Apache Archives - Securezoo

Threat hunters discover Aquatic Panda Log4Shell exploit attempts

Cybersecurity Attacks, Vulnerabilities & Exploits / By Frank Crast / January 2, 2022 January 2, 2022

Threat hunters from CrowdStrike have discovered Aquatic Panda cyber gang using Log4Shell exploit tools in recent intrusion attempts against a customer.

Tags: Apache, APT, Aquatic Panda, CVE-2021-44228, Log4j, log4Shell

Apache releases security update for another Log4j RCE vulnerability (CVE-2021-44832)

Security Updates & Patches, Vulnerabilities & Exploits / By Frank Crast / December 30, 2021 December 30, 2021

The Apache Software Foundation has released a new security update to address another Log4j vulnerability (CVE-2021-44832) where Log4j2 is vulnerable to remote code execution (RCE) via JDBC Appender when an attacker controls a configuration file.

Tags: Apache, CVE-2021-44832, Log4j, RCE

Apache patches 2 vulnerabilities in HTTP Server 2.4.51

Security Updates & Patches, Vulnerabilities & Exploits / By Frank Crast / December 27, 2021 December 27, 2021

The Apache HTTP Server Project has patched two vulnerabilities in Apache HTTP Server 2.4.51, one of those rated High severity.

Tags: Apache, HTTP Server, HTTPD, ProxyRequests

Apache releases new Log4k security update to fix another RCE vulnerability (CVE-2021-45046)

Security Updates & Patches, Vulnerabilities & Exploits / By Frank Crast / December 20, 2021 December 30, 2021

As affected organizations and vendors continue to identify products affected by Log4Shell remote code execution (RCE) Log4j vulnerability, Apache has released additional Log4j security updates to fix another RCE vulnerability (CVE-2021-45046).

Tags: Apache, CVE_2021-44228, CVE-2021-45046, Log4j, log4Shell

Palo Alto Networks offers proactive protections against Apache Log4j vulnerability with Threat Prevention

Security Updates & Patches, Vulnerabilities & Exploits / By Frank Crast / December 17, 2021 December 22, 2021

As organizations continue to discover and patch the severe Apache Log4j vulnerability on their networks, Palo Alto Networks is recommending their customers leverage their next generation firewalls with Threat Prevention service, along with Cortex XDR and Prisma Cloud to help mitigate the threat.

Tags: Apache, Cortex XDR, Log4j, log4Shell, Palo Alto Networks, Prisma Cloud

Google adds OSS-Fuzz open source fuzzer capability to discover Log4Shell vulnerability

Cybersecurity Attacks, Security Updates & Patches, Vulnerabilities & Exploits / By Frank Crast / December 17, 2021 December 17, 2021

As the catastrophic Log4j vulnerability continues to cause havoc on the internet and organizations, Google in collaboration with security firm Code Intelligence has released an update to open source fuzzer (OSS-Fuzz) that can detect the Log4Shell vulnerability.

Tags: Apache, fuzzer, Log4j, log4Shell, Open Source, OSS-Fuzz

Researchers discover Critical RCE 0-day “Log4Shell” vulnerability (CVE-2021-44228) in Apache Log4j logging utility (update)

Application Security, Security Updates & Patches, System Hardening, Third-Party Security, Vulnerabilities & Exploits / By Frank Crast / December 15, 2021 December 30, 2021

Researchers have discovered a Critical 0-day vulnerability (CVE-2021-44228) in Apache Log4j logging utility that can result in remote code execution (RCE). In addition, CISA and Microsoft also issue new guidance for log4j vulnerability remediation.

Tags: Apache, CVE-2021-44228, GitHub, LDAP, Log4j, log4Shell

Apache patches Tomcat DoS vulnerability (CVE-2021-42340)

Security Updates & Patches, Vulnerabilities & Exploits / By Frank Crast / October 18, 2021 October 18, 2021

The Apache Software Foundation has patched an Apache Tomcat Denial of Service (DoS) vulnerability CVE-2021-42340 that may lead to a memory leak and over time a denial of service via an OutOfMemoryError.

Tags: Apache, CVE-2021-42340, DOS, Tomcat