Wilson's Media

A Tech & Gaming Blog

Apache Foundation urges users to patch now and fix major security worries

  • Apache Software Foundation discovered flaws in MINA, HugeGraph-Server, and Traffic Control
  • One of the flaws was given a 10/10 severity score
  • All bugs were patched, and admins are urged to apply the fixes ASAP

The Apache Software Foundation has released fixes for multiple vulnerabilities discovered in three different solutions: MINA, HugeGraph-Server, and Traffic Control. One of the flaws received a maximum 10/10 score.

Apache MINA is a network application framework that simplifies the development of high-performance and scalable communication protocols and applications by abstracting low-level I/O operations. Multiple versions (2.0 – 2.0.26, 2.1 – 2.1.9, and 2.2 – 2.2.3), were found vulnerable to a flaw that allowed threat actors to remotely execute arbitrary code, and as such, was given a severity score of 10/10.

It is tracked as CVE-2024-52046, and was addressed in versions 2.0.27, 2.1.10, and 2.2.4. However, as BleepingComputer reports, simply applying the patch will not suffice, since users also need to manually set the rejection of all classes, unless explicitly allowed by following one of three methods provided.

Attacks during winter holidays

Other two vulnerabilities are tracked as CVE-2024-43441, and CVE-2024-45387. The first, described as an authentication bypass issue, one was found in Apache HugeGraph-Server versions 1.0 – 1.3, and was addressed in version 1.5.0. The final one, an SQL injection vulnerability impacting Traffic Ops versions 8.0.0 – 8.0.1, was addressed in version 8.0.2. It was given a 9.9 critical severity score.

Winter holidays are notorious for being the time of the year when hackers are most active. With increased traffic, and many employees being on holiday leave, businesses are exposed more than usual. Cybercriminals are aware of this, and take advantage of the fact by launching devastating attacks, starting with Christmas eve onwards.

Therefore, Apache Software Foundation urged system administrators to upgrade their software to the latest version as soon as possible.

Via BleepingComputer

You might also like


Source

Apache Software Foundation discovered flaws in MINA, HugeGraph-Server, and Traffic Control One of the flaws was given a 10/10 severity score All bugs were patched, and admins are urged to apply the fixes ASAP The Apache Software Foundation has released fixes for multiple vulnerabilities discovered in three different solutions: MINA,…

Tags: ,
Previous Post
Next Post

Leave a Reply

Your email address will not be published. Required fields are marked *

Recent Posts

Archives