Apache – Page 2 – Cyber Security Review

Threat Actors Exploit Misconfigured Apache Hadoop YARN

Posted onJuly 27, 2021August 4, 2021

The misconfiguration and resulting exposure of cloud services is one of the most prevalent risks in the Linux threat landscape. We previously analyzed incidents related to this security concern, such as an exposed Docker API being abused by threat actors Read More …

Busting Ghostcat: An Analysis of the Apache Tomcat Vulnerability (CVE-2020-1938 and CNVD-2020-10487)

Posted onMarch 11, 2020March 23, 2020

Discussions surrounding the Ghostcat vulnerability (CVE-2020-1938 and CNVD-2020-10487) found in Apache Tomcat puts it in the spotlight as researchers looked into its security impact, specifically its potential use for remote code execution (RCE). Apache Tomcat is a popular open-source Java servlet container, so Read More …

Exploit code published for dangerous Apache Solr remote code execution flaw

Posted onNovember 25, 2019November 25, 2019

Confusion still surrounds a security bug that the Apache Solr team patched over the summer, which turns out it’s actually much more dangerous than anyone thought. Apache Solr is a Java-based open-source search engine, initially developed to add search functionality Read More …

jQuery File Upload Plugin Vulnerable for 8 Years and Only Hackers Knew

Posted onOctober 19, 2018October 22, 2018

Of the thousands of plugins for the jQuery framework, one of the most popular of them harbored for at least three years an oversight in code that eluded the security community, despite public availability of tutorials that explained how it could Read More …

RSA coughs to critical-rated bug in its authentication SDK

Posted onDecember 3, 2017December 5, 2017

RSA developers and admins have been given two critical-level authentication bugs to patch. For the sysadmin, the issue struck RSA’s software providing Web-based authentication for Apache. CVE-2017-14377 is an authentication bypass that existed because of an “input validation flaw in RSA Authentication Read More …

Apache Tomcat Patches Important Remote Code Execution Flaw

Posted onOctober 5, 2017

The Apache Tomcat team has recently patched several security vulnerabilities in Apache Tomcat, one of which could allow an unauthorised attacker to execute malicious code on affected servers remotely. Apache Tomcat, developed by the Apache Software Foundation (ASF), is an Read More …

Equifax Suffered Data Breach After It Failed to Patch Old Apache Struts Flaw

Posted onSeptember 13, 2017September 18, 2017

The massive Equifax data breach that exposed highly sensitive data of as many as 143 million people was caused by exploiting a flaw in Apache Struts framework, which Apache patched over two months earlier of the security incident, Equifax has confirmed. Credit rating agency Read More …

Critical Flaw in Apache Struts2 Lets Hackers Take Over Web Servers

Posted onSeptember 5, 2017July 14, 2018

Security researchers have discovered a critical remote code execution vulnerability in the popular Apache Struts web application framework, allowing a remote attacker to run malicious code on the affected servers. Apache Struts is a free, open-source, Model-View-Controller (MVC) framework for developing web Read More …