Cyberveillecurated by Decio
Nuage de tags
Mur d'images
Quotidien
Flux RSS
  • Flux RSS
  • Daily Feed
  • Weekly Feed
  • Monthly Feed
Filtres

Liens par page

  • 20 links
  • 50 links
  • 100 links

Filtres

Untagged links
15 résultats taggé Apache  ✕
CVE-2025-49763 - Remote DoS via Memory Exhaustion in Apache Traffic Server via ESI Plugin https://www.imperva.com/blog/cve-2025-49763-remote-dos-via-memory-exhaustion-in-apache-traffic-server-via-esi-plugin/
20/06/2025 21:54:47
QRCode
archive.org
thumbnail

Imperva’s Offensive Security Team discovered CVE-2025-49763, a high-severity vulnerability (CVSS v3.1 estimated score: 7.5) in Apache Traffic Server’s ESI plugin that enables unauthenticated attackers to exhaust memory and potentially crash proxy nodes. Given ATS’s role in global content delivery[1], even a single node failure can black-hole thousands of sessions. Organizations should urgently upgrade to version 9.2.11 or 10.0.6 and enforce the new inclusion-depth safeguard.

Why reverse‑proxy servers matter
Every web request you make today almost certainly travels through one or more reverse‑proxy caches before it reaches the origin application. These proxies:

  • Off‑load origin servers by caching hot objects
  • Collapse duplicate requests during traffic spikes
  • Terminate TLS and enforce security controls
  • And sit “at the edge”, close to end‑users, to shave hundreds of milliseconds off page‑load time.
    Because they concentrate so much traffic, a single reverse‑proxy node going offline can black‑hole thousands of concurrent sessions; at scale, an outage ripples outward like a dropped stone in water, slowing CDNs, SaaS platforms, media portals and on‑line banks alike. Denial‑of‑service (DoS) conditions on these boxes are therefore high‑impact events, not a mere nuisance.
    ...
    CVE-2025-49763 is a newly disclosed flaw in Apache Traffic Server’s Edge-Side Includes plugin that allows an unauthenticated attacker to embed or request endlessly nested <esi:include> tags, forcing the proxy to consume all available memory until it is out-of-memory-killed and service is lost.

This vulnerability can be exploited via two different ways:

A threat actor could exploit an Edge Side Include injection and recursively inject the same page over and over again.

exploitation via esi injection

A threat actor could also host a malicious server next to a target, behind a vulnerable traffic server proxy and take down the proxy by triggering the ESI request avalanche. (see Fig 2).

exploitation via malicious error

This results in a full denial of service on edge proxy nodes, triggered remotely without requiring authentication.

imperva EN 2025 vulnerability CVE-2025-49763 analysis Apache Traffic-Server
ModSecurity Vulnerability Exposes Millions of Web Servers to Severe DoS Condition https://cybersecuritynews.com/modsecurity-dos-vulnerability/
27/05/2025 08:26:54
QRCode
archive.org
thumbnail

A critical vulnerability in ModSecurity’s Apache module has been disclosed, potentially exposing millions of web servers worldwide to denial-of-service attacks.

The flaw, tracked as CVE-2025-47947 and assigned a CVSS score of 7.5, affects the popular open-source web application firewall’s handling of JSON payloads under specific conditions.

Security researchers have confirmed that attackers can exploit this vulnerability with minimal effort, requiring only a single crafted request to consume excessive server memory and potentially crash targeted systems.

ModSecurity DoS Flaw (CVE-2025-47947)
The vulnerability was initially reported in March 2025 by Simon Studer from Netnea on behalf of Swiss Post, though it took several months for developers to successfully reproduce and understand the root cause.

CVE-2025-47947 specifically affects mod_security2, the Apache module version of ModSecurity, while the newer libmodsecurity3 implementation remains unaffected.
The flaw emerges when two specific conditions are met simultaneously: the incoming payload must have a Content-Type of application/json, and there must be at least one active rule utilizing the sanitiseMatchedBytes action.

cybersecuritynews EN 2025 CVE-2025-47947 ModSecurity vulnerability Apache DoS Condition
Deloitte Says No Threat to Sensitive Data After Hacker Claims Server Breach https://www.securityweek.com/deloitte-says-no-threat-to-sensitive-data-after-hacker-claims-server-breach/
29/09/2024 18:39:32
QRCode
archive.org

A notorious hacker has announced the theft of data from an improperly protected server allegedly belonging to Deloitte.

