Hackers Target Apache Tomcat Servers for Mirai Botnet and Crypto Mining

Misconfigured and poorly secured Apache Tomcat servers are being targeted as part of a new campaign designed to deliver the Mirai botnet malware and cryptocurrency miners. The findings come courtesy of Aqua, which detected more than 800 attacks against its Tomcat server honeypots over a two-year...

Spring Framework insecurely handles PropertyDescriptor objects with data binding

Overview The Spring Framework insecurely handles PropertyDescriptor objects, which may allow a remote, unauthenticated attacker to execute arbitrary code on a vulnerable system. Description The Spring Framework is a Java framework that can be used to create applications such as web applications...

Vulnerability of the Apache Jserv Protocol – the connection protocol of Apache Tomcat servers, allowing attackers to execute arbitrary code.

The vulnerability of the Apache Jserv Protocol – the server for Apache Tomcat applications – is related to errors in processing input data. Exploiting this vulnerability allows a remote attacker to execute arbitrary code...

Apache Tomcat Web Manager Scanning Attempt

Remote attackers can send HTTP requests as a method of scanning for Apache Tomcat servers, in order to later exploit vulnerabilities in these servers to compromise the server's security...