Apache warnt vor kritischen Fehlern in MINA, HugeGraph und Traffic Control

Teilen:

The Apache Software Foundation has released security updates to address three severe problems that affect MINA, HugeGraph-Server, and Traffic Control products.

The vulnerabilities were patched in new software versions released between December 23 and 25. However, the holiday period may lead to a slower patching rate and increased risk of exploitation.

One of the bugs is tracked as CVE-2024-52046 and impacts MINA versions 2.0 through 2.0.26, 2.1 through 2.1.9, and 2.2 through 2.2.3. The issue received a critical severity score of 10 out of 10 from the Apache Software Foundation

Apache MINA is a network application framework that provides an abstraction layer for developing high-performance and scalable network applications.

The latest problem lies in ‘ObjectSerializationDecoder’ caused by unsafe Java deserialization, potentially leading to remote code execution (RCE).

The Apache team clarified that the vulnerability is exploitable if the ‘IoBuffer#getObject()’ method is used in combination with certain classes.

Apache addressed the issue with the release of versions 2.0.27, 2.1.10, and 2.2.4, which enhanced the vulnerable component with stricter security defaults.

However, upgrading to those versions isn’t enough. Users also need to manually set the rejection of all classes unless explicitly allowed by following one of the three methods provided.

The vulnerability impacting Apache HugeGraph-Server versions 1.0 through 1.3, is an authentication bypass problem tracked as CVE-2024-43441. It is caused by improper validation of authentication logic.

Apache HugeGraph-Server is a graph database server that enables efficient storage, querying, and analysis of graph-based data.

The authentication bypass problem was addressed in version 1.5.0, which is the recommended upgrade target for HugeGraph-Server users.

The third flaw is identified as CVE-2024-45387 and the Apache Software Foundation rated it with a 9.9 critical severity score. It is an SQL injection problem impacting Traffic Ops versions 8.0.0 to 8.0.1.

Apache Traffic Control is a Content Delivery Network (CDN) management and optimization tool.

The latest problem on the product is caused by the insufficient input sanitization of SQL queries, allowing arbitrary SQL command execution using specially crafted PUT requests.

The problem was fixed in Apache Traffic Control version 8.0.2, released earlier this week. The Apache team noted that versions 7.0.0 to up to 8.0.0 are not impacted.

System administrators are strongly recommended to upgrade to the latest product version as soon as possible, especially as hackers often choose to strike during this time of the year when companies have fewer employees on duty and response times are longer.

Quelle

Kommentar verfassen

Deine E-Mail-Adresse wird nicht veröffentlicht. Erforderliche Felder sind mit * markiert

lade-bild
London, GB
2:05 am, Feb. 12, 2025
Wetter-Symbol 4°C
L: 3° | H: 5°
overcast clouds
Luftfeuchtigkeit: 91 %
Druck: 1019 mb
Wind: 5 mph NNW
Windböe: 0 mph
UV-Index: 0
Niederschlag: 0 mm
Wolken: 100%
Regen Chance: 0%
Sichtbarkeit: 7 km
Sonnenaufgang: 7:20 am
Sonnenuntergang: 5:09 pm
TäglichStündlich
Tägliche VorhersageStündliche Vorhersage
Today 9:00 pm
Wetter-Symbol
3° | 5°°C 0 mm 0% 5 mph 91 % 1021 mb 0 mm/h
Tomorrow 9:00 pm
Wetter-Symbol
3° | 6°°C 0 mm 0% 9 mph 87 % 1025 mb 0 mm/h
Fr. Feb. 14 9:00 pm
Wetter-Symbol
1° | 6°°C 0 mm 0% 8 mph 81 % 1026 mb 0 mm/h
Sa. Feb. 15 9:00 pm
Wetter-Symbol
1° | 6°°C 0 mm 0% 8 mph 85 % 1024 mb 0 mm/h
So. Feb. 16 9:00 pm
Wetter-Symbol
4° | 8°°C 1 mm 100% 6 mph 95 % 1019 mb 0 mm/h
Today 3:00 am
Wetter-Symbol
4° | 4°°C 0 mm 0% 3 mph 91 % 1018 mb 0 mm/h
Today 6:00 am
Wetter-Symbol
4° | 4°°C 0 mm 0% 3 mph 85 % 1018 mb 0 mm/h
Today 9:00 am
Wetter-Symbol
4° | 4°°C 0 mm 0% 3 mph 81 % 1019 mb 0 mm/h
Today 12:00 pm
Wetter-Symbol
5° | 5°°C 0 mm 0% 3 mph 68 % 1019 mb 0 mm/h
Today 3:00 pm
Wetter-Symbol
6° | 6°°C 0 mm 0% 3 mph 71 % 1019 mb 0 mm/h
Today 6:00 pm
Wetter-Symbol
5° | 5°°C 0 mm 0% 5 mph 76 % 1020 mb 0 mm/h
Today 9:00 pm
Wetter-Symbol
5° | 5°°C 0 mm 0% 5 mph 78 % 1021 mb 0 mm/h
Tomorrow 12:00 am
Wetter-Symbol
3° | 3°°C 0 mm 0% 4 mph 87 % 1022 mb 0 mm/h
Name Preis24H (%)
Bitcoin(BTC)
€92,775.54
-1.91%
Ethereum(ETH)
€2,525.21
-3.01%
Fesseln(USDT)
€0.96
-0.04%
XRP(XRP)
€2.34
-1.51%
Solana(SOL)
€190.64
-3.04%
USDC(USDC)
€0.97
-0.01%
Dogecoin(DOGE)
€0.245033
-2.12%
Shiba Inu(SHIB)
€0.000015
-1.53%
Pepe(PEPE)
€0.000010
-3.00%
Nach oben scrollen