Archive for the ‘Apache’ Category

Apache Tomcat Patches Important Remote Code Execution Flaw

April 15th, 2019
The Apache Software Foundation (ASF) has released new versions of its Tomcat application server to address an important security vulnerability that could allow a remote attacker to execute malicious code and take control of an affected server. Developed by ASF, Apache Tomcat is an open source web server and servlet system, which uses several Java EE specifications such as Java Servlet,

Posted in Apache, Apache exploit, Apache Server, Apache Tomcat, cyber security, hacking news, server security, Vulnerability | Comments (0)

Serious Apache server bug gives root to baddies in shared host environments

April 4th, 2019
Serious Apache server bug gives root to baddies in shared host environments

(credit: Aurich Lawson / Thinkstock)

The Apache HTTP Server, the Internet’s most widely used Web server, just fixed a serious vulnerability that makes it possible for untrusted users or software to gain unfettered control of the machine the software runs on.

CVE-2019-0211, as the vulnerability is indexed, is a local privilege escalation, meaning it allows a person or software that already has limited access to the Web server to elevate privileges to root. From there, the attacker could do just about anything. The vulnerability makes it possible for unprivileged scripts to overwrite sensitive parts of a server’s memory, Charles Fol, the independent researcher who discovered the bug, wrote in a blog post. A malicious script could exploit the vulnerability to gain root.

The vulnerability poses the most risk inside Web-hosting facilities that offer shared instances, in which a single physical machine serves content for more than one website. Typically, such servers prevent an administrator of one site from accessing other sites or from accessing sensitive settings of the machine itself.

Read 5 remaining paragraphs | Comments

Posted in Apache, Biz & IT, exploits, patches, vulnerabilities, web server | Comments (0)

New Apache Web Server Bug Threatens Security of Shared Web Hosts

April 2nd, 2019
Mark J Cox, one of the founding members of the Apache Software Foundation and the OpenSSL project, today posted a tweet warning users about a recently discovered important flaw in Apache HTTP Server software. The Apache web server is one of the most popular, widely used open-source web servers in the world that powers almost 40 percent of the whole Internet. The vulnerability, identified as

Posted in Apache, Apache web server, fast web server, hacking web server, privilege escalation, shared web hosting, Vulnerability, web hosting, web server hacking, web server security | Comments (0)

How a serious Apache vulnerability struts its stuff

March 14th, 2017

Officially it’s CVE-2017-5638, but in practice it’s “the bug in Apache Struts you really should have patched by now”. Here’s why…

Posted in Apache, CVE-2017-5638, Exploit, rce, struts, Vulnerability | Comments (0)

Google Employees Help Thousands Of Open Source Projects Patch Critical ‘Mad Gadget Bug’

March 2nd, 2017

Last year Google employees took an initiative to help thousands of Open Source Projects patch a critical remote code execution vulnerability in a widely used Apache Commons Collections (ACC) library.

Dubbed Operation Rosehub, the initiative was volunteered by some 50 Google employees, who utilized 20 percent of their work time to patch over 2600 open source projects on Github, those were

Posted in Apache, Google Security, hacking news, java Vulnerability, Mad Gadget vulnerability, Open Source, ransomware attack, Vulnerability | Comments (0)

Anti-piracy software developer leaves website open to snoops

February 9th, 2017

It’s all too easy to get the configuration of a website wrong and leave the door open for anyone to see private files

Posted in Apache, htaccess, Technologies, Vulnerability | Comments (0)