Apache has released a patch to address a session validation vulnerability in Superset. CVE-2023-27524 has been rated as high, with a CVSS score of 8.9. On successful exploitation, the vulnerability may allow an attacker to authenticate and access unauthorized resources and execute arbitrary code on the target system. On January 8, 2024, CISA added the … Continue reading “Apache Patches Session Validation Vulnerability in Superset (CVE-2023-27524)”
Tag: Apache
Apache Spark Command Injection Vulnerability (CVE-2022-33891)
Kostya Kortchinsky has discovered a command injection vulnerability in the Apache Spark User Interface (UI). Assigned with CVE-2022-33891, the vulnerability can be exploited when Access Control Lists (ACLs) are enabled. Apache fixed the vulnerability on July 18, 2022; however, the flaw is being exploited in the wild. CISA has added the vulnerability to its Known … Continue reading “Apache Spark Command Injection Vulnerability (CVE-2022-33891)”
Apache Commons Arbitrary Code Execution Vulnerability (Text4Shell) (CVE-2022-42889)
A critical severity arbitrary code execution vulnerability, found in the Apache Commons Text library, has been discovered and reported by Alvaro Munoz. Tracked as CVE-2022-42889, this vulnerability has been assigned a CVSS base score of 9.8 and could result in remote code execution applied to untrusted input due to insecure interpolation defaults. Apache Commons … Continue reading “Apache Commons Arbitrary Code Execution Vulnerability (Text4Shell) (CVE-2022-42889)”
Apache APISIX Batch-Requests Plugin Remote Code Execution Vulnerability (CVE-2022-24112)
Apache APISIX has issued a security alert, revealing a remote code execution vulnerability (CVE-2022-24112) in versions prior to 2.12.1. Apache APISIX is a high-performance API gateway that is dynamic and real-time. APISIX offers load balancing, dynamic upstream, canary release, circuit breaking, authentication, observability, and other traffic management functions. The vulnerability states “In versions of Apache … Continue reading “Apache APISIX Batch-Requests Plugin Remote Code Execution Vulnerability (CVE-2022-24112)”
Apache Cassandra Database Software High-Severity Remote Code Execution Vulnerability (CVE-2021-44521)
Apache Cassandra is a free and open-source distributed NoSQL database management system that can handle massive volumes of data across many commodity servers while maintaining high availability and avoiding single points of failure. Researchers have revealed details of a high-severity security flaw in the Apache Cassandra open-source NoSQL distributed database. The vulnerability is easy … Continue reading “Apache Cassandra Database Software High-Severity Remote Code Execution Vulnerability (CVE-2021-44521)”
Apache Releases Security Update for HTTP Server 2.4 to Address Two Vulnerabilities (CVE-2021-44790 & CVE-2021-44224)
Apache, the open-source software foundation behind the Log4j logging library that has been the subject of so many Log4Shell headlines, released an update to correct two vulnerabilities in HTTPD, a web server that ranks right up there with Log4j in terms of ubiquity. These recently discovered vulnerabilities (CVE-2021-44790 & CVE-2021-44224) allow attackers to cause a … Continue reading “Apache Releases Security Update for HTTP Server 2.4 to Address Two Vulnerabilities (CVE-2021-44790 & CVE-2021-44224)”
Apache Log4j2 Zero-day Remote Code Execution Vulnerability Exploited in the Wild (CVE-2021-44228)
A remote code execution vulnerability in Apache Log4j2 was discovered on the Internet on December 9, 2021, and is actively being exploited in the wild. In Apache Log4j2, attackers can create customized requests to execute remote code. Users are recommended to examine related vulnerabilities as soon as possible due to the wide spectrum of impact … Continue reading “Apache Log4j2 Zero-day Remote Code Execution Vulnerability Exploited in the Wild (CVE-2021-44228)”
Apache mod_proxy Server-Side Request Forgery (SSRF) Vulnerability (CVE-2021-40438)
The Apache HTTP Server Project is a group of people working together to create and maintain an open-source, software-based HTTP server for modern operating systems such as UNIX and Windows. This technology is considered among the most widely used web servers on the internet. A Server-Side Request Forgery (SSRF) vulnerability (CVE-2021-40438) has been identified in Apache HTTP Server versions 2.4.48 and older. The vulnerability … Continue reading “Apache mod_proxy Server-Side Request Forgery (SSRF) Vulnerability (CVE-2021-40438)”
Apache HTTP Server Path Normalization and Remote Code Execution (RCE) Vulnerability (CVE-2021-42013)
The Apache Software Foundation has published additional security updates for its HTTP Server to remediate an incomplete fix for a path traversal and Remote Code Execution (RCE) vulnerability patched in the first week of October 2021 (CVE-2021-41773). CVE-2021-42013 is based upon a path normalization bug, which allowed an unauthenticated remote user to view files on the Apache Web … Continue reading “Apache HTTP Server Path Normalization and Remote Code Execution (RCE) Vulnerability (CVE-2021-42013)”
Apache fixes the HTTP Path Traversal Vulnerability (CVE-2021-41773)
Apache Software Foundation has published HTTP Web Server version 2.4.50 to fix the CVE-2021-41773 vulnerability in Apache Server version 2.4.49. This is a path traversal and file disclosure flaw that could allow attackers to gain access to sensitive data, and according to the report, is being actively exploited. The Apache HTTP Server is a cross-platform, … Continue reading “Apache fixes the HTTP Path Traversal Vulnerability (CVE-2021-41773)”