Rewterz Threat Advisory – CVE-2021-29968 – Mozilla Firefox Text Characters Vulnerability
June 17, 2021Rewterz Threat Alert – DanaBot Trojan – Active IOCs
June 17, 2021Rewterz Threat Advisory – CVE-2021-29968 – Mozilla Firefox Text Characters Vulnerability
June 17, 2021Rewterz Threat Alert – DanaBot Trojan – Active IOCs
June 17, 2021Severity
High
Analysis Summary
CVE-2021-30468
Apache CXF is vulnerable to a denial of service, caused by an infinite loop flaw in the JsonMapObjectReaderWriter function. By sending a specially-crafted JSON to a web service, a remote attacker could exploit this vulnerability to consume available CPU resources, and results in a denial of service condition.
CVE-2020-9493
Apache Chainsaw could allow a remote authenticated attacker to execute arbitrary code on the system, caused by an unsafe deserialization flaw when reading the log events. By sending specially-crafted requests, an attacker could exploit this vulnerability to execute arbitrary code on the system.
Impact
- Denial of Service
- Code Execution
Affected Vendors
Apache
Affected Products
- Apache CXF 3.3.10
- Apache CXF 3.4.3
- Apache Chainsaw 2.0.0
Remediation
Upgrade to the latest version of Apache available from the Apache Web site