Overview On January 19, 2022, NSFOCUS CERT monitoring found that Oracle officially released the CPU (Critical Patch Update) in January. A total of 497 vulnerabilities of varying degrees were fixed this time. This security update involves Oracle WebLogic Server. , Oracle MySQL, Oracle Java SE, Oracle FusionMiddleware, Oracle Retail Applications...
Categoria: Blog
Cutting-Edge Technologies Empowering Data Sharing and Computing Between Enterprises
Compliance has seen radical changes in the requirements and driving force of data security and a broader category of data objects under data security protection. Application scenarios covered by data security will become more diversified, and data security requirements will cover all phases of the data lifecycle. In order to...
Apache Dubbo Remote Code Execution Vulnerability (CVE-2021-43297) Notification
Overview On January 12, NSFOCUS CERT found that Apache issued a security notice to fix a remote code execution vulnerability (CVE-2021-43297) in Dubbo. Due to a deserialization vulnerability in Dubbo's hessian-lite, an unauthenticated attacker could exploit the vulnerability to remotely execute arbitrary code on the target system. Most Dubbo users...
Cutting-Edge Technologies Empowering Data Security Governance Within Enterprises
Compliance has seen radical changes in the requirements and driving force of data security and a broader category of data objects under data security protection. Application scenarios covered by data security will become more diversified, and data security requirements will cover all phases of the data lifecycle. In order to...
Analysis of Log4j2 0-Day Vulnerability from the Perspective of Supply Chain
The outbreak of Log4j2 vulnerability has caused an uproar all over the world, with a wide range of influence and great harm second to none. The event is a typical supply chain event caused by open source software. The vulnerability of upstream software affects the products of downstream industries. The...
3 Steps to Mitigate the Log4j2 Vulnerabilities Using NSFOCUS WAF
On December 9, NSFOCUS monitored the disclosure of the Apache Log4j2 remote code execution vulnerability (CVE-2021-44228) on the Internet. Apache Log4j2 is an open source Java logging framework, which is widely used in middleware, development frameworks and web applications to record log information. The vulnerability PoC has been made public...
