Meetup Vulnerabilities: Escalation of Privilege and Redirection of Funds

Learn More

Tag: Remote Code Execution Vulnerabilities

Checkmarx Research: Apache Dubbo 2.7.3 – Unauthenticated RCE via Deserialization of Untrusted Data (CVE-2019-17564)

by Dor Tumarkin
Research by Dor Tumarkin

Executive Summary Having developed a high level of interest in serialization attacks in recent years, I’ve decided to put some effort into researching Apache Dubbo some months back. Dubbo, I’ve learned, deserializes many things in many ways, and whose usage world-wide has grown significantly after its adoption by the Apache Foundation. Figure 1 – Dubbo

Read More ›

Apache Struts, RCEs, and the Equifax Breach Anniversary

Apache Struts, RCEs, and the Equifax Breach Anniversary

by Matthew Rose

We just passed the one-year anniversary of Equifax’s announcement of their massive data breach due to an exploit of an Apache Struts vulnerability (CVE-2017-5638) – and incidentally, at nearly the same time that Apache announced another critical Apache Struts security flaw (). The latest Apache Struts vulnerability, CVE-2018-11776, was published in NVD on August 22,

Read More ›

Jump to Category

Popular Posts

How Attackers Could Hijack Your Android Camera to Spy on You

How Attackers Could Hijack Your Android Camera to Spy on You
LeapFrog LeapPad Ultimate Security Vulnerabilities

LeapFrog LeapPad Ultimate Security Vulnerabilities
Kotlin Guide: Why We Need Mobile Application Secure Coding Practices

Kotlin Guide: Why We Need Mobile Application Secure Coding Practices

Stay Connected

Sign up today & never miss an update from the Checkmarx blog

This website uses cookies to ensure you get the best experience on our website. By continuing on our website,
you consent to our use of cookies. To find out more about how we use cookies, please see our Cookie Policy.

I Accept