LINK Apache Log4J has been getting significant of attention in the last 2-3 weeks. Don’t forget the perennial favorite, http server. It needs your attention now as well.
Tag: apache
CISA creates Apache Log4j Vulnerability Guidance webpage
LINK CISA created this page to show updates and suggestions on actions as well.
Active Attack: Zero-Day in Log4j Java library
LINK All versions of Apache are affected. Attacks are already occurring. Update anything Apache now.
Apache Tomcat HTTP Request Smuggling Vulnerability (CVE-2021-33037)
LINK Tomcat has updates…Update your installs ASAP
Apache releases advisory for Tomcat
LINK Time to examine Tomcat again.
Apache releases NEW update to Critical Update from earlier this week
LINK Apache was affected by a zero-day earlier this week. They have released a NEW update for the update that was pushed out earlier this week. The fix that was released earlier was ineffectual. Download and use 2.4.51, not 2.4.50.
Apache updates HTTP server from a Zero-Day, Update NOW
LINK Time to update immediately as the Apache Foundation has released an update to their HTTP server that fixes a Zero-Day.
Apache Releases Important Tomcat Update
LINK Apache Tomcat did not correctly parse the HTTP transfer-encoding requestheader in some circumstances leading to the possibility to requestsmuggling when used with a reverse proxy. Specifically: Tomcatincorrectly ignored the transfer-encoding header if the client declaredit would only accept an HTTP/1.0 response; Tomcat honoured the identifyencoding; and Tomcat did not ensure that, if present, the […]
Apache Tomcat Release
LINK Apache Tomcat released an update: Time to update CVE-2021-25122 h2c request mix-up Severity: Important Vendor: The Apache Software Foundation Versions Affected: Apache Tomcat 10.0.0-M1 to 10.0.0 Apache Tomcat 9.0.0.M1 to 9.0.41 Apache Tomcat 8.5.0 to 8.5.61 Description: When responding to new h2c connection requests, Apache Tomcat could duplicate request headers and a limited amount […]