Ivanti Connect Secure and Policy Secure are vulnerable to high-severity flaws (CVE-2024-21888 & CVE-2024-21893) that may lead to privilege escalation and arbitrary code execution on vulnerable systems. One of the flaws tracked as CVE-2024-21893 is being exploited in the wild. Ivanti mentioned in the advisory that they are aware of a few customers who have … Continue reading “Ivanti Releases Patch for Vulnerabilities Impacting Connect Secure and Policy Secure (CVE-2024-21888 & CVE-2024-21893)”
Tag: Server-Side Request Forgery
Apache mod_proxy Server-Side Request Forgery (SSRF) Vulnerability (CVE-2021-40438)
The Apache HTTP Server Project is a group of people working together to create and maintain an open-source, software-based HTTP server for modern operating systems such as UNIX and Windows. This technology is considered among the most widely used web servers on the internet. A Server-Side Request Forgery (SSRF) vulnerability (CVE-2021-40438) has been identified in Apache HTTP Server versions 2.4.48 and older. The vulnerability … Continue reading “Apache mod_proxy Server-Side Request Forgery (SSRF) Vulnerability (CVE-2021-40438)”
Kubernetes Kube-Controller-Manager Server Side Request Forgery (SSRF) Vulnerability
Summary: Kubernetes is an open source container orchestration system for automating application deployment, management and scaling. A security flaw was discovered and disclosed on June 1, 2020 in Kubernetes . A Server Side Request Forgery (SSRF) vulnerability exists in kube-controller-manager. The vulnerability allows an attacker to users to leak up to 500 bytes of arbitrary … Continue reading “Kubernetes Kube-Controller-Manager Server Side Request Forgery (SSRF) Vulnerability”
Universal Plug and Play (UPnP) CallStranger Vulnerability(CVE-2020-12695)
Overview: On 8 June 2020, A new vulnerability has been disclosed in public domain for Universal Plug and Play (UPnP). The vulnerability has been given a name CallStranger. Exploitation of this bug, could result into exfiltration of data, distributed denial of service (DDoS) attack or scanning your network etc. Universal Plug and Play (UPnP) is a … Continue reading “Universal Plug and Play (UPnP) CallStranger Vulnerability(CVE-2020-12695)”