Security News

Hackers Scanning for Apache Tomcat Servers Vulnerable to Ghostcat Attacks
2020-03-05 12:29

Hackers have started scanning the web in search of Apache Tomcat servers affected by a recently disclosed vulnerability tracked as CVE-2020-1938 and dubbed Ghostcat. Bad Packets told SecurityWeek on Wednesday that the scanning activity they have detected is designed to enumerate vulnerable servers by checking for the path "/WEB-INF/web.

Apache Tomcat Affected by Serious 'Ghostcat' Vulnerability
2020-02-28 19:31

A serious vulnerability affecting Apache Tomcat can be exploited to read files from a server and in some cases even to achieve remote code execution. Chaitin says the vulnerability is related to the Apache JServ Protocol protocol, which is designed to improve performance by proxying inbound requests from a web server through to an application server.

GhostCat: New High-Risk Vulnerability Affects Servers Running Apache Tomcat
2020-02-28 10:37

If your web server is running on Apache Tomcat, you should immediately install the latest available version of the server application to prevent hackers from taking unauthorized control over it. Yes, that's possible because all versions of the Apache Tomcat released in the past 13 years have been found vulnerable to a new high-severity 'file read and inclusion bug'-which can be exploited in the default configuration.

How to change the HTTP listening port in Apache
2019-12-30 02:57

If you find port 80 is a security risk on your network, you can change the Apache listening port to something non-standard.

How to analyze the Apache log file with GoAccess
2019-12-19 21:47

Add terminal- and web-based Apache access.log view with GoAccess.

How to analyze the Apache log file with Goaccess
2019-12-19 21:18

Add terminal- and web-based Apache access.log view with Goaccess.

Week in review: The data skills gap,  new Kali Linux release, Apache Solr RCEs with public PoCs
2019-12-01 16:30

Here’s an overview of some of last week’s most interesting news and articles: The overlooked part of an infosec strategy: Cyber insurance underwriting When a data breach or cyber attack hits the...

Apache Solr RCEs with public PoCs could soon be exploited
2019-11-25 10:33

Two remote code execution (RCE) vulnerabilities in Apache Solr could be exploited by attackers to compromise the underlying server. One – CVE-2019-12409 – has already been patched, while the other...

Apache Solr Bug Gets Bumped Up to High Severity
2019-11-20 19:41

Linux users running the enterprise-search platform Solr are potentially vulnerable to remote code execution attack.

DataStax unveils Change Data Capture Connector for Apache Kafka
2019-10-02 02:00

DataStax, the company behind the leading database built on Apache Cassandra, announced early access to the DataStax Change Data Capture (CDC) Connector for Apache Kafka. The DataStax CDC Connector...