Tag Archives: Apache

June Linux Patch Wednesday

June Linux Patch Wednesday. This time, there are 598 vulnerabilities, almost half as many as in May. Of these, 355 are in the Linux Kernel. There are signs of exploitation in the wild for 3 vulnerabilities (CISA KEV).

🔻 SFB – Chromium (CVE-2025-2783)
🔻 MemCor – Chromium (CVE-2025-5419)
🔻 CodeInj – Hibernate Validator (CVE-2025-35036). This vulnerability is exploited in attacks on Ivanti EPMM (CVE-2025-4428).

Additionally, for 40 (❗️) vulnerabilities public exploits are available or there are signs of their existence. Notable among them are:

🔸 RCE – Roundcube (CVE-2025-49113)
🔸 EoP – libblockdev (CVE-2025-6019)
🔸 DoS – Apache Tomcat (CVE-2025-48988), Apache Commons FileUpload (CVE-2025-48976)
🔸 InfDisc – HotelDruid (CVE-2025-44203)
🔸 DoS – ModSecurity (CVE-2025-47947)

🗒 Full Vulristics report

На русском

June “In the Trend of VM” (#16): vulnerabilities in Microsoft Windows, Apache HTTP Server, the web interfaces of MDaemon and Zimbra, and the 7-Zip archiver

Leave a reply

June “In the Trend of VM” (#16): vulnerabilities in Microsoft Windows, Apache HTTP Server, the web interfaces of MDaemon and Zimbra, and the 7-Zip archiver. A traditional monthly vulnerability roundup. 🙂

🗞 Post on Habr (rus)
🗒 Digest on the PT website (rus)

A total of 7 trending vulnerabilities:

🔻 Elevation of Privilege – Microsoft DWM Core Library (CVE-2025-30400)
🔻 Elevation of Privilege – Windows Common Log File System Driver (CVE-2025-32701, CVE-2025-32706)
🔻 Remote Code Execution & Arbitrary File Reading – Apache HTTP Server (CVE-2024-38475)
🔻 Cross Site Scripting – MDaemon Email Server (CVE-2024-11182)
🔻 Cross Site Scripting – Zimbra Collaboration (CVE-2024-27443)
🔻 Remote Code Execution – 7-Zip (BDU:2025-01793)

На русском

About Remote Code Execution & Arbitrary File Reading – Apache HTTP Server (CVE-2024-38475) vulnerability

Leave a reply

About Remote Code Execution & Arbitrary File Reading – Apache HTTP Server (CVE-2024-38475) vulnerability. Improper escaping of output in mod_rewrite module leads to remote code execution or arbitrary file reading. Successful exploitation does not require authentication.

🔻 Apache HTTP Server 2.4.60, which includes a fix for this vulnerability, was released on July 1, 2024. Orange Tsai (DEVCORE) published technical details and BH2024 slides on the vulnerability on August 9, 2024. A PoC exploit has been on GitHub since August 18, 2024.

🔻 On April 29, 2025, it was disclosed that CVE-2024-38475 is actively exploited to compromise SonicWall SMA gateways. WatchTowr Labs explains how the vulnerability exposes the SQLite file with active session tokens. On May 1, the vulnerability was added to the CISA KEV.

Naturally, this vulnerability could potentially affect far more than just SonicWall appliances. 😏

На русском

April “In the Trend of VM” (#14): vulnerabilities in Microsoft Windows, VMware products, Kubernetes, and Apache Tomcat

Leave a reply

April “In the Trend of VM” (#14): vulnerabilities in Microsoft Windows, VMware products, Kubernetes, and Apache Tomcat. We decided to pause recording new videos, so for now only text. 🤷‍♂️🙂

🗞 Post on Habr (rus)
🗒 Digest on the PT website (rus)

A total of 11 trending vulnerabilities:

🔻 Elevation of Privilege – Windows Cloud Files Mini Filter Driver (CVE-2024-30085)
🔻 Spoofing – Windows File Explorer (CVE-2025-24071)
🔻 Four Windows vulnerabilities from March Microsoft Patch Tuesday were exploited in the wild (CVE-2025-24985, CVE-2025-24993, CVE-2025-26633, CVE-2025-24983)
🔻 Three VMware “ESXicape” Vulnerabilities (CVE-2025-22224, CVE-2025-22225, CVE-2025-22226)
🔻 Remote Code Execution – Apache Tomcat (CVE-2025-24813)
🔻 Remote Code Execution – Kubernetes (CVE-2025-1974)

На русском

About Remote Code Execution – Apache Tomcat (CVE-2025-24813) vulnerability

1 Reply

About Remote Code Execution – Apache Tomcat (CVE-2025-24813) vulnerability. Apache Tomcat is an open-source software that provides a platform for Java web applications. The vulnerability allows a remote attacker to upload and execute arbitrary files on the server due to flaws in the handling of uploaded session files and the deserialization mechanism.

