Rewterz Threat Advisory – Multiple Google Products Vulnerabilities

February 7, 2024

Rewterz Threat Advisory – Multiple TP-Link ER7206 Router Vulnerabilities

February 7, 2024

Rewterz Threat Advisory – CVE-2024-23673 – Apache Sling Servlets Resolver Vulnerability

February 7, 2024

Severity

High

Analysis Summary

CVE-2024-23673

Apache Sling Servlets Resolver could allow a remote authenticated attacker to traverse directories on the system, caused by improper validation of uploaded script. An attacker could send a specially crafted URL request containing “dot dot” sequences (/../) to execute arbitrary code on the system.

Impact

Gain Access

Indicators Of Compromise

CVE

CVE-2024-23673

Affected Vendors

Apache

Affected Products

Apache Sling Servlets Resolver 2.10.0

Remediation

Upgrade to the latest version of Apache Sling Servlets Resolver, available from the Apache Website.

Apache Website

Rewterz Annual Threat Intelligence Report 2024 - Download Now

Rewterz Annual Threat Intelligence Report 2024 - Download Now

Platform

Managed Security Services

Managed Penetration Testing

Assess

Transform

Train

Respond

Resources

GitHub Tools Deployed in CrazyHunter Ransomware Campaigns – Active IOCs

North Korean APT Kimsuky aka Black Banshee – Active IOCs

Sophisticated BPFDoor Malware Detected Targeting Linux Systems – Active IOCs

Threat Insights

About Us

Our Leadership

CSR

Connect with Us

Rewterz Threat Advisory – Multiple Google Products Vulnerabilities

Rewterz Threat Advisory – Multiple TP-Link ER7206 Router Vulnerabilities

The Wait Is Over!

The Rewterz Annual Threat Intelligence Report 2024 is finally here.