HTTP/2 Rapid Reset attack

Posted on 2024-01-122024-07-17 by marketing

Overview : HTTP/2 utilizes the “Stream multiplexing” feature, unlike HTTP/1.1, allowing multiple streams to be opened and closed within a single TCP connection. We have compiled an analysis of CVE-2023-44487, a denial of service (DoS) vulnerability recently discovered in this protocol. Attack Type : CVE-2023-44487 targets all web services supporting the HTTP/2 protocol, primarily Read more about HTTP/2 Rapid Reset attack[…]

Major Vulnerabilities in 2023

Posted on 2023-12-202024-07-17 by marketing

Major Vulnerabilities and Signature Pattern Response in 2023 Overview : MONITORAPP’s web firewall prevents and blocks attacks on web applications by integrating various security technologies. These technologies identify major vulnerabilities and provide effective responses to maintain the integrity and availability of web applications. To enhance the security of web applications, regularly updated signature patterns quickly Read more about Major Vulnerabilities in 2023[…]

Adobe ColdFusion Vulnerability Report

Posted on 2023-11-152024-07-17 by marketing

2023.11 – Adobe ColdFusion Adobe ColdFusion Multiple vulnerability 1. Overview : Adobe ColdFusion is a web application development platform provided by Adobe. This summary compiles the analysis of recently discovered remote code execution (RCE) vulnerabilities on this platform, namely CVE-2023-26360, CVE-2023-26361, CVE-2023-29298, and CVE-2023-38205. 2. Attack Types : Adobe announced patches for Read more about Adobe ColdFusion Vulnerability Report[…]

ProxyShell Vulnerability Report

Posted on 2023-10-112024-07-17 by marketing

2023.10 – ProxyShell MS Exchange Server ProxyShell 1.Overview : The ProxyShell vulnerability comprises SSRF (Server Side Request Forgery) and RCE (Remote Code Execute) vulnerabilities that can occur in MS Exchange Server, consisting of multiple CVEs. 2.Attack Process : This is an analysis of how three CVEs related to the ProxyShell vulnerability are interconnected and used. Read more about ProxyShell Vulnerability Report[…]

WordPress xmlrpc vulnerability report

Posted on 2023-09-262024-07-17 by monitorapp_admin

1. overview : The xmlrpc.php file in WordPress utilizes HTTP as the transport mechanism. It is WordPress’ ability to transfer data with XML acting as the encoding mechanism. It is a file created to handle the task of communicating with other systems (other blogs or apps) and through that xmlrpc.php file, you can run pingback Read more about WordPress xmlrpc vulnerability report[…]

Vulnerability Analysis Report (2023.07)

Posted on 2023-07-272024-07-17 by monitorapp_admin

2023.07 – ProxyNotShell 1. Overview ProxyNotShell is a Remote Code Execution (RCE) vulnerability in MS Exchange Server that consists of multiple CVEs, and we have summarized the results of our analysis for each CVE. 2. Attack Process This section analyzes how the three CVEs corresponding to the ProxyNotShell vulnerability are used in conjunction with each Read more about Vulnerability Analysis Report (2023.07)[…]

SQL Injection based JSON

Posted on 2023-02-232024-07-17 by monitorapp_admin

1. Overview SQL Injection is a major attack vector for websites and a common security threat in web applications. Most web application firewalls (WAFs) can detect and block SQL Injection attacks natively. However, many WAF vendors have been found to be unable to detect SQL Injection attacks that exploit JSON operators and functions, so we Read more about SQL Injection based JSON[…]

Apache Struts2 Vulnerability

Posted on 2023-01-102024-07-17 by monitorapp_admin

1. Overview Apache Struts2 is a JAVA-based web application development framework, and this section summarizes the results of our analysis of remote code execution (RCE) vulnerabilities that can occur in web applications using the framework. 2. Attack Types This section analyzes the attack types for four CVEs among the various Apache Struts2 RCE vulnerabilities. 1) Read more about Apache Struts2 Vulnerability[…]

WAF Pattern for OWASP 2021

Posted on 2022-08-112024-07-17 by monitorapp_admin

A01_2021-Broken Access Control Vulnerability due to weak access control that could lead to unauthorized viewing, modification, or deletion of data. – Vulnerable page access detection – Directory Listing – Stem file access detection A02_2021-Cryptographic Failures Vulnerability that may result in information leakage due to inadequate encryption of data in transit and storage – Personal Information Read more about WAF Pattern for OWASP 2021[…]

Guide to vulnerabilities for Apache HTTP Server CVE-2021-444224 / CVE-2021-44790

Posted on 2022-06-272024-07-17 by monitorapp_admin

Hello, this is MONITORAPP technical support team. We are sending you our review of the two vulnerabilities in the title. We are sending you an internal review related to the two patterns. CVE-2021-44224 – This vulnerability is a case that cannot be dealt with in a pattern. – There is no NULL check in the Read more about Guide to vulnerabilities for Apache HTTP Server CVE-2021-444224 / CVE-2021-44790[…]

Solutions			Company	Support
WAAP	SWG	ZTNA	Who we are	Contact us
CDN	CASB		What we do	FAQ
DDoS	FWaaS		Career
WSPC	NGDPI
	ATP
	RBI