Apache

Apache Dubbo Remote Code Execution Vulnerability (CVE-2020-1948) Patch Bypass Threat Alert

July 6, 2020

Overview

On June 23, NSFOCUS reported that Apache Dubbo contained a remote code execution vulnerability (CVE-2020-1948) resulting from deserialization.

Apache Dubbo is a high-performance Java RPC framework. The vulnerability exists in Hessian, a default deserialization tool used by Apache Dubbo. An attacker may exploit it by sending malicious RPC requests which usually contain unidentifiable service or method names and some malicious parameter loads. When malicious parameters are deserialized, the vulnerability is triggered, allowing the attackers to remotely execute code.

(more…)

Apache Tomcat Session Deserialization Code Execution Vulnerability (CVE-2020-9484) Threat Alert

June 5, 2020

Overview Recently, Apache Tomcat released a security advisory, announcing the fix of a remote code execution vulnerability (CVE-2020-9484) due to persistent session. An attacker can exploit this vulnerability only when the following conditions are met: The attacker can take control of the contents and name of a file on the server. The server is configured […]

Apache Dubbo Deserialization Vulnerability (CVE-2019-17564) Threat Alert

February 25, 2020

Overview

Recently, researchers from the Chekmarx team discovered and released a deserialization vulnerability (CVE-2019-17564) existing in Apache Dubbo.

Apache Dubbo is a high-performance Java RPC framework. This vulnerability exists in Dubbo application which has the HTTP protocol enabled for communication. An attacker could exploit this vulnerability by submitting a POST request with a Java object, thereby completely compromising a Provider instance of Apache Dubbo. (more…)

Apache Log4j Deserialization Remote Code Execution (CVE-2019-17571) Vulnerability Threat Alert

January 6, 2020

Vulnerability Description

On December 19 local time, Apache Software Foundation (ASF) officially released a security advisory, announcing that Apache Log4j has a deserialization issue that could cause remote code execution (CVE-2019-17571). Log4j is a Java-based open-source logging tool from the Apache Software Foundation. Log4j 1.2 includes a SocketServer class which can easily accept serialized log events and deserialize them without authentication. With the aid of deserialization tools, an attacker could use this class to remotely execute arbitrary code. (more…)

Apache Flink Arbitrary Jar Package Upload Threat Alert

December 10, 2019

Overview

Recently, researchers have discovered the Apache Flink Jar package to upload the attack data. Attackers can exploit this vulnerability to upload a Jar package containing malicious code without authorization, thereby taking control of the target server. (more…)

Advisory: Apache Flink Remote Code Execution Vulnerability

December 2, 2019

Overview

Recently, a security researcher announced a remote code execution vulnerability in Apache Flink Dashboard. The vulnerability does not require an attacker to authenticate, and a malicious Jar package can be uploaded via the dashboard to execute the code remotely. NSFOCUS researchers also made a successful re-enactment through research, confirming that they can attack the latest version of Flink. (more…)

Advisory: Apache Shiro RememberMe Padding Oracle Vulnerability

November 30, 2019

Vulnerability Description

In September 2019, Apache officially released a vulnerability topic “RememberMe Padding Oracle Vulnerability” numbered SHIRO-721. The issue pointed out that because the RememberMe field of the Apache Shiro cookie is encrypted by the AES-128-CBC mode, Shiro is vulnerable to Padding Oracle attacks. An attacker can use the Legal RememberMe cookie as the Padding Oracle attack prefix to construct RememberMe to trigger a Java deserialization attack. The attacker does not need to know the RememberMe encryption key when executing an attack. Apache Shiro is a powerful and easy-to-use Java security framework for performing authentication, authorization, passwords, and session management. Recently, it has been found that the use of this vulnerability has been spread in a small scope, and relevant users should take measures to protect against this vulnerability as soon as possible. (more…)

Apache Solr velocity Remote Code Execution Vulnerability Handling Guide

November 12, 2019

Vulnerability Description

On October 30, @_S00pY disclosed the exploitation of Apache Solr Remote Code Execution Vulnerability, which allows attackers to implement remote code execution via velocity templates. After testing, the vulnerability can be successfully triggered, and no official security patch has been released. (more…)

Apache Tomcat DoS Vulnerability (CVE-2019-0199) Threat Alert

March 28, 2019

1 Vulnerability Overview

Recently, The Apache Software Foundation announced the existence of a denial-of-service (DoS) vulnerability in Apache Tomcat HTTP/2. Specifically, the HTTP/2 implementation accepts streams with excessive numbers of SETTINGS frames and also permits clients to keep streams open without reading/writing request/response data. Thus, too many connection requests from clients can cause server-side thread exhaustion. Successful exploitation of this vulnerability would result in a denial of service on the target. (more…)