Rewterz Threat Advisory –CVE-2021-33580 – Apache Security Vulnerability

Rewterz Threat Alert – Confucius APT Group Used Pegasus Spyware to Targeting Pakistani Military

August 20, 2021

Rewterz Threat Advisory –CVE-2021-39131 – Node.js ced Module Vulnerability

August 20, 2021

Rewterz Threat Advisory –CVE-2021-33580 – Apache Security Vulnerability

Severity

High

Analysis Summary

CVE-2021-33580

Apache Roller is vulnerable to a denial of service, caused by a regular expression denial of service (ReDoS) flaw by the request.getHeader, request.getRequestURL, and request.getQueryString functions. By sending a specially-crafted Referer header, a remote attacker could exploit this vulnerability to cause a denial of service condition.

Impact

Denial of Service

Affected Vendors

Apache

Affected Products

Apache Roller 6.0.1

Remediation

Upgrade to the latest version of Apache Roller available from the Apache Web site.

https://roller.apache.org/

Rewterz Threat Alert – Confucius APT Group Used Pegasus Spyware to Targeting Pakistani Military

Rewterz Threat Advisory –CVE-2021-39131 – Node.js ced Module Vulnerability

Rewterz Threat Advisory –CVE-2021-33580 – Apache Security Vulnerability

Severity

Analysis Summary

CVE-2021-33580

Impact

Affected Vendors

Affected Products

Remediation

Security Operations Centers across the region

Saudi Arabia

UAE

Oman

Pakistan