Security News

The Apache Software Foundation has hurried out a patch to address a pair of HTTP Web Server vulnerabilities, at least one of which is already being actively exploited. Apache's HTTP Server is widely used, and the vulnerabilities, CVE-2021-41524 and CVE-2021-41773, aren't great.

Unless you want to leak like a sieve The Apache Software Foundation has hurried out a patch to address a pair of HTTP Web Server vulnerabilities, at least one of which is already being actively exploited.…

These exploits show that the scope of the vulnerability transcends path traversal, allowing attackers remote code execution abilities. The path traversal vulnerability in Apache's HTTP server, first reported by BleepingComputer, has actively been exploited in the wild before the Apache project was notified of the flaw in September, or had a chance to patch it.

Apache Software has quickly issued a fix for a zero-day security bug in the Apache HTTP Server, which was first reported to the project last week. Path traversal issues allow unauthorized people to access files on a web server, by tricking either the web server or the web application running on it into returning files that exist outside of the web root folder.

The Apache Software Foundation has released version 2.4.50 of the HTTP Web Server to address two vulnerabilities, one of which is an actively exploited path traversal and file disclosure flaw.The Apache HTTP Server is an open-source, cross-platform web server that is extremely popular for being versatile, robust, and free.

The Apache Software Foundation has released version 2.4.50 of the HTTP Web Server to address two vulnerabilities, one of which is an actively exploited path traversal and file disclosure flaw. The Apache HTTP Server is an open-source, cross-platform web server that is extremely popular for being versatile, robust, and free.

While investigating a misconfiguration flaw in Apache Airflow, researchers discovered many exposed instances over the web leaking sensitive information, including credentials, from well-known tech companies. Apache Airflow is a popular open-source workflow management platform for organizing and managing tasks.

Apache OpenOffice, one of the most popular open-source office productivity software suites, sports a RCE vulnerability that could be triggered via a specially crafted document. CVE-2021-33035 was discovered by researcher Eugene Lim via fuzzing and source code review of Apache OpenOffice.

Apache OpenOffice is currently vulnerable to a remote code execution vulnerability and while the app's source code has been patched, the fix has only been made available as beta software and awaits an official release. CVE-2021-33035: RCE in Apache OpenOffice up to 4.1.10 - pure memory corruption.

One of the vulnerabilities addressed by the latest update for Apache OFBiz is an unsafe Java deserialization issue that could be exploited to execute code remotely, without authentication. A Java-based web framework, Apache OFBiz is an open source enterprise resource planning system that includes a suite of applications to automate business processes within enterprise environments, and which can be used across any industry.