Emergency Response Archives - Página 88 de 89

Businessman interacting with virtual data interface.

Jackson-databind RCE Vulnerability Handling Guide (CVE-2017-17485)

Por NSFOCUSPostou 25 de janeiro de 2018

At the beginning of 2018, jackson-databind was reported to contain another remote code execution (RCE) vulnerability (CVE-2017-17485) that affects versions 2.9.3 and earlier, 2.7.9.1 and earlier, and 2.8.10 and earlier. This vulnerability is caused by jackson-dababind's incomplete blacklist. An application that uses jackson-databind will become vulnerable when the enableDefaultTyping method...

Technical Analysis and Recommended Solution of GoAhead httpd/2.5 to 3.5 LD_PRELOAD Remote Code Execution Vulnerability (CVE-2017-17562)

Por NSFOCUSPostou 5 de janeiro de 2018

A remote RCE vulnerability (CVE-2017-17562) was found in all GoAhead Web Server’s versions earlier than 3.6.5. The vulnerability is a result of initializing the environment of forked CGI scripts using untrusted HTTP request parameters, and will affect all users who have CGI support enabled with dynamically linked executables (CGI scripts)....

Magnifying glass over Weblogic Server bug.

Technical Analysis and Solution of WebLogic Server (WLS) Component Vulnerability

Por NSFOCUSPostou 25 de dezembro de 2017

Overview Recently, NSFOCUS has received a slew of reports from customers in the finance, telecom, and Internet sectors on similar security events. Through analysis, NSFOCUS believes that these events are all associated with the malware-infected WebLogic Server (WLS) host. Specifically, attackers exploit the WLS component vulnerability (CVE-2017-10271) to attack the...

Technical analysis report cover on IoT malware.

Technical Analysis Report on Rowdy, A New Type of IoT Malware Exploiting STBs

Por NSFOCUSPostou 19 de outubro de 2017

In August 2017, NSFOCUS's DDoS situation awareness platform detected anoma-lous bandwidth usage over a customer's network, which, upon analysis, was confirmed to be a distributed denial-of-service (DDoS) attack. The attack was characterized by different types of traffic, including TCP flood, HTTP flood, and DNS flood. Tracing source IP addresses, we...

Analysis and Solution of Spring Data REST Server PATCH Request RCE Vulnerability

Por NSFOCUSPostou 11 de outubro de 2017

Overview Recently, Pivotal released a security advisory to reveal the Spring Data REST server is prone to a remote code execution vulnerability (CVE-2017-8046) when processing PATCH requests. Attackers could exploit this vulnerability by sending a crafted PATCH request to the Spring Data REST server. The submitted JSON data contains...

Struts 2 S2-052 REST Plug-in Remote Code Execution Vulnerability Analysis

Por NSFOCUSPostou 8 de setembro de 2017

Overview On September 5, 2017, Apache Struts released the latest security bulletin announcing that the REST plug-in in Apache Struts 2.5.x and some 2.x versions is prone to a high-risk remote code execution vulnerability, which has been assigned CVE-2017-9805 (S2-052). When using an XStream handler with an instance of XStream...