Jackson-databind RCE Vulnerability Handling Guide (CVE-2017-17485)

''

At the beginning of 2018, jackson-databind was reported to contain another remote code execution (RCE) vulnerability (CVE-2017-17485) that affects versions 2.9.3 and earlier, 2.7.9.1 and earlier, and 2.8.10 and earlier. This vulnerability is caused by jackson-dababind’s incomplete blacklist. An application that uses jackson-databind will become vulnerable when the enableDefaultTyping method […]

Technical Analysis and Recommended Solution of GoAhead httpd/2.5 to 3.5 LD_PRELOAD Remote Code Execution Vulnerability (CVE-2017-17562)

''

A remote RCE vulnerability (CVE-2017-17562) was found in all GoAhead Web Server’s versions earlier than 3.6.5. The vulnerability is a result of initializing the environment of forked CGI scripts using untrusted HTTP request parameters, and will affect all users who have CGI support enabled with dynamically linked executables (CGI scripts). […]

Technical Analysis and Solution of WebLogic Server (WLS) Component Vulnerability

''

Overview Recently, NSFOCUS has received a slew of reports from customers in the finance, telecom, and Internet sectors on similar security events. Through analysis, NSFOCUS believes that these events are all associated with the malware-infected WebLogic Server (WLS) host. Specifically, attackers exploit the WLS component vulnerability (CVE-2017-10271) to attack the […]

Analysis and Solution of Spring Data REST Server PATCH Request RCE Vulnerability

''

  Overview Recently, Pivotal released a security advisory to reveal the Spring Data REST server is prone to a remote code execution vulnerability (CVE-2017-8046) when processing PATCH requests. Attackers could exploit this vulnerability by sending a crafted PATCH request to the Spring Data REST server. The submitted JSON data contains […]

Struts 2 S2-052 REST Plug-in Remote Code Execution Vulnerability Analysis

''

Overview On September 5, 2017, Apache Struts released the latest security bulletin announcing that the REST plug-in in Apache Struts 2.5.x and some 2.x versions is prone to a high-risk remote code execution vulnerability, which has been assigned CVE-2017-9805 (S2-052). When using an XStream handler with an instance of XStream […]

Shamoon 2: Back On the Prowl

''

Authors: Stephen Gates, Chief Research Intelligence Analyst & Cody Mercer, Senior Intelligence Threat Researcher Overview From reports in late January 2017, the Shamoon malware is back. Shamoon wipes the disks of computers infected with the malware. Apparently a new Shamoon variant prompted Saudi Arabia telecoms authority to issue a warning on […]