Apache mod_proxy Server-Side Request Forgery (SSRF) Vulnerability (CVE-2021-40438)

The Apache HTTP Server Project is a group of people working together to create and maintain an open-source, software-based HTTP server for modern operating systems such as UNIX and Windows. This technology is considered among the most widely used web servers on the internet. A Server-Side Request Forgery (SSRF) vulnerability (CVE-2021-40438) has been identified in Apache HTTP Server versions 2.4.48 and older. The vulnerability … Continue reading “Apache mod_proxy Server-Side Request Forgery (SSRF) Vulnerability (CVE-2021-40438)”

Kubernetes Kube-Controller-Manager Server Side Request Forgery (SSRF) Vulnerability

Summary: Kubernetes is an open source container orchestration system for automating application deployment, management and scaling. A security flaw was discovered and disclosed on June 1, 2020 in Kubernetes . A Server Side Request Forgery (SSRF) vulnerability exists in kube-controller-manager. The vulnerability allows an attacker to users to leak up to 500 bytes of arbitrary … Continue reading “Kubernetes Kube-Controller-Manager Server Side Request Forgery (SSRF) Vulnerability”

Universal Plug and Play (UPnP) CallStranger Vulnerability(CVE-2020-12695)

Overview: On 8 June 2020, A new vulnerability has been disclosed in public domain for Universal Plug and Play (UPnP). The vulnerability has been given a name CallStranger.  Exploitation of this bug, could result into exfiltration of data, distributed denial of service (DDoS) attack or scanning your network etc. Universal Plug and Play (UPnP) is a … Continue reading “Universal Plug and Play (UPnP) CallStranger Vulnerability(CVE-2020-12695)”