If your web server is running on Apache Tomcat, you should immediately install the latest available version of the server application to prevent hackers from taking unauthorized control over it. Yes, that’s possible because all versions (9.x/8.x/7.x/6.x) of the Apache Tomcat released in the past 13 years have been found vulnerable to a new high-severity (CVSS 9.8) ‘file read and inclusion bug’
Source de l’article sur The Hacker News
OpenSSL has completed a re-licensing effort, resulting in adoption of Apache 2.0. The project announced this effort in 2015. The project got permission from contributors via a CLA.
The OpenSSL/SSLeay license was a non-standard permissive license, which included attribution clauses of the kind deprecated in Apache 1.0, such as:
Apache Maven is distributed in several formats. The simplest way to install Maven is to download a ready-made binary distribution archive and follow the installation instructions. Maven 3.3+ release requires JDK 1.7 or above to execute
To verify the Java JDK is properly installed, from your command line, run the following command:
Le 22 août 2018, la fondation Apache a publié un correctif de sécurité pour le framework d’application web Struts. Celui-ci concerne la vulnérabilité CVE-2018-11776 permettant d’exécuter du code à distance sans authentification. L’exploitation ne nécessite pas l’installation de modules …
Source de l’article sur CERT-FR
