Pierluigi Paganini
May 06, 2026
Apache fixed several flaws in HTTP Server, including CVE-2026-23918 (CVSS score of 8.8), a double-free bug in HTTP/2 that could allow remote code execution. The Apache Software Foundation has released updates to fix multiple vulnerabilities in its HTTP Server, including CVE-2026-23918 (CVSS score of 8.8). The issue involves a “double free” error in HTTP/2 handling […]
Pierluigi Paganini
December 26, 2024
Apache Software Foundation (ASF) addressed a critical SQL Injection vulnerability, tracked as CVE-2024-45387, in Apache Traffic Control. The Apache Software Foundation (ASF) released security updates to address a critical security vulnerability, tracked as CVE-2024-45387 (CVSS score 9.9), in Traffic Control. Traffic Control allows operators to set up a Content Delivery Network to quickly and efficiently deliver content […]
Pierluigi Paganini
December 24, 2024
The Apache Software Foundation fixed a Tomcat server software flaw that could lead to remote code execution under certain conditions. The Apache Software Foundation (ASF) addressed an important vulnerability, tracked as CVE-2024-56337, in its Tomcat server software. The researchers warn that exploiting this vulnerability could result in remote code execution under certain conditions. Apache Tomcat […]
Pierluigi Paganini
August 05, 2024
Researchers urge organizations using Apache OFBiz to address a critical bug, following reports of active exploitation of another flaw. Experts urge organizations to address a new critical vulnerability, tracked as CVE-2024-38856, in Apache OFBiz. The vulnerability is an incorrect authorization issue in Apache OFBiz that impacts versions through 18.12.14, version 18.12.15 addressed the flaw. “Unauthenticated […]
Pierluigi Paganini
July 07, 2024
The Apache Foundation addressed a critical source code disclosure vulnerability, tracked as CVE-2024-39884, in the HTTP Server. The Apache Software Foundation has addressed multiple vulnerabilities in its popular Apache HTTP Server. The vulnerabilities include denial-of-service (DoS), remote code execution, and unauthorized access issues. One of these vulnerabilities is a critical source code disclosure vulnerability tracked as […]
Pierluigi Paganini
December 11, 2023
The Apache Software Foundation addressed a critical remote code execution vulnerability in the Apache Struts 2 open-source framework. The Apache Software Foundation released security updates to address a critical file upload vulnerability in the Struts 2 open-source framework. Successful exploitation of the flaw, tracked as CVE-2023-50164, could lead to remote code execution. A remote attacker […]
Pierluigi Paganini
October 19, 2022
Researcher discovered a remote code execution vulnerability in the open-source Apache Commons Text library. GitHub’s threat analyst Alvaro Munoz discovered a remote code execution vulnerability, tracked as CVE-2022-42889, in the open-source Apache Commons Text library. Apache Commons Text is a library focused on algorithms working on strings. The vulnerability, dubbed “Text4Shell,” is an unsafe script evaluation issue […]
Pierluigi Paganini
December 29, 2021
The Apache Software Foundation released Log4j 2.17.1 version to address recently discovered arbitrary code execution flaw tracked as CVE-2021-44832. The Apache Software Foundation released Log4j 2.17.1 version to address a recently discovered arbitrary code execution flaw, tracked as CVE-2021-44832, affecting Log4j 2.17.0. CVE-2021-44832 is the fifth vulnerability discovered in the popular library in the last […]
Pierluigi Paganini
December 27, 2021
The Apache Software Foundation released Apache HTTP Server 2.4.52 to address a couple of security flaws that can lead to remote code execution. The Apache Software Foundation has released the Apache HTTP Server 2.4.52 to address a couple of vulnerabilities, tracked as CVE-2021-44790 and CVE-2021-44224, that can lead to remote code execution attacks. The CVE-2021-44790 […]
Pierluigi Paganini
October 05, 2021
Apache has addressed two vulnerabilities, one of which is a path traversal and file disclosure flaw in its HTTP server actively exploited in the wild. Apache has rolled out security patches to address two flaws, including a path traversal and file disclosure issue in its HTTP server that is actively exploited in the wild. The […]
