Remote Code Execution Vulnerabilities

Apache Unomi CVE-2020-13942: RCE Vulnerabilities Discovered

Apache Unomi CVE-2020-13942: RCE Vulnerabilities Discovered

| | Apache Unomi, Blog, Codebashing, CxSAST, CxSCA, Remote Code Execution Vulnerabilities, Software Composition Analysis, Technical Blog
“Apache Unomi is a Java Open Source customer data platform, a Java server designed to manage customers, leads and visitors’ data and help personalize customers experiences,” according to its website. Unomi can ...
Blog – Checkmarx
Exploiting Apache Dubbo Remote Code Execution Vulnerability

Checkmarx Research: Apache Dubbo 2.7.3 – Unauthenticated RCE via Deserialization of Untrusted Data (CVE-2019-17564)

| | Apache Dubbo, Apache Software Foundation, Application Security Awareness, Application Security Vulnerabilities, Blog, Checkmarx Security Research Team, Remote Code Execution Vulnerabilities, Technical Blog
Executive Summary Having developed a high level of interest in serialization attacks in recent years, I’ve decided to put some effort into researching Apache Dubbo some months back. Dubbo, I’ve learned, deserializes ...
Blog – Checkmarx
Apache Struts, RCEs, and the Equifax Breach Anniversary

Apache Struts, RCEs, and the Equifax Breach Anniversary

| | Apache Software Foundation, Apache Struts, Blog, closed source, CVE-2017-5638, CVE-2017-9805, CVE-2018-11776, Cybersecurity, Equifax breach, open source, Remote Code Execution Vulnerabilities, Software Exposure
We just passed the one-year anniversary of Equifax’s announcement of their massive data breach due to an exploit of an Apache Struts vulnerability (CVE-2017-5638) – and incidentally, at nearly the same time ...
Blog – Checkmarx