Article by Jiju Jacob, Director of Engineering at Revenera [This is an update of Mr. Jacobs’ 05/23 post in his Medium blog. He is a Director of Engineering at Revenera. Revenera, born as InstallShield and now a Flexera company, helps software and technology companies use open source solutions more effectively, and provides software development, consulting, training and revenue recovery services. We are grateful to Jiju for updating his post for our blog and sharing it…
In our modern world, web applications are becoming ever more important. Bad actors know this and they target them more frequently than ever before. This is not likely to stop any time soon as the number of web applications the world needs will only go up with its reliance on technology. To fully prevent an attack is impossible but we need to try our hardest to do so and in our daily struggles in this…
The recent critical security issue in VMware vCenter was discovered this January and fixed on February 23rd https://www.vmware.com/security/advisories/VMSA-2021-0002.html. The exploit looks like a simple JSP shell upload, but for some reason, it’s a blind spot for Web Application Firewalls (WAFs). Let’s understand why. The CVE-2021-21972 affects vCenter versions 6.5, 6.7, and 7.0. The exploit for Metasploit released https://vulners.com/packetstorm/PACKETSTORM:161695 today. The exploit description is pretty straight forward “This module exploits an unauthenticated OVA file upload and path traversal in VMware…
Subscribe for the latest news
Subscribe