Apache – Page 10 – WindowsTechs.com

Hackers actively exploiting 0-day in Ubiquitous Apache Log4j tool

Posted on December 11, 2021 by Waqas

By Waqas
Apache has released Log4j version 2.15.0 to address the RCE vulnerability and users are urged to apply the update ASAP.
This is a post from HackRead.com Read the original post: Hackers actively exploiting 0-day in Ubiquitous Apache Log4j tool
Continue reading Hackers actively exploiting 0-day in Ubiquitous Apache Log4j tool→

Hackers actively exploiting 0-day in Ubiquitous Apache Log4j tool

Posted on December 11, 2021 by Waqas

“Log4Shell” Java vulnerability – how to safeguard your servers

Posted on December 10, 2021 by Paul Ducklin

Just when you thought it was safe to relax for the weekend… a critical bug showed up in Apache’s Log4j product Continue reading “Log4Shell” Java vulnerability – how to safeguard your servers→

Payload uploaded but error : "no session was created"

Posted on December 10, 2021 by J.erome

I’m doing a capture-the-flag challenge (similar to HackTheBox) and I can’t figure it out despite looking at many workarounds how to solve my issue.
I did:

nmap –> got port 8080
firefox -> 10.10.40.122:8080 -> got Apache
msf6 use… Continue reading Payload uploaded but error : "no session was created"→

How to stop multiple port access attempts – multiple TIME_WAIT and ESTABLISHED lines on ports 80, 443, etc… from external IPs

Posted on October 24, 2021 by Myke

I have nginx as reverse proxy and apache in the back, a firewall setup to enable just http and https, and ssh.
netstat -tlupna gives me tens of lines with multiple TIME_WAIT or ESTABLISHED lines coming from plenty of IPs:80 and IPs:443 int… Continue reading How to stop multiple port access attempts – multiple TIME_WAIT and ESTABLISHED lines on ports 80, 443, etc… from external IPs→

This Week in Security: The Apache Fix Miss, Github (Malicious) Actions, and Shooting the Messenger

Posted on October 15, 2021 by Jonathan Bennett

Apache 2.4.50 included a fix for CVE-2021-41773. It has since been discovered that this fix was incomplete, and this version is vulnerable to a permutation of the same vulnerability. 2.4.51 …read more Continue reading This Week in Security: The Apache Fix Miss, Github (Malicious) Actions, and Shooting the Messenger→

How common is Apache webserver Filesmatch configuration ".+\.ph(p([3457s]|\-s)?|t|tml)"

Posted on October 11, 2021 by greggles

The OWASP website has a page about Insecure File Uploads which talks about an insecure Apache filesmatch directive:
<FilesMatch ".+\.ph(p([3457s]|\-s)?|t|tml)"> SetHandler application/x-httpd-php </FileMatch>

I won… Continue reading How common is Apache webserver Filesmatch configuration ".+\.ph(p([3457s]|\-s)?|t|tml)"→

Apache patch proves patchy – now you need to patch the patch

Posted on October 8, 2021 by Paul Ducklin

Once more unto the breach, dear friends, once more, and close up the hole of encoding dread. Continue reading Apache patch proves patchy – now you need to patch the patch→

Apache web server zero-day bug is easy to exploit – patch now!

Posted on October 6, 2021 by Paul Ducklin

Some of us have Apache as our primary web server. But lots of us may have Apache without knowing it, as part of another product. Continue reading Apache web server zero-day bug is easy to exploit – patch now!→

how to disable certificate validation in port 443 [closed]

Posted on September 30, 2021 by Diablo

I am facing a certificate expiring issue on the server and I need to disable the certificate validation on port 443 and allow all connections coming to the specific port. How can I do it?

Continue reading how to disable certificate validation in port 443 [closed]→