Apache Foundation urges users to patch now and fix major security worries

Apache Software Foundation discovered flaws in MINA, HugeGraph-Server, and Traffic Control
One of the flaws was given a 10/10 severity score
All bugs were patched, and admins are urged to apply the fixes ASAP

The Apache Software Foundation has released fixes for multiple vulnerabilities discovered in three different solutions: MINA, HugeGraph-Server, and Traffic Control. One of the flaws received a maximum 10/10 score.

Apache MINA is a network application framework that simplifies the development of high-performance and scalable communication protocols and applications by abstracting low-level I/O operations. Multiple versions (2.0 – 2.0.26, 2.1 – 2.1.9, and 2.2 – 2.2.3), were found vulnerable to a flaw that allowed threat actors to remotely execute arbitrary code, and as such, was given a severity score of 10/10.

It is tracked as CVE-2024-52046, and was addressed in versions 2.0.27, 2.1.10, and 2.2.4. However, as BleepingComputer reports, simply applying the patch will not suffice, since users also need to manually set the rejection of all classes, unless explicitly allowed by following one of three methods provided.

Attacks during winter holidays

Other two vulnerabilities are tracked as CVE-2024-43441, and CVE-2024-45387. The first, described as an authentication bypass issue, one was found in Apache HugeGraph-Server versions 1.0 – 1.3, and was addressed in version 1.5.0. The final one, an SQL injection vulnerability impacting Traffic Ops versions 8.0.0 – 8.0.1, was addressed in version 8.0.2. It was given a 9.9 critical severity score.

Winter holidays are notorious for being the time of the year when hackers are most active. With increased traffic, and many employees being on holiday leave, businesses are exposed more than usual. Cybercriminals are aware of this, and take advantage of the fact by launching devastating attacks, starting with Christmas eve onwards.

Therefore, Apache Software Foundation urged system administrators to upgrade their software to the latest version as soon as possible.

Via BleepingComputer

https://cdn.mos.cms.futurecdn.net/5fz9SMYxWbv44jFVcD4vmd-1200-80.jpg

Source link

Motorola Moto G75 5G rugged phone review

Quordle today – my hints and answers for Saturday, December 28 (game #1069)

NYT Strands today — my hints, answers and spangram for Saturday, December 28 (game #300)

NYT Connections today — my hints and answers for Saturday, December 28 (game #566)

What UK political parties are promising in the 2019 general election

Otto Warmbier’s parents want North Korea to suffer for their son’s death

Could a ‘youthquake’ cause Boris Johnson to lose the general election?

People are driving through flames to escape this California wildfire

New ‘Westworld’ trailer introduces us to another dystopian tech company

What’s the point of ‘Charlie’s Angels’ without Sam Rockwell dancing?

These striking photos capture the future of human flight

‘Heathers’ is still the best dark comedy about high school hell

Trump vs. Harris: How the election will affect EV adoption

Lumwana’s Super Pit Expansion Officially Launched By Investing.com

How Biden could use a 1947 law to suspend the dockworkers’ strike

Why your Roth IRA conversions could have ‘unintended’ tax consequences

The YouTuber who has become one of Gen Z’s most beloved celebrities

26 last-minute holiday gifts that are still thoughtful and unique

Practicing gratitude regularly can make you less stressed and sleep better

8 things millennials wish you would just stop getting them for the holidays

Apache Foundation urges users to patch now and fix major security worries

Motorola Moto G75 5G rugged phone review

Quordle today – my hints and answers for Saturday, December 28 (game #1069)

NYT Strands today — my hints, answers and spangram for Saturday, December 28 (game #300)

NYT Connections today — my hints and answers for Saturday, December 28 (game #566)

Leave a reply Cancel reply