The Hacker News - Cybersecurity News and Analysis: Apache exploit

If your web server is running on Apache Tomcat, you should immediately install the latest available version of the server application to prevent hackers from taking unauthorized control over it. Yes, that's possible because all versions (9.x/8.x/7.x/6.x) of the Apache Tomcat released in the past 13 years have been found vulnerable to a new high-severity (CVSS 9.8) ' file read and inclusion bug '—which can be exploited in the default configuration. But it's more concerning because several proof-of-concept exploits ( 1 , 2 , 3 , 4  and more ) for this vulnerability have also been surfaced on the Internet, making it easy for anyone to hack into publicly accessible vulnerable web servers. Dubbed ' Ghostcat ' and tracked as CVE-2020-1938 , the flaw could let unauthenticated, remote attackers read the content of any file on a vulnerable web server and obtain sensitive configuration files or source code, or execute arbitrary code if the server allows file uploa

The Apache Software Foundation (ASF) has released new versions of its Tomcat application server to address an important security vulnerability that could allow a remote attacker to execute malicious code and take control of an affected server. Developed by ASF, Apache Tomcat is an open source web server and servlet system, which uses several Java EE specifications such as Java Servlet, JavaServer Pages (JSP), Expression Language, and WebSocket to provide a "pure Java" HTTP web server environment for Java concept to run in. The remote code execution vulnerability ( CVE-2019-0232 ) resides in the Common Gateway Interface (CGI) Servlet when running on Windows with enableCmdLineArguments enabled and occurs due to a bug in the way the Java Runtime Environment (JRE) passes command line arguments to Windows. Since the CGI Servlet is disabled by default and its option enableCmdLineArguments is disabled by default in Tomcat 9.0.x, the remote code execution vulnerability has

Semmle security researcher Man Yue Mo has disclosed a critical remote code execution vulnerability in the popular Apache Struts web application framework that could allow remote attackers to run malicious code on the affected servers. Apache Struts is an open source framework for developing web applications in the Java programming language and is widely used by enterprises globally, including by 65 percent of the Fortune 100 companies, like Vodafone, Lockheed Martin, Virgin Atlantic, and the IRS. The vulnerability ( CVE-2018-11776 ) resides in the core of Apache Struts and originates because of insufficient validation of user-provided untrusted inputs in the core of the Struts framework under certain configurations. The newly found Apache Struts exploit can be triggered just by visiting a specially crafted URL on the affected web server, allowing attackers to execute malicious code and eventually take complete control over the targeted server running the vulnerable applicatio

The Apache Tomcat team has recently patched several security vulnerabilities in Apache Tomcat, one of which could allow an unauthorised attacker to execute malicious code on affected servers remotely. Apache Tomcat, developed by the Apache Software Foundation (ASF), is an open source web server and servlet system, which uses several Java EE specifications like Java Servlet, JavaServer Pages (JSP), Expression Language, and WebSocket, and provides a "pure Java" HTTP web server environment for Java concept to run in. Unlike Apache Struts2 vulnerabilities , which have recently been exploited to breach the systems of American credit reporting agency Equifax , Apache Tomcat flaws are less likely to be exploited. The critical Remote Code Execution (RCE) vulnerability (CVE-2017-12617) discovered in Apache Tomcat is due to insufficient validation of user-supplied input by the affected software. Only systems with HTTP PUTs enabled (via setting the "read-only" initi