Security News

A malicious document could lead to RCE in Apache OpenOffice (CVE-2021-33035)
2021-09-22 10:53

Apache OpenOffice, one of the most popular open-source office productivity software suites, sports a RCE vulnerability that could be triggered via a specially crafted document. CVE-2021-33035 was discovered by researcher Eugene Lim via fuzzing and source code review of Apache OpenOffice.

Apache OpenOffice can be hijacked by malicious documents, fix still in beta
2021-09-20 20:52

Apache OpenOffice is currently vulnerable to a remote code execution vulnerability and while the app's source code has been patched, the fix has only been made available as beta software and awaits an official release. CVE-2021-33035: RCE in Apache OpenOffice up to 4.1.10 - pure memory corruption.

Remote Code Execution Vulnerability Patched in Apache OFBiz
2021-03-23 04:52

One of the vulnerabilities addressed by the latest update for Apache OFBiz is an unsafe Java deserialization issue that could be exploited to execute code remotely, without authentication. A Java-based web framework, Apache OFBiz is an open source enterprise resource planning system that includes a suite of applications to automate business processes within enterprise environments, and which can be used across any industry.

Critical RCE Vulnerability Found in Apache OFBiz ERP Software—Patch Now
2021-03-22 01:34

The Apache Software Foundation on Friday addressed a high severity vulnerability in Apache OFBiz that could have allowed an unauthenticated adversary to remotely seize control of the open-source enterprise resource planning system. Tracked as CVE-2021-26295, the flaw affects all versions of the software prior to 17.12.06 and employs an "Unsafe deserialization" as an attack vector to permit unauthorized remote attackers to execute arbitrary code on a server directly.

New Cryptojacking Malware Targeting Apache, Oracle, Redis Servers
2021-02-01 03:15

A financially-motivated threat actor notorious for its cryptojacking attacks has leveraged a revised version of their malware to target cloud infrastructures using vulnerabilities in web server technologies, according to new research. Deployed by the China-based cybercrime group Rocke, the Pro-Ocean cryptojacking malware now comes with improved rootkit and worm capabilities, as well as harbors new evasion tactics to sidestep cybersecurity companies' detection methods, Palo Alto Networks' Unit 42 researchers said in a Thursday write-up.

New Pro-Ocean malware worms through Apache, Oracle, Redis servers
2021-01-29 19:06

The financially-motivated Rocke hackers are using a new piece of cryptojacking malware called Pro-Ocean to target vulnerable instances of Apache ActiveMQ, Oracle WebLogic, and Redis. The new malware is a step up from the previous threat used by the group in that it comes with self-spreading capabilities, blindly throwing exploits at discovered machines.

Undisclosed Apache Velocity XSS vulnerability impacts GOV sites
2021-01-15 05:05

An undisclosed Cross-Site Scripting vulnerability in Apache Velocity Tools can be exploited by unauthenticated attackers to target government sites, including NASA and NOAA. Although 90 days have elapsed since the vulnerability was reported and patched, BleepingComputer is not aware of a formal disclosure made by the project. Govt sites using Apache Velocity Tools vulnerable to XSS. Apache Velocity Tools has an undisclosed XSS vulnerability, which impacts all its versions despite a fix having been published on GitHub months ago.

Possible Code Execution Flaw in Apache Struts
2020-12-08 19:51

The Apache Software Foundation has released a security update for Struts 2, to address what is described as a "Possible remote code execution" flaw related to the OGNL technology. Tracked as CVE-2020-17530, the newly addressed bug resides in "Forced OGNL evaluation, when evaluated on raw user input in tag attributes," according to an Apache advisory.

Stantinko Proxy Trojan Masquerades as Apache Servers
2020-11-25 09:43

A threat group tracked as Stantinko was observed using a new version of a Linux proxy Trojan that poses as Apache servers to remain undetected. Previously, the Stantinko group was mainly known for the targeting of Windows systems, but recent attacks show that they are also focusing on evolving their Linux malware, with a new proxy Trojan that masquerades as httpd, the Apache Hypertext Transfer Protocol Server found on many Linux servers.

Google Researcher Reported 3 Flaws in Apache Web Server Software
2020-08-25 06:52

Apache recently fixed multiple vulnerabilities in its web server software that could have potentially led to the execution of arbitrary code and, in specific scenarios, even could allow attackers to cause a crash and denial of service. The first of the three issues involve a possible remote code execution vulnerability due to a buffer overflow with the "Mod uwsgi" module, potentially allowing an adversary to view, change, or delete sensitive data depending on the privileges associated with an application running on the server.