Overview Recently, NSFOCUS CERT has detected that Atlassian has officially released a security bulletin, which has fixed several high-risk vulnerabilities in Atlassian products, and relevant users are requested to take measures to protect them. Arbitrary Servlet Filter Bypass Vulnerability (CVE-2022-26136): Vulnerabilities in multiple Atlassian products allow unauthenticated remote attackers to...
Year: 2022
IDNOG Workshop & Conference
IDNOG | 2022 July 25-28, 2022 | Sheraton Grand Jakarta Gandaria City Hotel, Indonesia INDONESIA NETWORK OPERATORS GROUP (IDNOG) founded in Jakarta On June 24, 2014. IDNOG initiated by a group of volunteers from Internet Service Provider (ISP) companies, Network Access Providers (NAP) and Stake Holders. It is a non-profit organization,...
Critical Patch Update for All Oracle Products in July
Overview On July 20, 2022, NSFOCUS CERT monitored and found that Oracle officially released the CPU (Critical Patch Update) in July. A total of 349 vulnerabilities of varying degrees were fixed this time. This security update involves Oracle WebLogic Server, Oracle MySQL, Oracle Java SE, Oracle Retail Applications and many...
Configuring Collaboration Between ADS and ADS M
ADS M supports standalone management and cluster management. In standalone management mode, ADS M manages a single ADS in an in-path or out-of-path deployment. In cluster management mode, ADS M manages multiple ADSs as a cluster for automatic synchronization of device configuration and protocol synchronization among these ADSs. The following...
Apache Spark Shell Command Injection Vulnerability (CVE-2022-33891) Alerts
Overview Recently, NSFOCUS CERT detected that Apache officially released a security bulletin and fixed a command injection vulnerability (CVE-2022-33891) in Apache Spark. Since the Apache Spark UI enables acl through the configuration option Spark.acl.enable, by using an authentication filter, it is possible to check if a user has access to...
Configuring SSL Offload on NSFOCUS WAF
With the increasing scale of SSL traffic, its disadvantages are becoming more and more obvious. In HTTPS communication, the client needs to start an SSL handshake with the server after the TCP handshake, which may cause SSL delay. In addition, the web server needs to encrypt and decrypt the data...
