Security News

61 impacted versions of Apache Struts left off security advisories
2019-08-19 10:23

Researchers found that 24 security advisories inaccurately listed affected versions for the open-source development framework.

Many Apache Struts Security Advisories Updated Following Review
2019-08-16 05:41

Two dozen security advisories for the Apache Struts open source development framework have been updated after researchers determined that they contained incorrect information regarding which...

Apache Security Advisories Red Flag Wrong Versions in Patching Gaffe
2019-08-15 18:41

Up to 24 Apache Struts Security Advisories listed the wrong versions that were impacted by vulnerabilities, researchers warn.

PoC exploit for Carpe Diem Apache bug released
2019-04-09 09:25

Charles Fol, the security engineer that unearthed the Carpe Diem Apache HTTP Server bug (CVE-2019-0211), has released an exploit for it. “This is between a POC and a proper exploit. I added tons...

Apache needs a patchy! Carpe Diem, update now
2019-04-04 11:06

A flaw in the world’s most popular web server could give an attacker a way to gain full control of Unix-based systems.

A patchy Apache a-patchin: HTTP server gets fix for worrying root access hole
2019-04-03 19:52

Rogue 'worker' processes can sneak in with elevated privileges at startup Apache HTTP Server has been given a patch to address a potentially serious elevation of privilege vulnerability.…

Patched Apache flaw is a serious threat for web hosting providers
2019-04-03 11:04

Organizations running Apache web servers are urged to implement the latest security update to fix a serious privilege escalation flaw (CVE-2019-0211) that can be triggered via scripts and could...

New Apache Web Server Bug Threatens Security of Shared Web Hosts
2019-04-02 17:48

Mark J Cox, one of the founding members of the Apache Software Foundation and the OpenSSL project, today posted a tweet warning users about a recently discovered important flaw in Apache HTTP...

LibreOffice patches malicious code-execution bug, Apache OpenOffice... wait for it, wait for it... doesn't
2019-02-04 20:07

Remote scripting flaw in open-source productivity suites is at least partly fixed A security flaw affecting LibreOffice and Apache OpenOffice has been fixed in one of the two open-source office...

Apache Hadoop spins cracking code injection vulnerability YARN
2018-11-23 11:00

Loose .zips sink chips 2: Electric Boogaloo The "Zip Slip" vulnerability that first emerged in June has claimed another victim – the Apache Hadoop YARN NodeManager daemon.…