![]() To detect critical flaws before they’re exploited, we use Trend Micro Cloud One™, a security services platform for cloud builders. This vulnerability in Apache HTTP Server has also been recently highlighted by the German cybersecurity authority Bundesamt fur Sicherheit in der Informationsyechnik (BSI) for active exploitation in the wild. Had this attempt successfully returned the different fields from IMDS if the usage was not restricted to IMDSv2, attackers could have enumerated permissions for the API keys and could go on to exploit security misconfigurations (if any) in the AWS account. In this attempt, we observe attackers attempting to fetch Amazon Elastic Compute Cloud (EC2) instance meta data from the instance meta data service ( IMDS) on the link-local IPv4 address 169.254.169.254. Inherently, the default configuration of Apache HTTP Server doesn’t allow for exploitation of these two vulnerabilities. The POST data of the request is processed as the input arguments to the called function. The ‘mod_cgi’ module processes the URI and executes it as a child process. bin/sh) can be used to handle users’ requests. ![]() Using CGIs, compiled programs and scripts on the server (eg. In certain configurations where CGI scripts are enabled for these paths, one can achieve RCE on the vulnerable server. These CVE IDs track the path traversal vulnerabilities found in Apache HTTP Server which allow attackers to map URLs to files/directories outside of the web root. Trend Micro Research also reported on the abuse of GitHub and Netlify platforms for mining XMR cryptocurrency on vulnerable hosts, targeting a slew of products with widely circulated public exploits.Īs Log4Shell news continues to develop, this blog looks at how to detect and protect against Apache vulnerabilities from October using a unified SaaS platform. Like Log4Shell, these flaws allowed for RCE when Common Gateway Interface (CGI) scripts were enabled for aliased paths for files outside of the alias-like directories, as well as server side request forgery (SSRF) attacks. Similar sever, unauthenticated vulnerabilities ( CVE-2021-41773, CVE-2021-42013, CVE-2021-40438) in Apache HTTP Server were found in October. ![]() If you’re using any of the affected products (Apache Struts, Apache Solr, Apache Druid, Elasticsearch, Apache Dubbo, and VMware vCenter), you can use our Log4j vulnerability tester to identify any vulnerable server applications. If exploited, the vulnerability, officially identified as CVE-2021-4428 and dubbed Log4Shell, can result in remote code execution (RCE) by sending crafted log messaged. On December 9, news that a vulnerability in Apache Log4j, a commonly used logging package for Java, was found.
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |