Rewterz Threat Advisory – CVE-2020-5802 – Rockwell Automation FactoryTalk denial of service
December 30, 2020Rewterz Threat Alert – Fake Microsoft Login Page
December 31, 2020Rewterz Threat Advisory – CVE-2020-5802 – Rockwell Automation FactoryTalk denial of service
December 30, 2020Rewterz Threat Alert – Fake Microsoft Login Page
December 31, 2020Severity
Medium
Analysis Summary
Apache Cassandra could allow a remote authenticated attacker to traverse directories on the system, caused by the disable of Rack::Protection module. An attacker could send a specially-crafted URL request containing “dot dot” sequences (/../) to view arbitrary files on the system.
Impact
Obtain Information
Affected Vendors
Apache
Affected Products
Apache Cassandra 0.5.0
Remediation
Refer to vendor advisory for the complete list of affected products.