The hacker known as IntelBroker announced late last week on the BreachForums cybercrime forum the availability of “internal communications” obtained from Deloitte, specifically an internet-exposed Apache Solr server that was accessible with default credentials.

securityweek EN 2024 Deloitte IntelBroker data-breach exposed Apache Solr
Improving Apache httpd Protections Proactively with Orange Tsai of DEVCORE https://www.akamai.com/blog/security-research/2024/aug/2024-august-apache-waf-proactive-collaboration-orange-tsai-devcore?ref=news.risky.biz
12/08/2024 19:58:53
QRCode
archive.org
  • In collaboration with renowned security researcher Orange Tsai and DEVCORE, Akamai researchers have issued early-release remediations to Apache CVEs for our Akamai App & API Protector customers.

  • Tsai presented his research at Black Hat USA 2024 and outlined the details for many Apache HTTP Server (httpd) vulnerabilities that were recently patched.

  • Before his Black Hat presentation, the Akamai Security Intelligence Group (SIG) proactively contacted Tsai to facilitate the sharing of technique details for proactive defense for our customers.

  • App & API Protector customers who are in automatic mode have existing and updated protections.

akamai OrangeTsai EN 2024 DEVCORE vulnerabilities Apache httpd CVE-2024-38475 CVE-2024-38472 CVE-2024-39573 CVE-2024-38477
Critical Vulnerability in Apache OFBiz Requires Immediate Patching - Infosecurity Magazine https://www.infosecurity-magazine.com/news/fla-apache-ofbiz-requires-patching/?ref=metacurity.com
07/08/2024 10:18:18
QRCode
archive.org
thumbnail

SonicWall discovered the Apache OFBiz flaw, identifying it as a critical issue enabling unauthenticated remote code execution

infosecurity-magazine. EN 2024 SonicWall Apache OFBiz flaw critical CVE-2024-38856
7 December 2023 - Apache Struts version 6.3.0.2 General Availability https://struts.apache.org/announce-2023?is=e4f6b16c6de31130985364bb824bcb39ef6b2c4e902e4e553f0ec11bdbefc118#a20231207-1
18/12/2023 11:21:46
QRCode
archive.org

7 December 2023 - Apache Struts version 6.3.0.2 General Availability

The Apache Struts group is pleased to announce that Apache Struts version 6.3.0.2 is available as a “General Availability” release. The GA designation is our highest quality grade.

The Apache Struts is an elegant, extensible framework for creating enterprise-ready Java web applications. The framework has been designed to streamline the full development cycle, from building, to deploying, to maintaining applications over time.

This version addresses a potential security vulnerability identified as CVE-2023-50164 and described in S2-066 - please read the mentioned security bulletins for more details. This is a drop-in replacement and upgrade should be straightforward.

apache.org EN 2023 CVE-2023-50164 Apache Struts annonce Vulnerability
CVE-2023-50164 https://attackerkb.com/topics/pe3CCtOE81/cve-2023-50164/rapid7-analysis
15/12/2023 21:27:06
QRCode
archive.org
thumbnail

Apache Struts is a popular Java web application framework. On December 7, 2023 Apache published an advisory for CVE-2023-50164, a Struts parameter pollution vu…

attackerkb EN 2023 CVE-2023-50164 Apache Struts CVE-2023-50164 analysis
CVE-2023-46604 (Apache ActiveMQ) Vulnerability Exploited to Infect Systems With Cryptominers and Rootkits https://www.trendmicro.com/en_us/research/23/k/cve-2023-46604-exploited-by-kinsing.html
22/11/2023 17:15:12
QRCode
archive.org
thumbnail

We uncovered the active exploitation of the Apache ActiveMQ vulnerability CVE-2023-46604 to download and infect Linux systems with the Kinsing malware (also known as h2miner) and cryptocurrency miner.

trendmicro eport E N2023 CVE-2023-46604 Apache ActiveMQ
Suspected Exploitation of Apache ActiveMQ CVE-2023-46604 https://www.rapid7.com/blog/post/2023/11/01/etr-suspected-exploitation-of-apache-activemq-cve-2023-46604/
04/11/2023 16:23:08
QRCode
archive.org
thumbnail

