Security
Headlines
HeadlinesLatestCVEs

Headline

Log4Shell legacy? Patching times plummet for most critical vulnerabilities – report

Trustwave report also finds 2022 is set to surpass 2021 for volume of critical CVEs

PortSwigger
#sql#xss#vulnerability#linux#apache#nodejs#js#java#rce#log4j#ssh#zero_day

Trustwave report also finds 2022 is set to surpass 2021 for volume of critical CVEs

The rush to patch systems affected by the landmark Log4Shell vulnerability has coincided with a wider improvement in patching rates for the most critical flaws, a report has found.

The remote code execution (RCE) flaw in Apache Log4j (CVE-2021-44228), the near-ubiquitous open source Java logging utility, sent organizations across the ecosystem scrambling to fix applications or patch systems after it emerged in December 2021.

Eight months on, the 2022 Trustwave SpiderLabs Telemetry Report has concluded that organizations “finally understand the necessity of having a solid security posture”.

RECOMMENDED Graph-based JavaScript bug scanner discovers more than 100 zero-days in Node.js libraries

Shodan searches performed by Trustwave SpiderLabs researchers revealed a sharp fall in the proportion of affected instances vulnerable to 2022’s highest profile vulnerabilities versus 2021’s equivalent flaws.

“Vulnerability disclosure-to-patch times have decreased,” Alex Rothacker, director of research and security scanning at Trustwave, told The Daily Swig.

Celebrity factor

He also noticed that security flaws’ “level of celebrity” was tied to both patching rates and patching speeds, with Log4j and Spring Framework instances outscoring what Rothacker said are lower profile issues in F5’s BIG-IP and Atlassian’s Confluence on these fronts.

For instance, only 0.36% of 405,993 instances of the most popular products running Log4j were vulnerable to the first Log4Shell patch (as opposed to the subsequent bypass) six months after exploits surfaced.

Equivalent numbers were 0.075% of 452,520 instances running unpatched versions of Spring Framework, another popular open source Java component, in regard to ‘Spring4Shell’ (CVE-2022-22965) three months after its disclosure.

Instances vulnerable to RCEs in F5’s BIG-IP (CVE-2022-1388) and Atlassian Confluence Server and Data Center (CVE-2022-26134) were 2.73% of 1,719 after disclosure and 4.44% of 7,074 hosts respectively – although disclosure was much more recent in these cases.

Catch up on the latest Log4j vulnerability news

By contrast, Trustwave’s 2021 report found that more than 50% of instances were vulnerable in relation to each of three similarly impactful vulnerabilities, weeks or months after patch release.

“Log4Shell seems to have been a call to action for many organizations,” said Rothacker. “The volume of questions and requests for remediation help that we received from customers for Log4Shell was unprecedented.”

Critical mass

This year is on course to comfortable eclipse 2021 in terms of both number of CVEs published and the proportion of which that are critical, the report found.

For instance, Rothacker said that August has already surpassed all previous months in 2022 and 2021, with 3,779 CVEs published as of August 26, while July and June also saw high numbers of 2,226 and 2,377 respectively.

Critical vulnerabilities account for 18% of 2022 CVEs, up from 13% of CVEs in 2021.

The report also discovered that some affected instances were still vulnerable to CVEs dating back as far as 2016, with the most widespread bug being CVE-2017-15906, an issue in encrypted remote login tool OpenSSH.

Despite being distributed in most Linux distributions by default, the bug’s medium severity means “it is most likely that many organizations do not see it as a significant issue and are de-prioritizing fixing it” said Rothacker.

“Other listed vulnerabilities either are for less commonly deployed software e.g CVE-2018-15199, or do have other mitigations, or constraints e.g CVE-2018-1312, that make it less likely that they will be exploited,” he added.

The top three CWE classifications for 2022 are cross-site scripting (XSS), SQL injection, and out-of-bounds write bugs.

