Recently, Apache Synapse released a new version to fix the remote code execution vulnerability (CVE-2017-15708). This vulnerability sources from the Apache Commons Collections component. Attackers can remotely run code by injecting specially crafted ...
On November 22, 2016, Apache’s official security team published a remote code execution vulnerability in Apache Tomcat identifier
Apache Tomcat remote code execution vulnerability
Apache Hadoop is a software framework that supports data-intensive distributed applications and is released with the Apache License 2.0. Recently, security researchers have detected a vulnerability in Apache Hadoop 2.8.0, 3.0.0-alpha1, and 3.0.0-alpha2 ...
On November 7, 2017, the new versions 2.1.1 and 1.7.0 or 1.7.1 of Apache CouchDB were released. The new versions fix two high about the vulnerability.
Remote command execution vulnerabilities in Apache ...
Apache Tomcat is a popular open-source JSP application server program. Apache Tomcat 9.0.0.M1–9.0.0.M20, 8.5.0&ndash
Apache Tomcat security policy bypass vulnerability
An attacker can exploit this ...
1. Account settingsRun Apache with a dedicated user account and group.
Create a user and a group for Apache as necessary.
See the configuration operations. If no users or groups have been set up, create a new user and specify it in the Apache ...
DescriptionThe Apache HTTP server has a cookie information disclosure vulnerability in the implementation of the default error 1 (recommended)Upgrade to Apache HTTPD 2.2.22 or a later version.
Open the HTTPD configuration file (the httpd.ini ...