🔻 The vendor’s bulletin was released on March 10. It notes that the two conditions required for exploitation (“writes enabled for the default servlet” and “file based session persistence with the default storage location”) are not met in default installations.

🔻 Vulnerability write-up based on patch analysis and PoC exploit were published on March 11. Fully functional exploits have been available on GitHub since March 13.

🔻 Since March 17, there have been signs of exploitation in the wild. 👾 On April 1, the vulnerability was added to CISA KEV.

The vulnerability was fixed in versions 9.0.99, 10.1.35, and 11.0.3.

На русском

New episode “In The Trend of VM” (#11): vulnerabilities that became trending in December and the final report on trending vulnerabilities for 2024

Leave a reply

New episode “In The Trend of VM” (#11): vulnerabilities that became trending in December and the final report on trending vulnerabilities for 2024. I made this episode exclusively for the Telegram channel @avleonovcom “Vulnerability Management and More”. 😉

📹 Video on YouTube, LinkedIn
🗞 Post on Habr (rus)
🗒 Digest on the PT website

Content:

🔻 00:00 Greetings
🔻 00:28 Elevation of Privilege – Windows Kernel Streaming WOW Thunk Service Driver (CVE-2024-38144)
🔻 01:30 Elevation of Privilege – Windows Common Log File System Driver (CVE-2024-49138)
🔻 02:37 Remote Code Execution – Apache Struts (CVE-2024-53677)
🔻 03:31 Authentication Bypass – Hunk Companion WordPress plugin (CVE-2024-11972)
🔻 04:44 Trending vulnerabilities for 2024

👾 08:10 Channel mascot 😅

На русском

About Remote Code Execution – Apache Struts (CVE-2024-53677) vulnerability

1 Reply

About Remote Code Execution – Apache Struts (CVE-2024-53677) vulnerability. Apache Struts is an open source software framework for building Java web applications. It allows developers to separate the application’s business logic from the user interface. Due to its scalability and flexibility, Apache Struts is often used in large enterprise projects.

A security bulletin describing the vulnerability was released on December 14. A flaw in file upload logic allows an unauthenticated attacker to perform Path Traversal, upload a malicious file, and, under certain circumstances, perform Remote Code Execution. On December 20, a public exploit for the vulnerability was released. There are reports of exploitation attempts, but no information on successful attacks yet.

The vendor recommends upgrading to version 6.4.0 or higher and migrating applications to the new secure File Upload mechanism.

На русском

This is my personal blog. The opinions expressed here are my own and not of my employer. All product names, logos, and brands are property of their respective owners. All company, product and service names used here for identification purposes only. Use of these names, logos, and brands does not imply endorsement. You can freely use materials of this site, but it would be nice if you place a link on https://avleonov.com and send message about it at me@avleonov.com or contact me any other way.

Alexander V. Leonov

Vulnerability Management and more

Tag Archives: Apache

June Linux Patch Wednesday

June “In the Trend of VM” (#16): vulnerabilities in Microsoft Windows, Apache HTTP Server, the web interfaces of MDaemon and Zimbra, and the 7-Zip archiver

About Remote Code Execution & Arbitrary File Reading – Apache HTTP Server (CVE-2024-38475) vulnerability

April “In the Trend of VM” (#14): vulnerabilities in Microsoft Windows, VMware products, Kubernetes, and Apache Tomcat

About Remote Code Execution – Apache Tomcat (CVE-2025-24813) vulnerability

New episode “In The Trend of VM” (#11): vulnerabilities that became trending in December and the final report on trending vulnerabilities for 2024

About Remote Code Execution – Apache Struts (CVE-2024-53677) vulnerability