Search This Blog
Powered by Blogger.

Blog Archive

Labels

Load More
Trendy Right Now

Popular Posts

Showing posts with label system flaws. Show all posts
System Security
Apache Vulnerability Cyber Security Software system flaws System Security

3 Critical Apache Flaws Discovered: Users Should Update to Avoid Major Risks

3 Critical Apache Flaws Discovered: Users Should Update to Avoid Major Risks

Experts find critical flaws 

The Cyber Security Agency of Singapore has issued warning against three critical flaws in Apache software products. The Apache Software Foundation has released security patches to address these vulnerabilities, which can cause risk to users and organizations using these tools. The three critical vulnerabilities are CVE-2024-43441, CVE-2024-45387, and CVE-2024-52046. 

About CVE-2024-43441, CVE-2024-45387, and CVE-2024-52046 

Out of the affected Apache vulnerabilities, CVE-204-43441 impacts Apache HugeGraph-Server, a graph database server commonly used to deal with complex data relationships. This flaw lets hackers escape security checks, giving unauthorized access to data. Exploiting this flaw can allow threat actors to get entry to restricted systems without needing credentials.

The second flaw, CVE-2024-45387, has been found in Apache Traffic Control, a famous tool for optimizing and managing content delivery networks (CDNs). The flaw only affects Traffic Ops, an important part of Apache Traffic Control. Hackers can misuse this vulnerability to launch SQL injection attacks to modify databases, causing modification or unauthorized data access.

The third flaw, CVE-2024-52046, was found in a network application framework Apache MINA used for various applications. The vulnerability comes from the mishandling of Java’s deserialization protocol, allowing threat actors to send modified serialized data.

“By exploiting this issue, attackers could execute remote code on affected systems, which may result in full system compromise. This vulnerability affects Apache MINA versions before 2.0.27, 2.1.10, and 2.24. The exploitation of this flaw could lead to remote code execution (RCE) attacks, posing a serious risk to users of affected versions,” reports the Cyber Express.

How to address these critical flaws

According to Cyber Express, users and administrators of Apache HugeGraph-Server should upgrade to version 1.5.0 or above to protect themselves against CVE-2024-43441. This update resolves the authentication bypass issue, preventing unauthorized users from gaining access to systems. 

To defend against the SQL injection vulnerability, CVE-2024-45387 in Apache Traffic Control requires users to update to versions higher than 8.0.1. Failure to implement this patch may expose users to data modification or leakage. 

However, CVE-2024-52046 in Apache MINA needs more research. Besides the newest versions (2.0.27, 2.1.10, or 2.24), administrators must take additional precautions to reduce the dangers associated with unbounded deserialization. 

Read more »
Subscribe to: Posts (Atom)