November 11, 2018
Vulnerability Notification: Oracle WebLogic Server RemoteObject Insecure Deserialization
[Overview] WebLogic Server is a Java application server platform for developing, integrating, deploying, and managing large distributed web applications, network applications, and database applications. Recently, Oracle released an update patch to fix the WebLogic Server deserialization vulnerability. [Vulnerability Details] CVE-2018-3245: The vulnerability is caused by deserializing suspicious data in a T3 protocol request. An unauthorized…October 24, 2018
Vulnerability Notification: Zoho ManageEngine OpManager oputilsServlet Authentication Bypass
[Overview] As a next-generation network management software, Zoho OpManager provides network performance monitoring, physical and virtual server monitoring, network traffic analysis, and device management configuration to realize integrated management of the network, server and data center. OpManager has fixed a privilege elevation vulnerability in a recent update. [Vulnerability Details] CVE-2018-17283: The vulnerability is caused by…October 8, 2018
Vulnerability Notification: Red Hat 389 Directory Server nsslapd ldapsearch Buffer Overflow
[Overview] 389 Directory Server is an OpenLDAP-based enterprise LDAP server developed by Red Hat. It is an open source Lightweight Directory Access Protocol (LDAP) service implementation. Red Hat fixes a buffer overflow vulnerability in the latest update. [Vulnerability Details] CVE-2018-1089: This vulnerability is caused by the inability to handle excessively long filter values in ldapsearch…September 20, 2018
Vulnerability Notification: Apache Struts 2 namespace Expression Language Injection
[Overview] Apache Struts2 is an MVC framework for building Java-based web applications. In the MVC design pattern, Struts2 acts as a controller to establish data interaction between the model and the view. Recently, Apache Struts2 officially released a security notification of the remote code execution vulnerability fix. [Vulnerability Details] CVE-2018-11776: The Apache Struts2 vulnerability has…September 5, 2018