Apache Dubbo Remote Code Execution Vulnerability (CVE-2021-43297) Notification
janeiro 13, 2022
Overview On January 12, NSFOCUS CERT found that Apache issued a security notice to fix a remote code execution vulnerability (CVE-2021-43297) in Dubbo. Due to a deserialization vulnerability in Dubbo’s hessian-lite, an unauthenticated attacker could exploit the vulnerability to remotely execute arbitrary code on the target system. Most Dubbo users use Hessian2 as the serialization/deserialization […]
Linux apt/apt-get Remote Code Execution (RCE) Vulnerability (CVE-2019-3462) Threat Alert
janeiro 28, 2019
Overview
On January 22, 2019, local time, security researcher Max Justicz announced his discovery of a remote code execution (RCE) vulnerability in Linux apt/apt-get. This vulnerability stems from the APT’s failure to properly handle certain parameters involved in HTTP redirects. It can be triggered via a man-in-the-middle attack or a malicious package mirror, resulting in remote code execution. (mais…)
