Apache Foundation urges users to patch now and fix major security worries

A person's fingers type at a keyboard, with a digital security screen with a lock on it overlaid.

(Image credit: Shutterstock / Thapana_Studio)

Apache Software Foundation discovered flaws in MINA, HugeGraph-Server, and Traffic Control
One of the flaws was given a 10/10 severity score
All bugs were patched, and admins are urged to apply the fixes ASAP

The Apache Software Foundation has released fixes for multiple vulnerabilities discovered in three different solutions: MINA, HugeGraph-Server, and Traffic Control. One of the flaws received a maximum 10/10 score.

Apache MINA is a network application framework that simplifies the development of high-performance and scalable communication protocols and applications by abstracting low-level I/O operations. Multiple versions (2.0 - 2.0.26, 2.1 - 2.1.9, and 2.2 - 2.2.3), were found vulnerable to a flaw that allowed threat actors to remotely execute arbitrary code, and as such, was given a severity score of 10/10.

It is tracked as CVE-2024-52046, and was addressed in versions 2.0.27, 2.1.10, and 2.2.4. However, as BleepingComputer reports, simply applying the patch will not suffice, since users also need to manually set the rejection of all classes, unless explicitly allowed by following one of three methods provided.

Attacks during winter holidays

Other two vulnerabilities are tracked as CVE-2024-43441, and CVE-2024-45387. The first, described as an authentication bypass issue, one was found in Apache HugeGraph-Server versions 1.0 - 1.3, and was addressed in version 1.5.0. The final one, an SQL injection vulnerability impacting Traffic Ops versions 8.0.0 - 8.0.1, was addressed in version 8.0.2. It was given a 9.9 critical severity score.

Winter holidays are notorious for being the time of the year when hackers are most active. With increased traffic, and many employees being on holiday leave, businesses are exposed more than usual. Cybercriminals are aware of this, and take advantage of the fact by launching devastating attacks, starting with Christmas eve onwards.

Therefore, Apache Software Foundation urged system administrators to upgrade their software to the latest version as soon as possible.

Via BleepingComputer

Cybercriminals are leveraging big retail names in attacks this holiday season
Here's a list of the best antivirus tools on offer
These are the best endpoint protection tools right now

Sead is a seasoned freelance journalist based in Sarajevo, Bosnia and Herzegovina. He writes about IT (cloud, IoT, 5G, VPN) and cybersecurity (ransomware, data breaches, laws and regulations). In his career, spanning more than a decade, he’s written for numerous media outlets, including Al Jazeera Balkans. He’s also held several modules on content writing for Represent Communications.