RELATED CWE Top 25: These are the most dangerous software weaknesses of 2022

Related news

Understanding the Red Hat security impact scale

Red Hat uses a four-point impact scale to classify security issues affecting our products. Have you ever asked yourself what it takes and what the requirements are for each point of the scale? We will talk through the highlights of our process in this article.Is this a CVE?First and foremost, what is a CVE? Short for Common Vulnerabilities and Exposures, it is a list of publicly disclosed computer security flaws. Learn more in this Red Hat post.To receive a severity rating, the issue needs to be a CVE. But what does it take to be a CVE? In order to warrant a CVE ID, a vulnerability has to comp

2022's most routinely exploited vulnerabilities—history repeats

Categories: Exploits and vulnerabilities Categories: News Tags: Zoho ManageEngine Tags: CVE-2021-40539 Tags: Log4Shell Tags: CVE-2021-44228 Tags: CVE-2021-13379 Tags: ProxyShell Tags: CVE-2021-34473 Tags: CVE-2021-31207 Tags: CVE-2021-34523 Tags: CVE-2021-26084 Tags: Atlassian Tags: CVE-2022-22954 Tags: CVE-2022-22960 Tags: CVE-2022-26134 Tags: CVE-2022-1388 Tags: CVE-2022-30190 Tags: Follina What can the routinely exploited vulnerabilities of 2022 tell us, and what do we think will make it on to next year's list? (Read more...) The post 2022's most routinely exploited vulnerabilities—history repeats appeared first on Malwarebytes Labs.

CVE-2023-28069: DSA-2022-258: Dell Streaming Data Platform Security Update for Multiple Third-Party Component Vulnerabilities

Dell Streaming Data Platform prior to 1.4 contains Open Redirect vulnerability. An attacker with privileges same as a legitimate user can phish the legitimate the user to redirect to malicious website leading to information disclosure and launch of phishing attacks.

CVE-2022-36975

This vulnerability allows remote attackers to bypass authentication on affected installations of Ivanti Avalanche 6.3.2.3490. The specific flaw exists within the ProfileDaoImpl class. A crafted request can trigger execution of SQL queries composed from a user-supplied string. An attacker can leverage this vulnerability to bypass authentication on the system. Was ZDI-CAN-15332.

CVE-2022-45589: Talend Security

SQL Injection vulnerability in Talend ESB Runtime 7.3.1-R2022-09-RT thru 8.0.1-R2022-10-RT when using the provisioning service.

CVE-2023-21850: Oracle Critical Patch Update Advisory - January 2023

Vulnerability in the Oracle Demantra Demand Management product of Oracle Supply Chain (component: E-Business Collections). Supported versions that are affected are 12.1 and 12.2. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Demantra Demand Management. Successful attacks of this vulnerability can result in unauthorized creation, deletion or modification access to critical data or all Oracle Demantra Demand Management accessible data. CVSS 3.1 Base Score 7.5 (Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N).

4 over-hyped security vulnerabilities of 2022

Categories: Exploits and vulnerabilities Categories: News Tags: wormable Tags: zero-day Tags: spring4shell Tags: cve-2022-34718 Tags: log4j Tags: openssl Tags: cve-2022-36934 Tags: cve-2022-27492 Tags: cve-2022-22965 Tags: cve-2022-22963 What does it take to make the discussion of vulnerabilities useful? And where did this go wrong in 2022? (Read more...) The post 4 over-hyped security vulnerabilities of 2022 appeared first on Malwarebytes Labs.

CVE-2022-38765: Canon Medical Software Security Updates

Canon Medical Informatics Vitrea Vision 7.7.76.1 does not adequately enforce access controls. An authenticated user is able to gain unauthorized access to imaging records by tampering with the vitrea-view/studies/search patientId parameter.

CVE-2022-43484: CVE-2022-43484について

TERASOLUNA Global Framework 1.0.0 (Public review version) and TERASOLUNA Server Framework for Java (Rich) 2.0.0.2 to 2.0.5.1 are vulnerable to a ClassLoader manipulation vulnerability due to using the old version of Spring Framework which contains the vulnerability.The vulnerability is caused by an improper input validation issue in the binding mechanism of Spring MVC. By the application processing a specially crafted file, arbitrary code may be executed with the privileges of the application.

