Rewterz Threat Advisory – Multiple F5 BIG-IP Security Vulnerabilities

March 11, 2021

Rewterz Threat Alert – APT34 (OilRig) – IoCs

March 11, 2021

Rewterz Threat Advisory – CVE-2020-13959 – Apache Velocity Tools cross-site scripting

March 11, 2021

Severity

High

Analysis Summary

CVE-2020-13959

Apache Velocity Tools is vulnerable to cross-site scripting, caused by improper validation of user-supplied input by the default error page for VelocityView. A remote attacker could exploit this vulnerability using a specially-crafted URL to execute script in a victim’s Web browser within the security context of the hosting Web site, once the URL is clicked. An attacker could use this vulnerability to steal the victim’s cookie-based authentication credentials.

Impact

Cross site scripting

Affected Vendors

Apache

Affected Products

Apache Velocity Tools 3.0

Remediation

Upgrade to the latest version of Velocity Tools (3.1 or later).

Apache Web site

Rewterz Annual Threat Intelligence Report 2024 - Download Now

Rewterz Annual Threat Intelligence Report 2024 - Download Now

Platform

Managed Security Services

Managed Penetration Testing

Assess

Transform

Train

Respond

Resources

Python RAT Uses Discord Interface to Execute Remote Attacks

Critical Alert: Jordanian Banks Under Siege by Everest Ransomware Group

The SocGholish-RansomHub Connection – Active IOCs

Threat Insights

About Us

Our Leadership

CSR

Connect with Us

Rewterz Threat Advisory – Multiple F5 BIG-IP Security Vulnerabilities

Rewterz Threat Alert – APT34 (OilRig) – IoCs

The Wait Is Over!

The Rewterz Annual Threat Intelligence Report 2024 is finally here.