As organizations continue to discover and patch the severe Apache Log4j vulnerability on their networks, Palo Alto Networks is recommending their customers leverage their next generation firewalls with Threat Prevention service, along with Cortex XDR and Prisma Cloud to help mitigate the threat.
As the catastrophic Log4j vulnerability continues to cause havoc on the internet and organizations, Google in collaboration with security firm Code Intelligence has released an update to open source fuzzer (OSS-Fuzz) that can detect the Log4Shell vulnerability.
Google adds OSS-Fuzz open source fuzzer capability to discover Log4Shell vulnerability Read More »
Researchers have discovered a Critical 0-day vulnerability (CVE-2021-44228) in Apache Log4j logging utility that can result in remote code execution (RCE). In addition, CISA and Microsoft also issue new guidance for log4j vulnerability remediation.
The Apache Software Foundation has patched an Apache Tomcat Denial of Service (DoS) vulnerability CVE-2021-42340 that may lead to a memory leak and over time a denial of service via an OutOfMemoryError.
Apache patches Tomcat DoS vulnerability (CVE-2021-42340) Read More »
The Apache HTTP Server Foundation has patched a path traversal and file disclosure vulnerability (CVE-2021-41773) in Apache HTTP Server 2.4.49.
Apache HTTP Server Project patches vulnerability (CVE-2021-41773) exploited in the wild Read More »
The Apache Software Foundation has patched a Tomcat vulnerability CVE-2021-24122 that may lead to information disclosure.
Apache patches Tomcat vulnerability (CVE-2021-24122) Read More »
The Apache Software Foundation has patched a Struts 2 vulnerability CVE-2020-17530 that may lead to remote code execution.
Apache patches Struts 2 RCE vulnerability (CVE-2020-17530) Read More »
The Apache Software Foundation has patched a Tomcat HTTP/2 Request header mix-up vulnerability CVE-2020-17527.
Apache patches Tomcat HTTP/2 Request header mix-up vulnerability (CVE-2020-17527) Read More »
The Apache Software Foundation has patched a Tomcat HTTP/2 Request mix-up vulnerability CVE-2020-13943. A cyber attacker could exploit this vulnerability to steal sensitive information.
Apache patches Tomcat HTTP/2 Request mix-up vulnerability (CVE-2020-13943) Read More »
The Apache Software Foundation has patched two vulnerabilities in Apache Struts 2 that could result in remote code execution (RCE) or Denial of Service (DoS). An attacker could exploit one of these vulnerabilities to take control of impacted systems. According to Apache, the two vulnerabilities affect Struts versions 2.0.0 – 2.5.20 and are described in
Apache patches two Struts 2 vulnerabilities Read More »
