The Hacker News Logo
Subscribe to Newsletter

The Hacker News — Cyber Security and Hacking News Website: Apache

Apache Tomcat Patches Important Remote Code Execution Flaw

Apache Tomcat Patches Important Remote Code Execution Flaw
April 15, 2019Wang Wei
The Apache Software Foundation (ASF) has released new versions of its Tomcat application server to address an important security vulnerability that could allow a remote attacker to execute malicious code and take control of an affected server. Developed by ASF, Apache Tomcat is an open source web server and servlet system, which uses several Java EE specifications such as Java Servlet, JavaServer Pages (JSP), Expression Language, and WebSocket to provide a "pure Java" HTTP web server environment for Java concept to run in. The remote code execution vulnerability ( CVE-2019-0232 ) resides in the Common Gateway Interface (CGI) Servlet when running on Windows with enableCmdLineArguments enabled and occurs due to a bug in the way the Java Runtime Environment (JRE) passes command line arguments to Windows. Since the CGI Servlet is disabled by default and its option enableCmdLineArguments is disabled by default in Tomcat 9.0.x, the remote code execution vulnerability has

New Apache Web Server Bug Threatens Security of Shared Web Hosts

New Apache Web Server Bug Threatens Security of Shared Web Hosts
April 02, 2019Wang Wei
Mark J Cox, one of the founding members of the Apache Software Foundation and the OpenSSL project, today posted a tweet warning users about a recently discovered important flaw in Apache HTTP Server software. The Apache web server is one of the most popular, widely used open-source web servers in the world that powers almost 40 percent of the whole Internet. The vulnerability, identified as CVE-2019-0211 , was discovered by Charles Fol , a security engineer at Ambionics Security firm, and patched by the Apache developers in the latest version 2.4.39 of its software released today. The flaw affects Apache HTTP Server versions 2.4.17 through 2.4.38 and could allow any less-privileged user to execute arbitrary code with root privileges on the targeted server. "In Apache HTTP Server 2.4 releases 2.4.17 to 2.4.38, with MPM event, worker or prefork, code executing in less-privileged child processes or threads (including scripts executed by an in-process scripting interprete

New Apache Struts RCE Flaw Lets Hackers Take Over Web Servers

New Apache Struts RCE Flaw Lets Hackers Take Over Web Servers
August 22, 2018Mohit Kumar
Semmle security researcher Man Yue Mo has disclosed a critical remote code execution vulnerability in the popular Apache Struts web application framework that could allow remote attackers to run malicious code on the affected servers. Apache Struts is an open source framework for developing web applications in the Java programming language and is widely used by enterprises globally, including by 65 percent of the Fortune 100 companies, like Vodafone, Lockheed Martin, Virgin Atlantic, and the IRS. The vulnerability ( CVE-2018-11776 ) resides in the core of Apache Struts and originates because of insufficient validation of user-provided untrusted inputs in the core of the Struts framework under certain configurations. The newly found Apache Struts exploit can be triggered just by visiting a specially crafted URL on the affected web server, allowing attackers to execute malicious code and eventually take complete control over the targeted server running the vulnerable applicatio

Equifax Suffered Data Breach After It Failed to Patch Old Apache Struts Flaw

Equifax Suffered Data Breach After It Failed to Patch Old Apache Struts Flaw
September 14, 2017Swati Khandelwal
The massive Equifax data breach that exposed highly sensitive data of as many as 143 million people was caused by exploiting a flaw in Apache Struts framework, which Apache patched over two months earlier of the security incident, Equifax has confirmed. Credit rating agency Equifax is yet another example of the companies that became victims of massive cyber attacks due to not patching a critical vulnerability on time, for which patches were already issued by the respected companies. Rated critical with a maximum 10.0 score, the Apache Struts2 vulnerability (CVE-2017-5638) exploited in the Equifax breach was disclosed and fixed by Apache on March 6 with the release of Apache Struts version 2.3.32 or 2.5.10.1. This flaw is separate from CVE-2017-9805, another Apache Struts2 vulnerability that was patched earlier this month, which was a programming bug that manifests due to the way Struts REST plugin handles XML payloads while deserializing them, and was fixed in Struts versio

