February 17, 2025
Proactive Defense: The Importance of Incident Response Planning in Cybersecurity
Rewterz Threat Advisory – Multiple Google Products Vulnerabilities
February 7, 2024Rewterz Threat Advisory – Multiple TP-Link ER7206 Router Vulnerabilities
February 7, 2024Rewterz Threat Advisory – Multiple Google Products Vulnerabilities
February 7, 2024Rewterz Threat Advisory – Multiple TP-Link ER7206 Router Vulnerabilities
February 7, 2024
Severity
High
Analysis Summary
CVE-2024-23673
Apache Sling Servlets Resolver could allow a remote authenticated attacker to traverse directories on the system, caused by improper validation of uploaded script. An attacker could send a specially crafted URL request containing “dot dot” sequences (/../) to execute arbitrary code on the system.
Impact
- Gain Access
Indicators Of Compromise
CVE
- CVE-2024-23673
Affected Vendors
Apache
Affected Products
- Apache Sling Servlets Resolver 2.10.0
Remediation
Upgrade to the latest version of Apache Sling Servlets Resolver, available from the Apache Website.