Apache Archives - Page 3 of 4

Apache patches Tomcat HTTP/2 DoS vulnerability (CVE-2020-11996)

Security Updates & Patches, Vulnerabilities & Exploits / Frank Crast / June 29, 2020 / Apache, CVE-2020-11996, CVE-2020-1938, DOS, HTTP/2, Tomcat

The Apache Software Foundation has patched a Tomcat HTTP/2 DoS vulnerability (CVE-2020-11996). A cyber attacker could exploit this vulnerability to cause a denial-of-service (DoS) condition.

Apache patches Tomcat HTTP/2 DoS vulnerability (CVE-2020-11996) Read More »

Patch these 10 most commonly exploited vulnerabilities

Cybersecurity Articles, Cybersecurity Attacks, Security Updates & Patches, Vulnerabilities & Exploits / Frank Crast / May 20, 2020 / Apache, Citrix, CVE-2012-0158, CVE-2015-1641, CVE-2017-0143, CVE-2017-0199, CVE-2017-11882, CVE-2017-5638, CVE-2017-8759, CVE-2018-4878, CVE-2018-7600, CVE-2019-0604, CVE-2019-11510, CVE-2019-19781, Drupalgeddon2, Flash, Gafgyt, JexBoss, Kitty, LinkedIn, LokiBot, Mirai, Pulse Secure, ROKRAT, SMBGhost, Struts, Zyklon

U.S. government cybersecurity experts are providing guidance on the “top 10” most commonly exploited vulnerabilites. The alert helps highlight the importance of patching and prioritizing vulnerabilities with known exploits.

Patch these 10 most commonly exploited vulnerabilities Read More »

Ghostcat: Critical Tomcat vulnerability (CVE-2020-1938)

Security Updates & Patches, Vulnerabilities & Exploits / Frank Crast / February 28, 2020 / AJP, Apache, CVE-2020-1938, Ghostcat, Tomcat, webapp

Security researchers have discovered a serious vulnerability CVE-2020-1938 in Apache Tomcat. A bad actor could read or include any files in Tomcat webapp directories.

Ghostcat: Critical Tomcat vulnerability (CVE-2020-1938) Read More »

The top 20 vulnerabilities to patch now (that are most under attack)

Cybersecurity Articles, Cybersecurity Attacks, Vulnerabilities & Exploits, Zero-days / Frank Crast / December 26, 2019 / Apache, BlueKeep, CVE-2012-0158, CVE-2014-8361, CVE-2017-0143, CVE-2017-0199, CVE-2017-10271, CVE-2017-11882, CVE-2017-17215, CVE-2017-5638, CVE-2017-5715, CVE-2017-8570, CVE-2017-8759, CVE-2018-0802, CVE-2018-10561, CVE-2018-12130, CVE-2018-20250, CVE-2018-4878, CVE-2018-7600, CVE-2018-8174, CVE-2019-0708, CVE-2019-2725, IOT, Loki, MDS, Meltdown, Nanocore, Spectre, Struts, Verint, Vulnerabilities, WebLogic, WinRAR, Zyklon

Security firm Verint analyzed the top 20 vulnerabilities to patch now that are under active attack and exploited by cyber attack groups worldwide. The report is aimed at assisting security teams in prioritizing and enhancing their organization’s patch management efforts.

The top 20 vulnerabilities to patch now (that are most under attack) Read More »

Apache Solr Remote Code Execution vulnerability exploit code published

Configuration Management, Uncategorized, Vulnerabilities & Exploits / Frank Crast / November 25, 2019 / Apache, Solr

A security researcher has published proof of concept (PoC) for exploit code of an Apache Solr remote code execution vulnerability CVE-2019-12409.

Apache Solr Remote Code Execution vulnerability exploit code published Read More »

Apache patches Tomcat HTTP/2 DoS vulnerability (CVE-2019-10072)

Security Updates & Patches, Vulnerabilities & Exploits / Frank Crast / June 21, 2019 / Apache, CVE-2019-10072, DOS, Tomcat

The Apache Software Foundation has released new Apache Tomcat security updates to address an HTTP/2 Denial of Service (DoS) vulnerability.

Apache patches Tomcat HTTP/2 DoS vulnerability (CVE-2019-10072) Read More »

Apache patches Tomcat RCE vulnerability

Application Security, Security Updates & Patches, Vulnerabilities & Exploits / Frank Crast / April 15, 2019 / Apache, CVE-2019-0232, Tomcat

The Apache Software Foundation has released new Apache Tomcat versions and mitigations to address a remote code execution (RCE) vulnerability.

Apache patches Tomcat RCE vulnerability Read More »

Apache Web Server “Carpe Diem” vulnerability update

Security Updates & Patches, Vulnerabilities & Exploits / Frank Crast / April 4, 2019 / Apache, Carpe Diem, CVE-2019-0211, HTTP Server

The Apache Foundation has patched a high severity privilege escalation vulnerability in Apache HTTP Server 2.4 (releases 2.4.17 to 2.4.38). Web servers should be patched as soon as possible since the bug could allow attackers a way to gain “root” or full admin access to server.

Apache Web Server “Carpe Diem” vulnerability update Read More »

Severe vulnerability found in LibreOffice and Apache OpenOffice

Security Updates & Patches, Vulnerabilities & Exploits / Frank Crast / February 5, 2019 / Apache, LibreOffice, OpenOffice, Red Hat

A security researcher has disclosed a severe remote code execution bug in open source software versions of LibreOffice and Apache OpenOffice. One of the two have been patched, the other still vulnerable.

Severe vulnerability found in LibreOffice and Apache OpenOffice Read More »

Cisco patches critical vulnerabilities

Network Security, Security Updates & Patches, Vulnerabilities & Exploits / Frank Crast / November 8, 2018 / Apache, Cisco, CVE-2016-1000031, CVE-2018-15381, CVE-2018-15394, CVE-2018-15439, Stealthwatch, Struts

Cisco released four critical security advisories on Wednesday for multiple Cisco products.

Cisco patches critical vulnerabilities Read More »