FlagThis

Apache has released security updates to address three severe vulnerabilities affecting MINA, HugeGraph-Server, and Traffic Control products. These flaws could potentially be exploited by attackers. It is crucial for security teams to immediately patch their systems to mitigate risks associated with these vulnerabilities. This is a very high priority incident, as these are highly used and critical applications. The traffic control bug allows attackers to exploit the web content distribution platform.

Apache has addressed a critical SQL injection vulnerability, CVE-2024-45387, in Traffic Control with a CVSS score of 9.9. Successful exploitation could allow attackers to execute arbitrary SQL commands, potentially leading to complete system compromise. It is crucial for users to patch immediately and update Traffic Control.

Multiple critical vulnerabilities have been discovered in Apache Struts2 and Tomcat, including a path traversal vulnerability in Struts2 (CVE-2024-53677) that can lead to remote code execution, and two vulnerabilities in Apache Tomcat (CVE-2024-50379 and CVE-2024-54677) that can cause remote code execution and denial of service respectively. These vulnerabilities stem from issues like Time-of-check Time-of-use (TOCTOU) race conditions during JSP compilation in Tomcat and the ability to upload files into restricted directories in Struts2, allowing attackers to potentially compromise affected systems. Users are urged to apply the available patches immediately.

A critical race condition vulnerability in Apache Tomcat web server has been disclosed which can lead to remote code execution (RCE). The vulnerability, identified as CVE-2024-50379, stems from a Time-of-Check to Time-of-Use (TOCTOU) issue in JSP compilation. This allows an unauthenticated attacker to execute arbitrary code remotely, which could lead to a full system compromise. This vulnerability emphasizes the importance of promptly applying security patches to web servers, as these are popular targets for malicious actors.

Multiple vulnerabilities have been discovered and addressed in Apache Superset, an open-source data visualization platform. These include SQL injection vulnerabilities and improper authorization flaws, allowing attackers to bypass security restrictions and potentially access sensitive data. Updates are recommended to patch these vulnerabilities and protect against exploitation.