Good news ! Hackbusters community is waiting for you !  https://discuss.hackbusters.com
KnowBe4 has been running the HackBusters site for a few years now, providing you with trending IT security news. We are expanding it and have launched a new exciting online community! The forum is divided into four main topics or categories: Social Engineering, Ransomware, Phishing and Security Awareness Training. You are invited to be one of the first to join us at: https://discuss.hackbusters.com.

Apache Tomcat Patches Important Remote Code Execution Flaw

The Apache Software Foundation (ASF) has released new versions of its Tomcat application server to address an important security vulnerability that could allow a remote attacker to execute malicious code and take control of an affected server.

Developed by ASF, Apache Tomcat is an open source web server and servlet system, which uses several Java EE specifications such as Java Servlet, JavaServer Pages (JSP), Expression Language, and WebSocket to provide a "pure Java" HTTP web server environment for Java concept to run in.

The remote code execution vulnerability (CVE-2019-0232) resides in the Common Gateway Interface (CGI) Servlet when running on Windows with enableCmdLineArguments enabled and occurs due to a bug in the way the Java Runtime Environment (JRE) passes command line arguments to Windows.

Since the CGI Servlet is disabled by default and its option enableCmdLineArguments is disabled by default in Tomcat 9.0.x, the remote code execution vulnerability has been...(continued)
View All Trending Stories