On October 27, Rapid7 Managed Detection & Response identified suspected exploitation of Apache ActiveMQ CVE-2023-46604 in 2 separate customer environments.

rapid7 EN 2023 CVE-2023-46604 Apache ActiveMQ
Cyber experts and officials raise alarms about exploits against Citrix and Apache productsoited vulnerability (KEV) list. https://therecord.media/cyber-officials-raise-alarms-citrix-apache?s=09
03/11/2023 19:16:29
QRCode
archive.org

Several new vulnerabilities with critical severity scores are causing alarm among experts and cyber officials.

Zero-day bugs affecting products from Citrix and Apache have recently been added to the Cybersecurity and Infrastructure Security Agency’s (CISA) known exploited vulnerability (KEV) list.

Incident responders at the cybersecurity company Rapid7 warned of hackers connected to the HelloKitty ransomware exploiting a vulnerability affecting Apache ActiveMQ, classified as CVE-2023-46604. Apache ActiveMQ is a Java-language open source message broker that facilitates communication between servers.

therecord EN 2023 CVE-2023-46604 Apache ActiveMQ Citrix
CVE-2023-46604 https://attackerkb.com/topics/IHsgZDE3tS/cve-2023-46604/rapid7-analysis
01/11/2023 18:53:18
QRCode
archive.org
thumbnail

Apache ActiveMQ is a message broker service, designed to act as a communication bridge between disparate services. Developed in Java, it can broker multiple pr…

attackerkb EN 2023 analysis CVE-2023-46604 Apache ActiveMQ
Tomcat Under Attack: Exploring Mirai Malware and Beyond https://blog.aquasec.com/tomcat-under-attack-investigating-the-mirai-malware
31/07/2023 15:02:28
QRCode
archive.org
thumbnail

Tomcat Vulnerability explore some of the techniques used by the Mirai botnet to exploit a single attack directed at one of our Apache Tomcat honeypots.

aquasec EN 2023 Tomcat Mirai botnet Apache
CVE-2022-45047: Apache MINA SSHD unsafe deserialization vulnerability https://securityonline.info/cve-2022-45047-apache-mina-sshd-unsafe-deserialization-vulnerability/
16/11/2022 07:07:34
QRCode
archive.org
thumbnail

Recently, Apache MINA fixed an unsafe deserialization vulnerability. The bug exists in the class org.apache.sshd.server.keyprovider.SimpleGeneratorHostKeyProvider, an attacker could exploit this vulnerability to deserialize and thus achieve remote code execution. Track as CVE-2022-45047, the flaw severity is important.

securityonline EN 2022 CVE-2022-4504 Apache MINA SSHD unsafe deserialization
CVE-2022-42889: Keep Calm and Stop Saying "4Shell" https://www.rapid7.com/blog/post/2022/10/17/cve-2022-42889-keep-calm-and-stop-saying-4shell/
18/10/2022 11:13:42
QRCode
archive.org
thumbnail

CVE-2022-42889, which some have begun calling “Text4Shell,” is a vulnerability in the popular Apache Commons Text library that can result in code execution when processing malicious input. The vulnerability was announced on October 13, 2022 on the Apache dev list and originally reported by Alvaro Munoz

rapid7 EN 2022 CVE-2022-42889 Text4Shell Apache Commons Text
High-Severity RCE Security Bug Reported in Apache Cassandra Database Software https://thehackernews.com/2022/02/high-severity-rce-security-bug-reported.html
16/02/2022 11:47:24
QRCode
archive.org

Researchers have revealed details of a now-patched high-severity security vulnerability in Apache Cassandra that, if left unaddressed, could be abused to gain remote code execution on affected installations.

"This Apache security vulnerability is easy to exploit and has the potential to wreak havoc on systems, but luckily only manifests in non-default configurations of Cassandra," Omer Kaspi, security researcher at DevOps firm JFrog, said in a technical write-up published Tuesday.

thehackernews EN 2022 bug Apache Cassandra CVE-2021-44521
4503 links
Shaarli - The personal, minimalist, super-fast, database free, bookmarking service par la communauté Shaarli - Theme by kalvn - Curated by Decio