Rewterz Threat Alert – Dridex Banking Malware – IOCs
January 26, 2021Rewterz Threat Alert – North Korean APT Targets Security Researchers
January 26, 2021Rewterz Threat Alert – Dridex Banking Malware – IOCs
January 26, 2021Rewterz Threat Alert – North Korean APT Targets Security Researchers
January 26, 2021Severity
High
Analysis Summary
CVE-2021-23901
Apache Nutch could allow a remote attacker to obtain sensitive information, caused by improper handling of XML external entity (XXE) declarations by the DmozParser. By using a specially-crafted XML content, a remote attacker could exploit this vulnerability to read arbitrary files on the server.
Impact
Information Disclosure
Affected Vendors
Apache
Affected Products
Apache Nutch 1.17
Remediation
Upgrade to the latest version of Nutch (1.18 or later).