One Year After Log4Shell, Most Firms Are Still Exposed to Attack

Though there have been fewer than expected publicly reported attacks involving the vulnerability, nearly three-quarters of organizations remain exposed to it.

Exploit Attempts Underway for Apache Commons Text4Shell Vulnerability

The good news: The Apache Commons Text library bug is far less likely to lead to exploitation than last year's Log4j library flaw.

CVE-2022-21587: Oracle Critical Patch Update Advisory - October 2022

Vulnerability in the Oracle Web Applications Desktop Integrator product of Oracle E-Business Suite (component: Upload). Supported versions that are affected are 12.2.3-12.2.11. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Web Applications Desktop Integrator. Successful attacks of this vulnerability can result in takeover of Oracle Web Applications Desktop Integrator. CVSS 3.1 Base Score 9.8 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H).

CVE-2022-34917: Apache Kafka

A security vulnerability has been identified in Apache Kafka. It affects all releases since 2.8.0. The vulnerability allows malicious unauthenticated clients to allocate large amounts of memory on brokers. This can lead to brokers hitting OutOfMemoryException and causing denial of service. Example scenarios: - Kafka cluster without authentication: Any clients able to establish a network connection to a broker can trigger the issue. - Kafka cluster with SASL authentication: Any clients able to establish a network connection to a broker, without the need for valid SASL credentials, can trigger the issue. - Kafka cluster with TLS authentication: Only clients able to successfully authenticate via TLS can trigger the issue. We advise the users to upgrade the Kafka installations to one of the 3.2.3, 3.1.2, 3.0.2, 2.8.2 versions.

CVE-2022-34102: Crestron Electronics, Inc.

Insufficient access control vulnerability was discovered in the Crestron AirMedia Windows Application, version 4.3.1.39, in which a user can pause the uninstallation of an executable to gain a SYSTEM level command prompt.

Vulnerability Exploits, Not Phishing, Are the Top Cyberattack Vector for Initial Compromise

A slew of Microsoft Exchange vulnerabilities (including ProxyLogon) fueled a surge in attacks targeting software flaws in 2021, but the trend has continued this year.

CVE-2022-32427: Security Bulletin | Printerlogic

PrinterLogic Windows Client through 25.0.0.676 allows attackers to execute directory traversal. Authenticated users with prior knowledge of the driver filename could exploit this to escalate privileges or distribute malicious content.

CVE-2020-21642: ManageEngine Analytics Plus | Release Notes

Directory Traversal vulnerability ZDBQAREFSUBDIR parameter in /zropusermgmt API in Zoho ManageEngine Analytics Plus before 4350 allows remote attackers to run arbitrary code.

Hackers Exploited Atlassian Confluence Bug to Deploy Ljl Backdoor for Espionage

A threat actor is said to have "highly likely" exploited a security flaw in an outdated Atlassian Confluence server to deploy a never-before-seen backdoor against an unnamed organization in the research and technical services sector. The attack, which transpired over a seven-day-period during the end of May, has been attributed to a threat activity cluster tracked by cybersecurity firm Deepwatch

Apple Just Patched 37 iPhone Security Bugs

Plus: A Google Chrome patch licks the DevilsTongue spyware, Android’s kernel gets a tune-up, and Microsoft fixes 84 flaws.

Open-Xchange App Suite 7.10.x Cross Site Scripting / Command Injection

Open-Xchange App Suite versions 7.10.6 and below suffer from OS command injection and cross site scripting vulnerabilities. One particular cross site scripting issue only affects versions 7.10.5 and below.

