June 24, 2025
Proactive Defense: The Importance of Incident Response Planning in Cybersecurity
Facebook Ads Redirect Users to Phishing Websites to Steal Credit Card Details
August 1, 2024Remcos RAT – Active IOCs
August 2, 2024Facebook Ads Redirect Users to Phishing Websites to Steal Credit Card Details
August 1, 2024Remcos RAT – Active IOCs
August 2, 2024
Severity
Medium
Analysis Summary
CVE-2024-39676 CVSS:6.5
Apache Pinot could allow a remote authenticated attacker to obtain sensitive information, caused by improper authorization validation by the /appconfigs endpoint. By sending a specially crafted HTTP request, an attacker could exploit this vulnerability to obtain sensitive system, environment and configurations information, and use this information to launch further attacks against the affected system.
CVE-2024-25090 CVSS:6.4
Apache Roller is vulnerable to cross-site scripting, caused by improper validation of user-supplied input by the Profile name, screenname, Bookmark name, description and blogroll name features. A remote authenticated attacker could exploit this vulnerability to inject malicious script into a Web page which would be executed in a victim's Web browser within the security context of the hosting Web site, once the page is viewed. An attacker could use this vulnerability to steal the victim's cookie-based authentication credentials.
Impact
- Information Disclosure
- Cross-Site Scripting
Indicators of Compromise
CVE
- CVE-2024-39676
- CVE-2024-25090
Affected Vendors
Apache
Affected Products
- Apache Pinot 0.12.1
- Apache Roller 5.0
- Apache Roller 6.1.2
Remediation
Upgrade to the latest version of Apache, available from the Apache Website.