Cyberveillecurated by Decio
Nuage de tags
Mur d'images
Quotidien
Flux RSS
  • Flux RSS
  • Daily Feed
  • Weekly Feed
  • Monthly Feed
Filtres

Liens par page

  • 20 links
  • 50 links
  • 100 links

Filtres

Untagged links
4 résultats taggé cybersecuritynews  ✕
Splunk Universal Forwarder on Windows Lets Non-Admin Users Access All Contents https://cybersecuritynews.com/splunk-universal-forwarder-vulnerability/
09/06/2025 23:41:02
QRCode
archive.org
thumbnail

A high-severity vulnerability was uncovered in Splunk Universal Forwarder for Windows that compromises directory access controls.

The flaw, designated CVE-2025-20298 with a CVSSv3.1 score of 8.0, affects multiple versions of the software and poses significant security risks to enterprise environments relying on Splunk’s data forwarding capabilities.

The vulnerability stems from incorrect permission assignment during the installation or upgrade of Universal Forwarder for Windows.
This security flaw is classified under CWE-732 (Incorrect Permission Assignment for Critical Resource), indicating a fundamental issue with access control mechanisms.

The vulnerability manifests when Universal Forwarder for Windows versions below 9.4.2, 9.3.4, 9.2.6, and 9.1.9 are newly installed or upgraded to an affected version.

During these processes, the installation directory—typically located at C:\Program Files\SplunkUniversalForwarder—receives incorrect permissions that allow non-administrator users to access the directory and all its contents.

This represents a significant breach of the principle of least privilege, a cornerstone of enterprise security frameworks.

The CVSSv3.1 vector CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H indicates that while the attack requires low-level privileges and user interaction, it can result in high impact across confidentiality, integrity, and availability.

The network attack vector component suggests potential for remote exploitation under certain circumstances.

The scope of this vulnerability is considerable, affecting four major release branches of Splunk Universal Forwarder for Windows.

Specifically, the vulnerability impacts versions in the 9.4 branch below 9.4.2, the 9.3 branch below 9.3.4, the 9.2 branch below 9.2.6, and the 9.1 branch below 9.1.9.

cybersecuritynews EN 2025 CVE-2025-20298 vulnerability
ModSecurity Vulnerability Exposes Millions of Web Servers to Severe DoS Condition https://cybersecuritynews.com/modsecurity-dos-vulnerability/
27/05/2025 08:26:54
QRCode
archive.org
thumbnail

A critical vulnerability in ModSecurity’s Apache module has been disclosed, potentially exposing millions of web servers worldwide to denial-of-service attacks.

The flaw, tracked as CVE-2025-47947 and assigned a CVSS score of 7.5, affects the popular open-source web application firewall’s handling of JSON payloads under specific conditions.

Security researchers have confirmed that attackers can exploit this vulnerability with minimal effort, requiring only a single crafted request to consume excessive server memory and potentially crash targeted systems.

ModSecurity DoS Flaw (CVE-2025-47947)
The vulnerability was initially reported in March 2025 by Simon Studer from Netnea on behalf of Swiss Post, though it took several months for developers to successfully reproduce and understand the root cause.

CVE-2025-47947 specifically affects mod_security2, the Apache module version of ModSecurity, while the newer libmodsecurity3 implementation remains unaffected.
The flaw emerges when two specific conditions are met simultaneously: the incoming payload must have a Content-Type of application/json, and there must be at least one active rule utilizing the sanitiseMatchedBytes action.

cybersecuritynews EN 2025 CVE-2025-47947 ModSecurity vulnerability Apache DoS Condition
Zabbix Server Vulnerability Lets Attacker Execute Arbitrary Code https://cybersecuritynews.com/zabbix-server-vulnerability/
16/08/2024 11:00:10
QRCode
archive.org
thumbnail

A critical security vulnerability, identified as CVE-2024-22116, has been patched in Zabbix, a popular monitoring solution.

cybersecuritynews EN 2024 CVE-2024-22116 Zabbix critical
Ferrari Hacked - Attackers Compromised The Ferrari IT Systems https://cybersecuritynews.com/ferrari-hacked/
22/03/2023 11:32:56
QRCode
archive.org
thumbnail

Ferrari Hacked, the renowned manufacturer of sports cars from Italy, announced that a ransomware attack targeted them. 

cybersecuritynews ENM 2023 Ferrari Hacked ransomware
4395 links
Shaarli - The personal, minimalist, super-fast, database free, bookmarking service par la communauté Shaarli - Theme by kalvn - Curated by Decio