is a Java-based web application framework widely...
2 months ago
Cyber Security NewsCVE-2024-53677Apache Struts RCE Vulnerability Actively Exploited in Wild Using Public PoC
A critical security vulnerability has been identified in Apache Struts, a popular open-source framework for building Java-based web applications actively using in attacks leveraging publish PoC that allows attackers to execute malicious files on the server.
2 months ago
New critical Apache Struts flaw exploited to find vulnerable servers
A recently patched critical Apache Struts 2 vulnerability tracked as CVE-2024-53677 is actively exploited using public proof-of-concept exploits to find vulnerable devices.
2 months ago
GBHackers NewsCVE-2024-53677Hackers Exploiting Apache Struts2 Vulnerability to upload Malicious Payloads
Hackers have begun exploiting a newly discovered vulnerability in Apache Struts2, a widely used open-source framework.
2 months ago
The RegisterCVE-2024-53677Apache issues patches for critical Struts 2 RCE bug
We now know the remote code execution vulnerability in Apache Struts 2 disclosed back in November carries a near-maximum severity rating following the publication of the CVE. According to the National...
2 months ago
TheCyberThroneCVE-2024-52338Apache Arrow affected by CVE-2024-52338 Code Execution Flaw
The Apache Arrow R package has been identified with a critical security vulnerability impacting versions 4.0.0 through 16.1.0, could allow attackers to execute arbitrary code on systems processing maliciously crafted data files. The flaw tracked as CVE-2024-52338 with a CVSS score of 9.8 stems from...
2 months ago
The Hacker NewsCVE-2024-47561Critical Apache Avro SDK Flaw Allows Remote Code Execution in Java Applications
Urgent patch advised for Apache Avro Java SDK flaw (CVE-2024-47561) that allows code execution.
4 months ago
These vulnerabilities in Apache HTTP Server enable HTTP Request Smuggling and SSL Authentication Bypass, posing severe threats to organizations worldwide
PoC exploit codes are available for both vulnerabilities
4 months ago
CybersecurityNewsCVE-2024-38286Apache Tomcat Vulnerability Lets Attackers Trigger Dos Attack
Apache Tomcat vulnerability, identified as CVE-2024-38286, has raised significant concerns among cybersecurity experts.
4 months ago
cyfirmaCVE-2024-40725 and CVE-2024-40898 Vulnerabilities in Apache’s HTTP Server : Vulnerability Analysis and Exploitation - CYFIRMA
Published On : 2024-09-11 EXECUTIVE SUMMARY CVE-2024-40725 and CVE-2024-40898 are vulnerabilities in Apache’s HTTP Server. CVE-2024-40725 affects the mod_proxy module, where enabling the ProxyPass...
5 months ago
Duo SecurityApache Fixes OFBiz Remote Code Execution Flaw
Apache has issued a fix in OFBiz (Open For Business) that addresses an unauthenticated remote code execution bug.
5 months ago
CSO OnlineApache OFBiz patches new critical remote code execution flaw
The vulnerability represents a bypass of fixes put in place this year for three critical RCE flaws that had the same root cause and have since been used in attacks.
5 months ago
The Cyber ExpressCVE-2024-45195Critical Apache OFBiz RCE Vulnerability Patched CVE-2024-45195
Apache OFBiz has released a critical patch for a RCE vulnerability. Users are urged to update their installations immediately.
5 months ago
The Hacker NewsCVE-2024-45195Apache OFBiz Update Fixes High-Severity Flaw Leading to Remote Code Execution
Apache OFBiz vulnerability CVE-2024-45195 patched, preventing unauthenticated remote code execution on Linux and Windows.
5 months ago
Apache Makes Another Attempt at Patching Exploited RCE in OFBiz
The latest Apache OFBiz update patches CVE-2024-45195, a bypass of a recently disclosed remote code execution bug exploited in attacks.
5 months ago
The Cyber ExpressCVE-2024-38856CISA Flags Apache OFBiz Vulnerability (CVE-2024-38856)
CISA flags CVE-2024-38856 in Apache OFBiz as critical. Upgrade to version 18.12.15 to avoid exploitation risks. CVE-2024-36104 also affects earlier versions.
5 months ago
eSecurity PlanetCVE-2024-38856Vulnerability Recap 8/13/24: Windows, OpenSSH, Apache
It’s been a startling week in vulnerability news, mainly due to a few older vulnerabilities coming to light. While it doesn’t look like they’ve been
6 months ago
eSecurity PlanetCVE-2024-38856Vulnerability Recap 8/12/24: Windows, OpenSSH, Apache
It’s been a startling week in vulnerability news, mainly due to a few older vulnerabilities coming to light. While it doesn’t look like they’ve been
6 months ago
TomitribeCVE-2024-21733CVE-2024-21733 - Tomitribe
Severity3.1 Description Generation of Error Message Containing Sensitive Information vulnerability in Apache Tomcat.This issue affects Apache Tomcat: from 8.5.7 through 8.5.63, from 9.0.0-M11...
6 months ago
CISA warns about actively exploited Apache OFBiz RCE flaw
The U.S. Cybersecurity & Infrastructure Security Agency is warning of two vulnerabilities exploited in attacks, including a path traversal impacting Apache OFBiz.
6 months ago
【威胁预警】IntelBroker 正在出售 NPM 和 GitHub 访问权限,以访问一种知名的编程语言,包括私有存储库
欢迎光临! 登录 DNSlog CN-SEC中文网·在线工具 设备默认密码查询 在线工具集合 娱乐一下 友情链接 CN-SEC 中文网 聚合网络安全,存储安全技术文章,融合安全最新讯息 登录 首页 安全新闻 云安全 安全博客 安全漏洞 安全文章 逆向工程 安全开发 安全工具 安全闲碎 搜索热点...
6 months ago
RCE possible with critical Apache OFBiz zero-day
Such a security issue — which is a patch bypass for the already addressed path traversal flaw, tracked as CVE-2024-36104 — stems from an authentication mechanism vulnerability enabling unauthenticated access to critical endpoints.
6 months ago
IT ProCVE-2024-38856A new critical vulnerability in Apache OFBiz has been uncovered – here's what you need to know
SonicWall has found another major flaw in the Apache OFBiz enterprise resource planning software, marking the latest in a slew of vulnerabilities over the last year
6 months ago
Apache OFBiz RCE Vulnerability Discovered, Patch Now – Gridinsoft Blog
Cybersecurity researchers have discovered a critical zero-day vulnerability CVE-2024-38856 with CVSS score of 9.8 in Apache OFBiz.
6 months ago