Vulnerability Notification: Apache Subversion mod_dav_svn Denial of Service

[Overview] Subversion is an open source version control and software version control system that runs as a standalone server or as a module of the Apache HTTPD server. Recently, the denial of service vulnerability was fixed officially. [Vulnerability Details] CVE-2018-11803: The vulnerability is caused by improper dereference of an uninitialized pointer variable. A remote attacker…

Vulnerability Notification: Microsoft Office Remote Code Execution

[Overview] Microsoft Office is an office software developed by Microsoft Corporation that can perform word processing, form editing, slide show production, and Email service. Recently, Microsoft fixed a remote code execution vulnerability in it. [Vulnerability Details] CVE-2018-8161: The vulnerability is caused by Outlook’s incorrect parsing of HTML. The vulnerable condition occurs when a MIME message…

A ransomware variant is spreading – Hillstone has established a solid shield!

Recently, the GandCrab ransomware family has widely spread in China. The databases, pictures, documents, and compressed files on infected hosts are encrypted, causing a shutdown of business systems. Since its discovery in January, GandCrab has spread rapidly, with many variations in less than one year, showing how active and aggressive the ransomware developers are. China…

Vulnerability Notification: Oracle WebLogic Server RemoteObject Insecure Deserialization

[Overview] WebLogic Server is a Java application server platform for developing, integrating, deploying, and managing large distributed web applications, network applications, and database applications. Recently, Oracle released an update patch to fix the WebLogic Server deserialization vulnerability. [Vulnerability Details] CVE-2018-3245: The vulnerability is caused by deserializing suspicious data in a T3 protocol request. An unauthorized…

Vulnerability Notification: Zoho ManageEngine OpManager oputilsServlet Authentication Bypass

[Overview] As a next-generation network management software, Zoho OpManager provides network performance monitoring, physical and virtual server monitoring, network traffic analysis, and device management configuration to realize integrated management of the network, server and data center. OpManager has fixed a privilege elevation vulnerability in a recent update. [Vulnerability Details] CVE-2018-17283: The vulnerability is caused by…