Security News
Hackers have started scanning the web in search of Apache Tomcat servers affected by a recently disclosed vulnerability tracked as CVE-2020-1938 and dubbed Ghostcat. Bad Packets told SecurityWeek on Wednesday that the scanning activity they have detected is designed to enumerate vulnerable servers by checking for the path "/WEB-INF/web.
A serious vulnerability affecting Apache Tomcat can be exploited to read files from a server and in some cases even to achieve remote code execution. Chaitin says the vulnerability is related to the Apache JServ Protocol protocol, which is designed to improve performance by proxying inbound requests from a web server through to an application server.
If your web server is running on Apache Tomcat, you should immediately install the latest available version of the server application to prevent hackers from taking unauthorized control over it. Yes, that's possible because all versions of the Apache Tomcat released in the past 13 years have been found vulnerable to a new high-severity 'file read and inclusion bug'-which can be exploited in the default configuration.
If you find port 80 is a security risk on your network, you can change the Apache listening port to something non-standard.
Add terminal- and web-based Apache access.log view with GoAccess.
Add terminal- and web-based Apache access.log view with Goaccess.
Here’s an overview of some of last week’s most interesting news and articles: The overlooked part of an infosec strategy: Cyber insurance underwriting When a data breach or cyber attack hits the...
Two remote code execution (RCE) vulnerabilities in Apache Solr could be exploited by attackers to compromise the underlying server. One – CVE-2019-12409 – has already been patched, while the other...
Linux users running the enterprise-search platform Solr are potentially vulnerable to remote code execution attack.
DataStax, the company behind the leading database built on Apache Cassandra, announced early access to the DataStax Change Data Capture (CDC) Connector for Apache Kafka. The DataStax CDC Connector...