Overview Recently, Apache Software Foundation released a security advisory, announcing remediation of a privilege escalation vulnerability (CVE-2019-0211) in the Apache HTTP Server. Apache HTTP Server running MPM event, worker or prefork could allow an attacker to gain elevated privileges on the system by executing code in less-privileged child processes or...
Category: Emergency Response
Internet Explorer and Edge Browsers 0-Day Vulnerability Threat Alert
Overview Recently, a foreign researcher announced a 0-day vulnerability with Microsoft Edge and Internet Explorer (IE). Enticing a user to click a malicious link, an attacker could exploit this vulnerability to bypass the same-origin policy of the two kinds of browsers to launch a universal cross-site scripting (UXSS) attack to...
UC Browser Potential Man-in-the-Middle Vulnerability Threat Alert
Overview Recently, a foreign researcher discovered a potential vulnerability in the UC browser which may affect hundreds of millions of users around the world. A hidden feature is found in the UC browser to download auxiliary software modules for execution by bypassing some restrictions of an application store. This feature...
PostgreSQL Arbitrary Code Execution Vulnerability (CVE-2019-9193) Threat Alert
1 Vulnerability Overview Recently, a security researcher disclosed details about a PostgreSQL privilege escalation code execution vulnerability (CVE-2019-9193), which allows attackers with read access to database server-side files to execute arbitrary system commands. (more…)
Apache Tomcat DoS Vulnerability (CVE-2019-0199) Threat Alert
1 Vulnerability Overview Recently, The Apache Software Foundation announced the existence of a denial-of-service (DoS) vulnerability in Apache Tomcat HTTP/2. Specifically, the HTTP/2 implementation accepts streams with excessive numbers of SETTINGS frames and also permits clients to keep streams open without reading/writing request/response data. Thus, too many connection requests from...
Adobe Security Bulletins for March 2019 Security Updates Threat Alert
Overview On March 12, 2019 (local time), Adobe released security updates which address multiple vulnerabilities in Adobe Photoshop CC and Adobe Digital Editions. (more…)
