- Apache Software Foundation discovered flaws in MINA, HugeGraph-Server and Traffic Control
- One of the defects received a severity score of 10/10.
- All bugs have been fixed and administrators are urged to apply the fixes as soon as possible.
The Apache Software Foundation has released fixes for multiple vulnerabilities discovered in three different solutions: MINA, HugeGraph-Server, and Traffic Control. One of the defects received a maximum score of 10/10.
Apache MINA is a networking application framework that simplifies the development of high-performance, scalable communication protocols and applications by abstracting low-level I/O operations. Several versions (2.0 – 2.0.26, 2.1 – 2.1.9 and 2.2 – 2.2.3) were found to be vulnerable to a flaw that allowed threat actors to execute arbitrary code remotely and as such were granted a severity score of 10. /10.
It is tracked as CVE-2024-52046 and was fixed in versions 2.0.27, 2.1.10, and 2.2.4. However, as beepcomputer Simply applying the patch will reportedly not be enough, as users must also manually configure rejection of all classes, unless explicitly allowed by following one of the three provided methods.
Attacks during winter holidays
Two other vulnerabilities are tracked as CVE-2024-43441 and CVE-2024-45387. The first, described as an authentication bypass issue, was found in Apache HugeGraph-Server versions 1.0 – 1.3 and was fixed in version 1.5.0. The latest, a SQL injection vulnerability affecting Traffic Ops versions 8.0.0 – 8.0.1, was fixed in version 8.0.2. He was assigned a critical severity score of 9.9.
The winter holidays are known to be the time of year when hackers are most active. With increased traffic and many employees on vacation, businesses are more exposed than usual. Cybercriminals are aware of this and take advantage of it by launching devastating attacks, from Christmas Eve onwards.
Therefore, the Apache Software Foundation urged system administrators to update their software to the latest version as soon as possible.
Through beepcomputer
