CVE-2023-50164: A Critical Vulnerability in Apache Struts
On December 7, 2023, Apache released a security advisory regarding CVE-2023-50164, a critical vulnerability in Apache Struts with CVSS score 9.8. Versions from 2.5.0 to 2.5.32 and 6.0.0 to 6.3.0 were affected. Apache Struts is a popular, free, open-source framework that is used in the creation of modern Java web ... Read More
CVE-2023-29552: Abusing the SLP Protocol to Launch Massive DDoS Amplification Attacks
On April 25, 2023, researchers at Bitsight and Curesec jointly discovered a high-severity vulnerability — tracked as CVE-2023-29552 — in the Service Location Protocol (SLP), a legacy Internet protocol. What is SLP protocol? Service Location Protocol (SLP) is a network protocol designed to simplify the process of discovering and accessing ... Read More