This Cloud Botnet Has Hijacked 30,000 Systems to Mine Cryptocurrencies

The 8220 cryptomining group has expanded in size to encompass as many as 30,000 infected hosts, up from 2,000 hosts globally in mid-2021. "8220 Gang is one of the many low-skill crimeware gangs we continually observe infecting cloud hosts and operating a botnet and cryptocurrency miners through known vulnerabilities and remote access brute forcing infection vectors," Tom Hegel of SentinelOne

CVE-2022-21586: Oracle Critical Patch Update Advisory - July 2022

Vulnerability in the Oracle Banking Trade Finance product of Oracle Financial Services Applications (component: Infrastructure). The supported version that is affected is 14.5. Difficult to exploit vulnerability allows low privileged attacker with network access via HTTP to compromise Oracle Banking Trade Finance. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized creation, deletion or modification access to critical data or all Oracle Banking Trade Finance accessible data as well as unauthorized access to critical data or complete access to all Oracle Banking Trade Finance accessible data. CVSS 3.1 Base Score 6.4 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:N).

DHS Review Board Deems Log4j an 'Endemic' Cyber Threat

Vulnerability will remain a "significant" threat for years to come and highlighted the need for more public and private sector support for open source software ecosystem, Cyber Safety Review Board says.

ICYMI: A Microsoft Warning, Follina, Atlassian, and More

Dark Reading's digest of the other don't-miss stories of the week, including YouTube account takeovers and a sad commentary on cyber-pro hopelessness.

Microsoft Warns of Cryptomining Malware Campaign Targeting Linux Servers

A cloud threat actor group tracked as 8220 has updated its malware toolset to breach Linux servers with the goal of installing crypto miners as part of a long-running campaign. "The updates include the deployment of new versions of a crypto miner and an IRC bot," Microsoft Security Intelligence said in a series of tweets on Thursday. "The group has actively updated its techniques and payloads

Log4Shell Still Being Exploited to Hack VMWare Servers to Exfiltrate Sensitive Data

The U.S. Cybersecurity and Infrastructure Security Agency (CISA), along with the Coast Guard Cyber Command (CGCYBER), on Thursday released a joint advisory warning of continued attempts on the part of threat actors to exploit the Log4Shell flaw in VMware Horizon servers to breach target networks. "Since December 2021, multiple threat actor groups have exploited Log4Shell on unpatched,

CVE-2022-32535: Multiple Vulnerabilities PRA-ES8P2S Ethernet-Switch

The Bosch Ethernet switch PRA-ES8P2S with software version 1.01.05 runs its web server with root privilege. In combination with CVE-2022-23534 this could give an attacker root access to the switch.

CVE-2022-32552: Security Advisory for security-bundle-2022-04-04

Pure Storage FlashArray products running Purity//FA 6.2.0 - 6.2.3, 6.1.0 - 6.1.12, 6.0.0 - 6.0.8, 5.3.0 - 5.3.17, 5.2.x and prior Purity//FA releases, and Pure Storage FlashBlade products running Purity//FB 3.3.0, 3.2.0 - 3.2.4, 3.1.0 - 3.1.12, 3.0.x and prior Purity//FB releases are vulnerable to a privilege escalation via the manipulation of Python environment variables which can be exploited by a logged-in user to escape a restricted shell to an unrestricted shell with root privileges. No other Pure Storage products or services are affected. Remediation is available from Pure Storage via a self-serve “opt-in” patch, manual patch application or a software upgrade to an unaffected version of Purity software.

Avos ransomware group expands with new attack arsenal

By Flavio Costa, Chris Neal and Guilherme Venere. In a recent customer engagement, we observed a month-long AvosLocker campaign. The attackers utilized several different tools, including Cobalt Strike, Sliver and multiple commercial network scanners. The initial ingress point in this incident was... [[ This is only the beginning! Please visit the blog for the complete entry ]]

Atlassian Confluence Flaw Being Used to Deploy Ransomware and Crypto Miners

A recently patched critical security flaw in Atlassian Confluence Server and Data Center products is being actively weaponized in real-world attacks to drop cryptocurrency miners and ransomware payloads. In at least two of the Windows-related incidents observed by cybersecurity vendor Sophos, adversaries exploited the vulnerability to deliver Cerber ransomware and a crypto miner called z0miner

