Vulnerability Report Archives | Page 3 of 3 | Cloud-Based Platform AIONCLOUD

Vulnerability Analysis Report (2023.07)

2023.07 – ProxyNotShell 1. Overview ProxyNotShell is a Remote Code Execution (RCE) vulnerability in MS Exchange Server that consists of multiple CVEs, and we have summarized the results of our analysis for each CVE. 2. Attack Process This section analyzes how the three CVEs corresponding to the ProxyNotShell vulnerability are used in conjunction with each Read more about Vulnerability Analysis Report (2023.07)[…]

SQL Injection based JSON

1. Overview SQL Injection is a major attack vector for websites and a common security threat in web applications. Most web application firewalls (WAFs) can detect and block SQL Injection attacks natively. However, many WAF vendors have been found to be unable to detect SQL Injection attacks that exploit JSON operators and functions, so we Read more about SQL Injection based JSON[…]

Apache Struts2 Vulnerability

1. Overview Apache Struts2 is a JAVA-based web application development framework, and this section summarizes the results of our analysis of remote code execution (RCE) vulnerabilities that can occur in web applications using the framework. 2. Attack Types This section analyzes the attack types for four CVEs among the various Apache Struts2 RCE vulnerabilities. 1) Read more about Apache Struts2 Vulnerability[…]

WAF Pattern for OWASP 2021

A01_2021-Broken Access Control Vulnerability due to weak access control that could lead to unauthorized viewing, modification, or deletion of data. – Vulnerable page access detection – Directory Listing – Stem file access detection A02_2021-Cryptographic Failures Vulnerability that may result in information leakage due to inadequate encryption of data in transit and storage – Personal Information Read more about WAF Pattern for OWASP 2021[…]

Guide to vulnerabilities for Apache HTTP Server CVE-2021-444224 / CVE-2021-44790

Hello, this is MONITORAPP technical support team. We are sending you our review of the two vulnerabilities in the title. We are sending you an internal review related to the two patterns. CVE-2021-44224 – This vulnerability is a case that cannot be dealt with in a pattern. – There is no NULL check in the Read more about Guide to vulnerabilities for Apache HTTP Server CVE-2021-444224 / CVE-2021-44790[…]

Apache Tomcat Vulnerability Security Update Advisory

Overview – Apache Tomcat has released a security update to address a new vulnerability. – Personnel responsible for servers using vulnerable versions are advised to update to the latest version by visiting the manufacturer’s website Description. – Apache Tomcat sends a WebSocket message at the same time it closes a WebSocket connection, which could allow Read more about Apache Tomcat Vulnerability Security Update Advisory[…]

An update on the Apache Log4j vulnerability

  The Apache Software Foundation has released a security update that addresses vulnerabilities in Log4j (https://logging.apache.org/log4j) software.  Apache Log4j, where the vulnerability was found, is a Java-based open-source utility used to leave a log while writing a program.  Since attackers can take advantage of the vulnerability and cause damage such as malicious code infection, we Read more about An update on the Apache Log4j vulnerability[…]

Scroll Up