The Hacker News Logo
Subscribe to Newsletter
CrowdSec

The Hacker News - Cybersecurity News and Analysis: Search results for Apache

Wow ! Backtrack Official Website's Server Hacked By Team Injector (1337db) !

Wow ! Backtrack Official Website's Server Hacked By Team Injector (1337db) !

December 25, 2010Mohit Kumar
Wow ! Backtrack Official Website's Server Hacked By Team Injector ! Attack on backtrack-linux.org From 1337 Team Injector   .    .--.   .--.   .---.      .           .'|        )      )      /      |             |     --:    --:      /    .-.| .-.  .  .   |        )      )    /    (   |(   ) |  | '---'  `--'   `--'    '      `-'`-`-'`-`--|                                           ;                                        `-'  Since we already tapped into exploit-db and their server lies  in  the same subnet  with  backtrack,  we  decided  to  check  out  their  mad security. Backtrack is run by muts, the same guy who also  administers exploit-db, so no wonder why it was super easy to get a shell...       $ uname -a Linux backtrack-linux.org 2.6.32.26-175.fc12.x86_64 #1 SMP Wed Dec 1 21:39:34 UTC 2010 x86_64 x86_64 x86_64 GNU/Linux $ id uid=48(apache) gid=494(apache) groups=494(apache) context=unconfined_u:system
New Apache Struts RCE Flaw Lets Hackers Take Over Web Servers

New Apache Struts RCE Flaw Lets Hackers Take Over Web Servers

August 22, 2018Mohit Kumar
Semmle security researcher Man Yue Mo has disclosed a critical remote code execution vulnerability in the popular Apache Struts web application framework that could allow remote attackers to run malicious code on the affected servers. Apache Struts is an open source framework for developing web applications in the Java programming language and is widely used by enterprises globally, including by 65 percent of the Fortune 100 companies, like Vodafone, Lockheed Martin, Virgin Atlantic, and the IRS. The vulnerability ( CVE-2018-11776 ) resides in the core of Apache Struts and originates because of insufficient validation of user-provided untrusted inputs in the core of the Struts framework under certain configurations. The newly found Apache Struts exploit can be triggered just by visiting a specially crafted URL on the affected web server, allowing attackers to execute malicious code and eventually take complete control over the targeted server running the vulnerable applicatio
Apache Struts 2 Flaws Affect Multiple Cisco Products

Apache Struts 2 Flaws Affect Multiple Cisco Products

September 12, 2017Swati Khandelwal
After Equifax massive data breach that was believed to be caused due to a vulnerability in Apache Struts , Cisco has initiated an investigation into its products that incorporate a version of the popular Apache Struts2 web application framework. Apache Struts is a free, open-source MVC framework for developing web applications in the Java programming language, and used by 65 percent of the Fortune 100 companies, including Lockheed Martin, Vodafone, Virgin Atlantic, and the IRS. However, the popular open-source software package was recently found affected by multiple vulnerabilities, including two remote code execution vulnerabilities—one discovered earlier this month, and another in March—one of which is believed to be used to breach personal data of over 143 million Equifax users . Some of Cisco products including its Digital Media Manager, MXE 3500 Series Media Experience Engines, Network Performance Analysis, Hosted Collaboration Solution for Contact Center, and Unified C
Online Courses and Software

Sign up for cybersecurity newsletter and get latest news updates delivered straight to your inbox daily.