Rewterz Threat Advisory – Multiple Apache HTTP Server Vulnerabilities
March 9, 2023Rewterz Threat Advisory – Multiple Cisco IOS XR Software Vulnerabilities
March 9, 2023Rewterz Threat Advisory – Multiple Apache HTTP Server Vulnerabilities
March 9, 2023Rewterz Threat Advisory – Multiple Cisco IOS XR Software Vulnerabilities
March 9, 2023Severity
Medium
Analysis Summary
CVE-2023-23638
Apache Dubbo could allow a remote authenticated attacker to execute arbitrary code on the system, caused by an unsafe deserialization when dubbo generic invoke. By sending specially crafted request, an attacker could exploit this vulnerability to execute arbitrary code on the system
Impact
- Code Execution
Indicators Of Compromise
CVE
- CVE-2023-23638
Affected Vendors
Apache
Affected Products
- Apache Dubbo 2.7.21
- Apache Dubbo 3.1.0
- Apache Dubbo 2.7.0
- Apache Dubbo 3.0.0
Remediation
Upgrade to the latest version of Apache Dubbo, available from the Apache Website.