Rewterz Threat Advisory – CVE-2022-46366 – Apache Tapestry Vulnerability
December 5, 2022Rewterz Threat Alert – Mars Stealer – Active IOCs
December 5, 2022Rewterz Threat Advisory – CVE-2022-46366 – Apache Tapestry Vulnerability
December 5, 2022Rewterz Threat Alert – Mars Stealer – Active IOCs
December 5, 2022Severity
Medium
Analysis Summary
CVE-2021-37533
Apache Commons Net could allow a remote attacker to obtain sensitive information, caused by an issue with the FTP client trusts the host from PASV response by default. By persuading a victim to connect to specially-crafted server, an attacker could exploit this vulnerability to obtain information about services running on the private network, and use this information to launch further attacks against the affected system.
Impact
Information Disclosure
Indicators Of Compromise
CVE
- CVE-2021-37533
Affected Vendors
Apache
Affected Products
- Apache Commons Net 3.8.0
Remediation
Upgrade to the latest version of Apache Commons Net, available from the Apache Website.