Rewterz Threat Advisory – Apache Ambari directory traversal

Rewterz Threat Alert – ‘Confucius’ APT group Targeting Pakistan

February 9, 2021

Rewterz Threat Advisory – Microsoft Windows TCP/IP code execution

February 10, 2021

Rewterz Threat Advisory – Apache Ambari directory traversal

Severity

High

Analysis Summary

CVE-2020-13924

Apache Ambari could allow a remote attacker to traverse directories on the system, caused by improper validation of file names. An attacker could send a specially-crafted URL request containing “dot dot” sequences (/../) to download arbitrary files on the system.

Impact

Information Disclosure

Affected Vendors

Apache

Affected Products

Apache Ambari 2.6.0

Remediation

Upgrade to the latest version of Ambari.

Apache Web site

Rewterz Threat Alert – ‘Confucius’ APT group Targeting Pakistan

Rewterz Threat Advisory – Microsoft Windows TCP/IP code execution

Rewterz Threat Advisory – Apache Ambari directory traversal

Severity

Analysis Summary

CVE-2020-13924

Impact

Affected Vendors

Affected Products

Remediation

Security Operations Centers across the region

Saudi Arabia

UAE

Oman

Pakistan