Skip to main content

Apache

Apache Struts Vulnerability POC Code Found on GitHub

posted onAugust 24, 2018
by l33tdawg
Credit: RF

On August 22, 2018, the Apache Software Foundation reported a new vulnerability in the Apache Struts framework (CVE-2018-11776) that could allow an attacker to execute remote code and possibly gain access to a targeted system. The flaw exists because Apache Struts does not perform proper validation of input data. This is a flaw in the Struts framework core, which means all Struts installations are potentially vulnerable.

NSA partners with Apache to release open-source data traffic program

posted onNovember 25, 2014
by l33tdawg

Many of you probably think that the National Security Agency (NSA) and open-source software get along like a house on fire. That's to say, flaming destruction. You would be wrong.

In partnership with the Apache Software Foundation, the NSA announced on Tuesday it is releasing the source code for Niagarafiles (Nifi). The spy agency said Nifi "automates data flows among multiple computer networks, even when data formats and protocols differ."

Secure your Apache server from DDoS, Slowloris, and DNS Injection attacks

posted onDecember 4, 2013
by l33tdawg

Apache is the most widely used web server on the planet, and it's also one of the most widely attacked. To that end, it's always smart to lock down your Apache server as best as possible. This goes well beyond just locking down your network -- you need to give that Apache server as much attention as it might get from outside sources.

I'll walk you through the process of preventing your Apache server from Distributed Denial of Service (DDoS), Slowloris, and DNS Injection attacks. These breakins are quite simple to prevent, as long as you take the time to lock down that server.

Google adds Android and Apache to open source security rewards programme

posted onNovember 20, 2013
by l33tdawg

Google has extended its Patch Reward Program to include a raft of new platforms and technologies including its own Android system as it looks to improve the securiry of open source software.

The firm announced an overhaul to its security patch policies last month, offering white hats up to $3,133 for fixes.

Attack hitting Apache websites is invisible to the naked eye

posted onApril 30, 2013
by l33tdawg

Ongoing exploits infecting tens of thousands of reputable sites running the Apache Web server have only grown more powerful and stealthy since Ars first reported on them four weeks ago. Researchers have now documented highly sophisticated features that make these exploits invisible without the use of special forensic detection methods.