CVE-2022-33915: ALAS-2022-1601

Versions of the Amazon AWS Apache Log4j hotpatch package before log4j-cve-2021-44228-hotpatch-1.3.5 are affected by a race condition that could lead to a local privilege escalation. This Hotpatch package is not a replacement for updating to a log4j version that mitigates CVE-2021-44228 or CVE-2021-45046; it provides a temporary mitigation to CVE-2021-44228 by hotpatching the local Java virtual machines. To do so, it iterates through all running Java processes, performs several checks, and executes the Java virtual machine with the same permissions and capabilities as the running process to load the hotpatch. A local user could cause the hotpatch script to execute a binary with elevated privileges by running a custom java process that performs exec() of an SUID binary after the hotpatch has observed the process path and before it has observed its effective user ID.

Chinese Hackers Exploited Sophos Firewall Zero-Day Flaw to Target South Asian Entity

A sophisticated Chinese advanced persistent threat (APT) actor exploited a critical security vulnerability in Sophos' firewall product that came to light earlier this year to infiltrate an unnamed South Asian target as part of a highly-targeted attack. "The attacker implement[ed] an interesting web shell backdoor, create[d] a secondary form of persistence, and ultimately launch[ed] attacks

DragonForce Gang Unleash Hacks Against Govt. of India

In response to a comment about the Prophet Mohammed, a hacktivist group in Malaysia has unleashed a wave of cyber attacks in India.

“Multiple adversaries” exploiting Confluence vulnerability, warns Microsoft

Microsoft has warned of APT groups and ransomware authors exploiting the now patched Confluence vulnerability. We take a look at the dangers. The post “Multiple adversaries” exploiting Confluence vulnerability, warns Microsoft appeared first on Malwarebytes Labs.

Atlassian Confluence Namespace OGNL Injection

This Metasploit module exploits an OGNL injection in Atlassian Confluence servers. A specially crafted URI can be used to evaluate an OGNL expression resulting in OS command execution.

Unpatched Atlassian Confluence vulnerability is actively exploited

A vulnerability in Atlassian Confluence was found by performing an incident response investigation on a compromised server. The vulnerability is not yet patched. The post Unpatched Atlassian Confluence vulnerability is actively exploited appeared first on Malwarebytes Labs.

Hackers Exploiting Unpatched Critical Atlassian Confluence Zero-Day Vulnerability

Atlassian has warned of a critical unpatched remote code execution vulnerability impacting Confluence Server and Data Center products that it said is being actively exploited in the wild. The Australian software company credited cybersecurity firm Volexity for identifying the flaw, which is being tracked as CVE-2022-26134. "Atlassian has been made aware of current active exploitation of a

Red Hat Security Advisory 2022-4880-01

Red Hat Security Advisory 2022-4880-01 - Updated images are now available for Red Hat Advanced Cluster Security for Kubernetes (RHACS). The updated image includes bug fixes and feature improvements. Issues addressed include a bypass vulnerability.

RHSA-2022:4880: Red Hat Security Advisory: ACS 3.70 enhancement and security update

Updated images are now available for Red Hat Advanced Cluster Security for Kubernetes (RHACS). The updated image includes bug fixes and feature improvements. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2021-23820: json-pointer: type confusion vulnerability can lead to a bypass of CVE-2020-7709 when the pointer components are arrays * CVE-2021-41190: opencontainers: OCI manifest and index parsing confusion

CVE-2022-28874: Security advisories

Multiple Denial-of-Service vulnerabilities was discovered in the F-Secure Atlant and in certain WithSecure products while scanning fuzzed PE32-bit files cause memory corruption and heap buffer overflow which eventually can crash the scanning engine. The exploit can be triggered remotely by an attacker.