Google Employees Help Thousands Of Open Source Projects Patch Critical ‘Mad Gadget Bug’

Google Employees Help Thousands Of Open Source Projects Patch Critical ‘Mad Gadget Bug’
March 02, 2017Swati Khandelwal
Last year Google employees took an initiative to help thousands of Open Source Projects patch a critical remote code execution vulnerability in a widely used Apache Commons Collections (ACC) library. Dubbed Operation Rosehub , the initiative was volunteered by some 50 Google employees, who utilized 20 percent of their work time to patch over 2600 open source projects on Github, those were vulnerable to "Mad Gadget vulnerability." Mad Gadget vulnerability ( CVE-2015-6420 ) is a remote code execution bug in the Java deserialization used by the Apache Commons Collections (ACC) library that could allow an unauthenticated, remote attacker to execute arbitrary code on a system. The ACC Library is widely deployed by many Java applications to decode data passed between computers. To exploit this flaw, all an unauthorized attacker need to do is submit maliciously crafted input to an application on a targeted system that uses the ACC library. Once the vulnerable ACC libra

Java based Cross platform malware targeting Apache Tomcat servers in the wild

Java based Cross platform malware targeting Apache Tomcat servers in the wild
November 21, 2013Mohit Kumar
Takashi Katsuki, a researcher at Antivirus firm Symantec has discovered a new cyber attack ongoing in the wild, targeting an open-source Web server application server Apache Tomcat with a cross platform Java based backdoor that can be used to attack other machines. The malware, dubbed as " Java.Tomdep " differs from other server malware and is not written in the PHP scripting language. It is basically a Java based backdoor act as Java Servlet that gives Apache Tomcat platforms malicious capabilities. Because Java is a cross platform language, the affected platforms include Linux, Mac OS X, Solaris, and most supported versions of Windows. The malware was detected less than a month ago and so far the number of infected machines appears to be low. You may think that this type of attack only targets personal computers, such as desktops and laptops, but unfortunately that isn’t true. Servers can also be attacked. They are quite valuable targets, since they are usu

New Apache backdoor serving Blackhole exploit kit

New Apache backdoor serving Blackhole exploit kit
April 27, 2013Mohit Kumar
A new sophisticated and stealthy Apache backdoor meant to drive traffic to malicious websites serving Blackhole exploit kit widely has been detected by  Sucuri recently. Researchers claimed that this backdoor affecting hundreds of web servers right now. Dubbed Linux/Cdorked.A , one of the most sophisticated Apache backdoors we have seen so far. The backdoor leaves no traces of compromised hosts on the hard drive other than its modified httpd binary, thereby complicating forensics analysis. All of the information related to the backdoor is stored in shared memory.  The configuration is pushed by the attacker through obfuscated HTTP requests that aren't logged in normal Apache logs. The HTTP server is equipped with a reverse connect backdoor that can be triggered via a special HTTP GET request. This means that no command and control information is stored anywhere on the system. ESET researchers  analyzed the binary and discovered a nasty hidden backdoor. In the Li

Apache Tomcat Multiple Critical Vulnerabilities

Apache Tomcat Multiple Critical Vulnerabilities
December 05, 2012Mohit Kumar
Some critical vulnerabilities have been reported in Apache Tomcat, which can be exploited by malicious people to bypass certain security restrictions and cause a DoS (Denial of Service) attack. These vulnerabilities affect Apache Tomcat 6.x and Apache Tomcat 7.x . Apache Tomcat vulnerabilities CVE-2012-4534 Apache Tomcat denial of service CVE-2012-3546 Apache Tomcat Bypass of security constraints CVE-2012-4431 Apache Tomcat Bypass of CSRF prevention filter According to CVE-2012-4431 , The CSRF prevention filter could be bypassed if a request was made to a protected resource without a session identifier present in the request. CVE-2012-4534, DOS includes vulnerabilities ranging from excessive resource consumption (e.g. causing a system to use a lot of memory) to crashing an application or an entire system. Whereas, CVE-2012-3546 - where malicious users or people can bypass certain security mechanisms of the application. The actual impact varies signif
Exclusive Deals

Get Daily News Updates By Email

Join over 350,000 information security professionals — Get the best of our cyber security coverage delivered to your inbox every morning.