1. Overview Apache Struts2 is a JAVA-based web application development framework, and this section summarizes the results of our analysis of remote code execution (RCE) vulnerabilities that can occur in web applications using the framework. 2. Attack Types This section analyzes the attack types for four CVEs among the various Apache Struts2 RCE vulnerabilities. 1) Read more about Apache Struts2 Vulnerability[…]
A01_2021-Broken Access Control Vulnerability due to weak access control that could lead to unauthorized viewing, modification, or deletion of data. – Vulnerable page access detection – Directory Listing – Stem file access detection A02_2021-Cryptographic Failures Vulnerability that may result in information leakage due to inadequate encryption of data in transit and storage – Personal Information Read more about WAF Pattern for OWASP 2021[…]
Hello, this is MONITORAPP technical support team. We are sending you our review of the two vulnerabilities in the title. We are sending you an internal review related to the two patterns. CVE-2021-44224 – This vulnerability is a case that cannot be dealt with in a pattern. – There is no NULL check in the Read more about Guide to vulnerabilities for Apache HTTP Server CVE-2021-444224 / CVE-2021-44790[…]
Overview – Apache Tomcat has released a security update to address a new vulnerability. – Personnel responsible for servers using vulnerable versions are advised to update to the latest version by visiting the manufacturer’s website Description. – Apache Tomcat sends a WebSocket message at the same time it closes a WebSocket connection, which could allow Read more about Apache Tomcat Vulnerability Security Update Advisory[…]
The Apache Software Foundation has released a security update that addresses vulnerabilities in Log4j (https://logging.apache.org/log4j) software. Apache Log4j, where the vulnerability was found, is a Java-based open-source utility used to leave a log while writing a program. Since attackers can take advantage of the vulnerability and cause damage such as malicious code infection, we Read more about An update on the Apache Log4j vulnerability[…]