Threat Source newsletter (May 19, 2022) — Why I'm missing the days of iPods and LimeWire

By Jon Munshaw.  Welcome to this week’s edition of the Threat Source newsletter.  I will openly admit that I still own a “classic” iPod — the giant brick that weighed down my skinny jeans in high school and did nothing except play music. There are dozens of hours of music on there that I... [[ This is only the beginning! Please visit the blog for the complete entry ]]

VMware Releases Patches for New Vulnerabilities Affecting Multiple Products

VMware has issued patches to contain two security flaws impacting Workspace ONE Access, Identity Manager, and vRealize Automation that could be exploited to backdoor enterprise networks. The first of the two flaws, tracked as CVE-2022-22972 (CVSS score: 9.8), concerns an authentication bypass that could enable an actor with network access to the UI to gain administrative access without prior

CISA: Unpatched F5 BIG-IP Devices Under Active Attack

Publicly released proof-of-concept exploits are supercharging attacks against unpatched systems, CISA warns.

F5 BIG-IP iControl Remote Code Execution

This Metasploit module exploits an authentication bypass vulnerability in the F5 BIG-IP iControl REST service to gain access to the admin account, which is capable of executing commands through the /mgmt/tm/util/bash endpoint. Successful exploitation results in remote code execution as the root user.

F5 BIG-IP vulnerability is now being used to disable servers

At least one group of threat actors is using the recently patched vulnerability in F5 BIG-IP to wipe the file system of vulnerable devices. The post F5 BIG-IP vulnerability is now being used to disable servers appeared first on Malwarebytes Labs.

CISA Urges Organizations to Patch Actively Exploited F5 BIG-IP Vulnerability

The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has added the recently disclosed F5 BIG-IP flaw to its Known Exploited Vulnerabilities Catalog following reports of active abuse in the wild. The flaw, assigned the identifier CVE-2022-1388 (CVSS score: 9.8), concerns a critical bug in the BIG-IP iControl REST endpoint that provides an unauthenticated adversary with a method to

Spring4Shell Spring Framework Class Property Remote Code Execution

Spring Framework versions 5.3.0 to 5.3.17, 5.2.0 to 5.2.19, and older versions when running on JDK 9 or above and specifically packaged as a traditional WAR and deployed in a standalone Tomcat instance are vulnerable to remote code execution due to an unsafe data binding used to populate an object from request parameters to set a Tomcat specific ClassLoader. By crafting a request to the application and referencing the org.apache.catalina.valves.AccessLogValve class through the classLoader with parameters such as the following: class.module.classLoader.resources.context.parent.pipeline.first.suffix=.jsp, an unauthenticated attacker can gain remote code execution.

Hackers Actively Exploit F5 BIG-IP Bug

The bug has a severe rating of 9.8, public exploits are released.

F5 BIG-IP Remote Code Execution

F5 BIG-IP remote code execution proof of concept exploit that leverages the vulnerability identified in CVE-2022-1388.

CVE-2022-1388

On F5 BIG-IP 16.1.x versions prior to 16.1.2.2, 15.1.x versions prior to 15.1.5.1, 14.1.x versions prior to 14.1.4.6, 13.1.x versions prior to 13.1.5, and all 12.1.x and 11.6.x versions, undisclosed requests may bypass iControl REST authentication. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated

CVE-2021-3100: ALAS2-2021-1732

The Apache Log4j hotpatch package before log4j-cve-2021-44228-hotpatch-1.1-13 didn’t mimic the permissions of the JVM being patched, allowing it to escalate privileges.

CVE-2022-21496: Oracle Critical Patch Update Advisory - April 2022

Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: JNDI). Supported versions that are affected are Oracle Java SE: 7u331, 8u321, 11.0.14, 17.0.2, 18; Oracle GraalVM Enterprise Edition: 20.3.5, 21.3.1 and 22.0.0.2. Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Oracle Java SE, Oracle GraalVM Enterprise Edition. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle Java SE, Oracle GraalVM Enterprise Edition accessible data. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability can also be exploited by using APIs in the specified Component, e.g., through a web service ...

