Vulnerability Notification: Apache Tomcat File Inclusion Vulnerability

[Overview] Apache Tomcat is a free open source web application server. It is a relatively popular web application server, being widely used in the framework of web application services. Recently, a file of Tomcat was found to contain vulnerabilities. At present, a new version has been released for the vulnerability fix. Meanwhile, Hillstone Networks has…

Vulnerability Notification: Windows RDP Remote Desktop Services Remote Code Execution

[Overview] Once the Windows RDP Remote Desktop Services worm-level remote code execution vulnerabilities (CVE-2019-1181, CVE-2019-1182) appeared, Hillstone Networks immediately issued an early warning. [Vulnerability Details] On August 14, 2019, Microsoft officially released a security patch containing two critical remote code execution vulnerabilities – CVE-2019-1181 and CVE-2019-1182. These two vulnerabilities are similar to the previously fixed…

Vulnerability Notification: Remote Desktop Services Remote Code Execution

[Overview] Remote Desktop Services (RDS) is one of the components of Microsoft Windows that allow users to remotely access and take control of a computer or virtual machine. Recently, the Remote Desktop Services Remote Code Execution vulnerability was published officially. [Vulnerability Details] CVE-2019-0708: The vulnerability is pre-authentication and requires no user interaction. A remote attacker…

Vulnerability Notification: Apache Subversion mod_dav_svn Denial of Service

[Overview] Subversion is an open source version control and software version control system that runs as a standalone server or as a module of the Apache HTTPD server. Recently, the denial of service vulnerability was fixed officially. [Vulnerability Details] CVE-2018-11803: The vulnerability is caused by improper dereference of an uninitialized pointer variable. A remote attacker…

Vulnerability Notification: Microsoft Office Remote Code Execution

[Overview] Microsoft Office is an office software developed by Microsoft Corporation that can perform word processing, form editing, slide show production, and Email service. Recently, Microsoft fixed a remote code execution vulnerability in it. [Vulnerability Details] CVE-2018-8161: The vulnerability is caused by Outlook’s incorrect parsing of HTML. The vulnerable condition occurs when a MIME message…