ThinkPHP Remote Code Execution Vulnerability Handling Guide

1 Vulnerability Overview Recently, ThinkPHP posted a blog, announcing the release of an update that addresses a high-risk remote code execution (RCE) vulnerability. This vulnerability stems from the framework’s insufficient checks on controller names, which, in case forced routing is not enabled, would allow arbitrary code execution or even access […]

Apache mod_jk Access Control Bypass Vulnerability (CVE-2018-11759) Threat Alert

Vulnerability Overview Recently, Apache Software Foundation (ASF) released a security advisory to announce the fix for an access control bypass vulnerability (CVE-2018-11759) in the mod_jk module in Apache Tomcat. Currently, the proof of concept (PoC) has been announced for this vulnerability. Users of this software should take precautions to fix […]