CVE-2022-22968: CVE-2022-22968 | Security

In Spring Framework versions 5.3.0 - 5.3.18, 5.2.0 - 5.2.20, and older unsupported versions, the patterns for disallowedFields on a DataBinder are case sensitive which means a field is not effectively protected unless it is listed with both upper and lower case for the first character of the field, including upper and lower case for the first character of all nested fields within the property path.

CVE-2022-22721: Apache HTTP Server 2.4 vulnerabilities

If LimitXMLRequestBody is set to allow request bodies larger than 350MB (defaults to 1M) on 32 bit systems an integer overflow happens which later causes out of bounds writes. This issue affects Apache HTTP Server 2.4.52 and earlier.

CVE-2021-44548: Solr™ Security News

An Improper Input Validation vulnerability in DataImportHandler of Apache Solr allows an attacker to provide a Windows UNC path resulting in an SMB network call being made from the Solr host to another host on the network. If the attacker has wider access to the network, this may lead to SMB attacks, which may result in: * The exfiltration of sensitive data such as OS user hashes (NTLM/LM hashes), * In case of misconfigured systems, SMB Relay Attacks which can lead to user impersonation on SMB Shares or, in a worse-case scenario, Remote Code Execution This issue affects all Apache Solr versions prior to 8.11.1. This issue only affects Windows.

CVE-2021-22057: VMSA-2021-0030

VMware Workspace ONE Access 21.08, 20.10.0.1, and 20.10 contain an authentication bypass vulnerability. A malicious actor, who has successfully provided first-factor authentication, may be able to obtain second-factor authentication provided by VMware Verify.

CVE-2021-44790: Apache HTTP Server 2.4 vulnerabilities

A carefully crafted request body can cause a buffer overflow in the mod_lua multipart parser (r:parsebody() called from Lua scripts). The Apache httpd team is not aware of an exploit for the vulnerabilty though it might be possible to craft one. This issue affects Apache HTTP Server 2.4.51 and earlier.

CVE-2020-9490: Apache HTTP Server 2.4 vulnerabilities

Apache HTTP Server versions 2.4.20 to 2.4.43. A specially crafted value for the 'Cache-Digest' header in a HTTP/2 request would result in a crash when the server actually tries to HTTP/2 PUSH a resource afterwards. Configuring the HTTP/2 feature via "H2Push off" will mitigate this vulnerability for unpatched servers.

CVE-2020-2548: Oracle Critical Patch Update Advisory - January 2020

Vulnerability in the Oracle WebLogic Server product of Oracle Fusion Middleware (component: WLS Core Components). The supported version that is affected is 10.3.6.0.0. Easily exploitable vulnerability allows high privileged attacker with network access via HTTP to compromise Oracle WebLogic Server. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Oracle WebLogic Server, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle WebLogic Server accessible data as well as unauthorized read access to a subset of Oracle WebLogic Server accessible data. CVSS 3.0 Base Score 4.8 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N).

CVE-2017-5711: Security Center

Multiple buffer overflows in Active Management Technology (AMT) in Intel Manageability Engine Firmware 8.x/9.x/10.x/11.0/11.5/11.6/11.7/11.10/11.20 allow attacker with local access to the system to execute arbitrary code with AMT execution privilege.

CVE-2017-15906

The process_open function in sftp-server.c in OpenSSH before 7.6 does not properly prevent write operations in readonly mode, which allows attackers to create zero-length files.

CVE-2016-6816: Apache Tomcat® - Apache Tomcat 9 vulnerabilities

The code in Apache Tomcat 9.0.0.M1 to 9.0.0.M11, 8.5.0 to 8.5.6, 8.0.0.RC1 to 8.0.38, 7.0.0 to 7.0.72, and 6.0.0 to 6.0.47 that parsed the HTTP request line permitted invalid characters. This could be exploited, in conjunction with a proxy that also permitted the invalid characters but with a different interpretation, to inject data into the HTTP response. By manipulating the HTTP response the attacker could poison a web-cache, perform an XSS attack and/or obtain sensitive information from requests other then their own.

PortSwigger: Latest News

We’re going teetotal: It’s goodbye to The Daily Swig