A zero-day RCE vulnerability (CVE-2022-22965) affecting VMWare's Spring Java Framework has had PoC exploit code prematurely released.
March 31, 2022 23:27 GMT
Amid the focus on Log4j while patching CVE-2021-44228, a JNDI injection RCE vulnerability, Apache has released 2.16.0 which disables JNDI by default and removes support for Message lookups in order to fix a newly discovered denial of service vulnerability.
December 14, 2021 19:39 GMT
Updates and recommended guidance for identifying vulnerable servers and mitigating exploit attempts.
December 13, 2021 20:18 GMT
A high-severity zero-day has been uncovered in Apache Log4j which could allow a log injection RCE exploit.
December 10, 2021 18:45 GMT