Vulnerability Protection

ThinkPHP Remote Code Execution Vulnerability Handling Guide

December 17, 2018

1 Vulnerability Overview Recently, ThinkPHP posted a blog, announcing the release of an update that addresses a high-risk remote code execution (RCE) vulnerability. This vulnerability stems from the framework’s insufficient checks on controller names, which, in case forced routing is not enabled, would allow arbitrary code execution or even access to the server. ThinkPHP is […]

Apache mod_jk Access Control Bypass Vulnerability (CVE-2018-11759) Threat Alert

November 10, 2018

Vulnerability Overview

Recently, Apache Software Foundation (ASF) released a security advisory to announce the fix for an access control bypass vulnerability (CVE-2018-11759) in the mod_jk module in Apache Tomcat. Currently, the proof of concept (PoC) has been announced for this vulnerability. Users of this software should take precautions to fix this vulnerability as soon as possible. (more…)