On the plus side, only instances with non-standard not recommended configurations are vulnerable. On the downside, those configurations aren’t easy to track down, and it’s easy as pie to exploit.
Posts tagged "Apache"
Critical SonicWall NAC Vulnerability Stems from Apache Mods
Researchers offer more detail on the bug, which can allow attackers to completely take over targets.
Threatpost
Critical Apache HTTPD Server Bugs Could Lead to RCE, DoS
Don’t freak: It’s got nothing to do with Log4Shell, except it may be just as far-reaching as Log4j, given HTTPD’s tendency to tiptoe into software projects.
Threatpost
Third Log4J Bug Can Trigger DoS; Apache Issues Patch
The new Log4j vulnerability is similar to Log4Shell in that it also affects the logging library, but this DoS flaw has to do with Context Map lookups, not JNDI.
Threatpost
Zero Day in Ubiquitous Apache Log4j Tool Under Active Attack
The Log4Shell vulnerability critically threatens anybody using the popular open-source Apache Struts framework and could lead to a “Mini internet meltdown soonish.”
Threatpost
Apache Kafka Cloud Clusters Expose Sensitive Data for Large Companies
The culprit is misconfigured Kafdrop interfaces, used for centralized management of the open-source platform.
Threatpost