April 18, 2025
Proactive Defense: The Importance of Incident Response Planning in Cybersecurity
Rewterz Threat Advisory – ICS: Multiple Delta Electronics DIAEnergie Vulnerabilities
March 18, 2024Rewterz Threat Alert – STOP aka DJVU Ransomware – Active IOCs
March 18, 2024Rewterz Threat Advisory – ICS: Multiple Delta Electronics DIAEnergie Vulnerabilities
March 18, 2024Rewterz Threat Alert – STOP aka DJVU Ransomware – Active IOCs
March 18, 2024
Severity
Medium
Analysis Summary
CVE-2024-28752 CVSS:6.5
Apache CXF is vulnerable to server-side request forgery, caused by a flaw when using the Aegis DataBinding. By using a specially crafted argument, an attacker could exploit this vulnerability to conduct SSRF attack.
CVE-2024-23944 CVSS:4.3
Apache ZooKeeper could allow a remote authenticated attacker to obtain sensitive information, caused by a flaw in persistent watchers handling. By attaching a persistent watcher to a parent, an attacker could exploit this vulnerability to obtain information of the full path of znodes, and use this information to launch further attacks against the affected system.
Impact
- Code Execution
- Information Disclosure
Indicators Of Compromise
CVE
- CVE-2024-28752
- CVE-2024-23944
Affected Vendors
Apache
Affected Products
- Apache ZooKeeper 3.8.0
- Apache CXF 3.5.7
- Apache CXF 3.6.2
- Apache CXF 4.0.3
- Apache ZooKeeper 3.9.0
- Apache ZooKeeper 3.6.0
- Apache ZooKeeper 3.7.2
- Apache ZooKeeper 3.8.3
- Apache ZooKeeper 3.9.1
Remediation
Refer to Apache Website for patch, upgrade, or suggested workaround information
