New Patch Released for Actively Exploited 0-Day Apache Path Traversal to RCE Attacks

The Apache Software Foundation on Thursday released additional security updates for its HTTP Server product to remediate what it says is an "incomplete fix" for an actively exploited path traversal and remote code execution flaw that it patched earlier this week. CVE-2021-42013, as the new...

Apache Releases HTTP Server version 2.4.51 to Address Vulnerabilities Under Exploitation

On October 7, 2021, the Apache Software Foundation released Apache HTTP Server version 2.4.51 to address Path Traversal and Remote Code Execution vulnerabilities CVE-2021-41773, CVE-2021-42013 in Apache HTTP Server 2.4.49 and 2.4.50. These vulnerabilities have been exploited in the wild. CISA is...

Apache Unomi Injection Vulnerability

Apache Unomi is the United States Apache Software Apache Foundation's set of open source customer data platform. The platform is mainly written in Java language. An injection vulnerability exists in Apache Unomi versions prior to 1.5.5. The vulnerability stems from the failure of a networked syst...

CVE-2020-9479

CVE-2020-9479 affects Apache AsterixDB (unreleased builds) during loading of a UDF. A specially crafted ZIP can cause files to be placed outside the UDF deployment directory, indicating a directory traversal flaw in the UDF load process. Impact details are limited to the described commodity: no r...

Apache containerd Credential Leakage Vulnerability

containerd is a container daemon from the Apache Software Foundation. This process is responsible for controlling the full cycle of containers on the host according to the RunC OCI specification. A security vulnerability exists in containerd an industry-standard container runtime versions prior t...

[SECURITY] Fedora 31 Update: alpine-2.23-2.fc31

Alpine -- an Alternatively Licensed Program for Internet News & Email -- is a tool for reading, sending, and managing electronic messages. Alpine is the successor to Pine and was developed by Computing & Communications at the University of Washington. Though originally designed for inexperienced...

[SECURITY] Fedora 32 Update: alpine-2.23-2.fc32

Alpine -- an Alternatively Licensed Program for Internet News & Email -- is a tool for reading, sending, and managing electronic messages. Alpine is the successor to Pine and was developed by Computing & Communications at the University of Washington. Though originally designed for inexperienced...

Fedora: Security Advisory for tomcat (FEDORA-2020-d9169235a8)

The remote host is missing an update for the Copyright C 2020 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This program is free software; you can...

Apache Tomcat Remote Code Execution via session persistence

The Apache Software Foundation reports: Under certain circumstances an attacker will be able to trigger remote code execution via deserialization of the file under their control...

[SECURITY] Fedora 31 Update: tomcat-9.0.31-2.fc31

Tomcat is the servlet container that is used in the official Reference Implementation for the Java Servlet and JavaServer Pages technologies. The Java Servlet and JavaServer Pages specifications are developed by Sun under the Java Community Process. Tomcat is developed in an open and participator...

[SECURITY] Fedora 32 Update: tomcat-9.0.31-2.fc32

Tomcat is the servlet container that is used in the official Reference Implementation for the Java Servlet and JavaServer Pages technologies. The Java Servlet and JavaServer Pages specifications are developed by Sun under the Java Community Process. Tomcat is developed in an open and participator...

Fedora: Security Advisory for tomcat (FEDORA-2020-0e42878ba7)

The remote host is missing an update for the Copyright C 2020 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This program is free software; you can...

Apache OFBiz Cross-Site Scripting Vulnerability (CNVD-2020-16521)

Apache OFBiz is the United States Apache Apache Software Foundation of a set of enterprise resource planning ERP system. The system provides a set of Java-based Web application components and tools. A cross-site scripting vulnerability exists in Apache OFBiz. The vulnerability stems from the WEB...

Apache Security Advisories Red Flag Wrong Versions in Patching Gaffe

Researchers have pinpointed errors in two dozen Apache Struts security advisories, which warn users of vulnerabilities in the popular open-source web app development framework. They say that the security advisories listed incorrect versions impacted by the vulnerabilities. The concern from this...

Apache VCL SQL Injection Vulnerability (CNVD-2019-25063)

Apache VCL is a set of open source cloud computing platform of the U.S. Apache Apache Software Foundation. A SQL injection vulnerability exists in Apache VCL versions 2.1 through 2.5. The vulnerability stems from a lack of validation of externally entered SQL statements in database-based...

[SECURITY] Fedora 29 Update: tomcat-9.0.21-1.fc29

Tomcat is the servlet container that is used in the official Reference Implementation for the Java Servlet and JavaServer Pages technologies. The Java Servlet and JavaServer Pages specifications are developed by Sun under the Java Community Process. Tomcat is developed in an open and participator...

Fedora Update for tomcat FEDORA-2019-1a3f878d27

The remote host is missing an update for the Copyright C 2019 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This program is free software; you can...

Apache Archiva 2.2.3 Cross Site Scripting / File Write / Delete Vulnerabilities

Exploit for multiple platform in category web applications CVE-2019-0213: Apache Archiva Stored XSS Severity: Low Vendor: The Apache Software Foundation Versions Affected: Apache Archiva 2.0.0 - 2.2.3 The unsupported versions 1.x are also affected. It may be possible to store malicious XSS code...

Apache Software Foundation Apache HTTP Server Remote Code Execution (CVE-2002-0392) - Ver2

A remote code execution vulnerability exists in Apache Software Foundation Apache HTTP Server. Successful exploitation of this vulnerability could allow a remote attacker to execute arbitrary code on the affected system...

GHSA-VXP9-WV2F-WQMW Deserialization of Untrusted Data in superset

Versions of Superset prior to 0.23 used an unsafe load method from the pickle library to deserialize data leading to possible remote code execution. Note Superset 0.23 was released prior to any Superset release under the Apache Software Foundation...