Apache OFBiz Remote Code Execution Vulnerability (CVE-2020-9496)

Overview: On 19 May 2020, Apache published an advisory to address an insecure deserialization vulnerability in Apache OFBiz.  The vulnerability occurs due to Java serialization issues while processing requests sent to the “/webtools/control/xmlrpc” URL. This vulnerability may lead to a variety of attacks like stealing user/admin credentials. This issue can be escalated into a Remote … Continue reading “Apache OFBiz Remote Code Execution Vulnerability (CVE-2020-9496)”

OpenSSL Raccoon Vulnerability

A team of researchers has disclosed the details of the timing vulnerability named Raccoon attack in TLS 1.2 and earlier versions. This is a server-side vulnerability that exploits a TLS specification side-channel. Successful exploitation of the vulnerability could lead an attacker to break the encryption and read sensitive communication. In a  paper published by Raccoon, … Continue reading “OpenSSL Raccoon Vulnerability”