Welcome to TheCyberThrone cybersecurity month in review will be posted covering the important security happenings . This review is for the month ending January 2025
Subscribers favorite #1
Exploit Code Released for Microsoft CVE-2024-38193
A critical use-after-free vulnerability, tracked as CVE-2024-38193 with a CVSS score of 7.8, has been discovered in the afd.sys Windows driver that allows attackers to escalate privileges and execute arbitrary code. This vulnerability has been fixed during the August 2024 patch on Tuesday.
Security researchers from Gen Digita discovered and reported the vulnerability to Microsoft, stated that this flaw allows attackers to bypass normal security restrictions and access sensitive system areas that are typically inaccessible to most users and administrator This attack is both complex and cunning, potentially worth hundreds of thousands of dollars on the black market…
Subscribers favorite #2
Apache Tomcat fixes CVE-2024-50379 and CVE-2024-54677
The Apache Software Foundation has released patches to mitigate two newly discovered vulnerabilities in Apache Tomcat, an extensively used open-source web server and servlet container. These vulnerabilities could potentially jeopardize systems and compromise sensitive data, highlighting the importance of timely updates and security measures.
CVE-2024-50379: Remote Code Execution (RCE)
This vulnerability arises in the default servlet and becomes exploitable under specific conditions, particularly when the servlet is configured to allow write access, and the underlying file system is case-insensitive….
CVE-2024-54677: Denial-of-Service (DoS)
This vulnerability that impacts the “examples” web application bundled with Apache Tomcat. This vulnerability can be exploited by attackers who upload excessive amounts of data, causing the server to run out of memory and result in an OutOfMemoryError…..
Subscribers favorite #3
CVE-2024-21182: Oracle WebLogic Server Flaw Exploit Code Released
CVE-2024-21182 is a high-severity vulnerability identified in Oracle WebLogic Server. This security flaw affects specific versions of the software, namely Oracle WebLogic Server 12.2.1.4.0 and 14.1.1.0.0. The vulnerability allows remote attackers to exploit the system without requiring authentication, thereby gaining unauthorized access.
Technical Details:
The vulnerability is primarily associated with the T3 and IIOP (Internet Inter-ORB Protocol) protocols used by Oracle WebLogic Server. These protocols are responsible for enabling communication between the server and its clients. By sending specially crafted data packets through these protocols, attackers can exploit the vulnerability, leading to potential server compromise…..
Subscribers favorite #4
Exploit Code released for Apache Traffic Control Flaw CVE-2024-45387
CVE-2024-45387 is a critical vulnerability identified in Apache Traffic Control, specifically affecting the Traffic Ops module in versions 8.0.0 to 8.0.1. The nature of this vulnerability is an SQL injection flaw, which allows an attacker to inject and execute arbitrary SQL commands against the backend database.
The exploit leverages a specially crafted PUT request that is sent to the Traffic Ops API endpoint. By manipulating the payload of this request, a privileged user can inject malicious SQL commands. These commands can then be executed by the server, potentially leading to unauthorized data access, data manipulation, or even complete database compromise…
Subscribers favorite #5
CVE-2024-52046 Impacts Apache Mina
CVE-2024-52046 is a critical security vulnerability found in the Apache MINA library. This vulnerability is located in ObjectSerializationDecoder component, which uses Java’s native serialization mechanisms to decode incoming serialized data. The core issue is the absence of robust security checks and validation during the deserialization process, allowing attackers to craft malicious serialized data that can exploit this weakness, potentially leading to Remote Code Execution (RCE) on the affected systems…..
This brings end of this month in review security coverage. Thanks for visiting TheCyberThrone. If you like us please follow us on Facebook, Twitter, Instagram
