* . *
  • About
  • Advertise
  • Privacy & Policy
  • Contact
Tuesday, June 24, 2025
Earth-News
  • Home
  • Business
  • Entertainment
    Netflix unveils Dallas immersive venue for fans of hit shows like ‘Squid Game,’ ‘Stranger Things’ – Houston Chronicle

    Step Inside Netflix’s New Dallas Immersive Experience Featuring Hits Like ‘Squid Game’ and ‘Stranger Things

    ‘Puttin’ on the Ritz’: Civic Players bring ‘Young Frankenstein’ to life – Yahoo

    Civic Players Deliver a Hilarious and Unforgettable Performance of ‘Young Frankenstein

    ‘Wheel of Fortune’: Amputee Wins $60,000 After Breaking Incredible ‘Curse’ – Hastings Tribune

    Wheel of Fortune’ Amputee Breaks Incredible ‘Curse’ to Win $60,000!

    North Star Sports & Entertainment Network: Coming soon – KTTC News

    North Star Sports & Entertainment Network: Coming soon – KTTC News

    Safety concerns in Deep Ellum create apprehension as the entertainment district gains visitors – CBS News

    Safety Concerns Surge Amid Deep Ellum’s Booming Popularity and Growing Crowds

    Elisabeth Moss’ ‘Handmaid’s Tale’ Emmy chances, by the numbers – Yahoo

    Elisabeth Moss’ ‘Handmaid’s Tale’ Emmy chances, by the numbers – Yahoo

  • General
  • Health
  • News

    Cracking the Code: Why China’s Economic Challenges Aren’t Shaking Markets, Unlike America’s” – Bloomberg

    Trump’s Narrow Window to Spread the Truth About Harris

    Trump’s Narrow Window to Spread the Truth About Harris

    Israel-Gaza war live updates: Hamas leader Ismail Haniyeh assassinated in Iran, group says

    Israel-Gaza war live updates: Hamas leader Ismail Haniyeh assassinated in Iran, group says

    PAP Boss to Niger Delta Youths, Stay Away from the Protest

    PAP Boss to Niger Delta Youths, Stay Away from the Protest

    Court Restricts Protests In Lagos To Freedom, Peace Park

    Court Restricts Protests In Lagos To Freedom, Peace Park

    Fans React to Jazz Jennings’ Inspiring Weight Loss Journey

    Fans React to Jazz Jennings’ Inspiring Weight Loss Journey

    Trending Tags

    • Trump Inauguration
    • United Stated
    • White House
    • Market Stories
    • Election Results
  • Science
  • Sports
  • Technology
    Marvell Technology Stock Rallies After AI Event Sparks Investor Optimism – Yahoo Finance

    Marvell Technology Stock Rallies After AI Event Sparks Investor Optimism – Yahoo Finance

    Promising Technology Stocks To Follow Today – June 22nd – MarketBeat

    Top Technology Stocks to Watch Today – June 22nd

    Technology Convergence Report 2025 – The World Economic Forum

    Technology Convergence Report 2025 – The World Economic Forum

    How AI can help make cities work better for residents – MIT Technology Review

    How AI can help make cities work better for residents – MIT Technology Review

    Tech Champions with Leo Bletnitsky of Healthy Technology Solutions – Buzz Media Group

    Meet Tech Champion Leo Bletnitsky of Healthy Technology Solutions

    Crypto’s true revolution is about humanity, not technology – Cointelegraph

    Crypto’s Real Revolution: Transforming Humanity Beyond Technology

    Trending Tags

    • Nintendo Switch
    • CES 2017
    • Playstation 4 Pro
    • Mark Zuckerberg
No Result
View All Result
  • Home
  • Business
  • Entertainment
    Netflix unveils Dallas immersive venue for fans of hit shows like ‘Squid Game,’ ‘Stranger Things’ – Houston Chronicle

    Step Inside Netflix’s New Dallas Immersive Experience Featuring Hits Like ‘Squid Game’ and ‘Stranger Things

    ‘Puttin’ on the Ritz’: Civic Players bring ‘Young Frankenstein’ to life – Yahoo

    Civic Players Deliver a Hilarious and Unforgettable Performance of ‘Young Frankenstein

    ‘Wheel of Fortune’: Amputee Wins $60,000 After Breaking Incredible ‘Curse’ – Hastings Tribune

    Wheel of Fortune’ Amputee Breaks Incredible ‘Curse’ to Win $60,000!

    North Star Sports & Entertainment Network: Coming soon – KTTC News

    North Star Sports & Entertainment Network: Coming soon – KTTC News

    Safety concerns in Deep Ellum create apprehension as the entertainment district gains visitors – CBS News

    Safety Concerns Surge Amid Deep Ellum’s Booming Popularity and Growing Crowds

    Elisabeth Moss’ ‘Handmaid’s Tale’ Emmy chances, by the numbers – Yahoo

    Elisabeth Moss’ ‘Handmaid’s Tale’ Emmy chances, by the numbers – Yahoo

  • General
  • Health
  • News

    Cracking the Code: Why China’s Economic Challenges Aren’t Shaking Markets, Unlike America’s” – Bloomberg

    Trump’s Narrow Window to Spread the Truth About Harris

    Trump’s Narrow Window to Spread the Truth About Harris

    Israel-Gaza war live updates: Hamas leader Ismail Haniyeh assassinated in Iran, group says

    Israel-Gaza war live updates: Hamas leader Ismail Haniyeh assassinated in Iran, group says

    PAP Boss to Niger Delta Youths, Stay Away from the Protest

    PAP Boss to Niger Delta Youths, Stay Away from the Protest

    Court Restricts Protests In Lagos To Freedom, Peace Park

    Court Restricts Protests In Lagos To Freedom, Peace Park

    Fans React to Jazz Jennings’ Inspiring Weight Loss Journey

    Fans React to Jazz Jennings’ Inspiring Weight Loss Journey

    Trending Tags

    • Trump Inauguration
    • United Stated
    • White House
    • Market Stories
    • Election Results
  • Science
  • Sports
  • Technology
    Marvell Technology Stock Rallies After AI Event Sparks Investor Optimism – Yahoo Finance

    Marvell Technology Stock Rallies After AI Event Sparks Investor Optimism – Yahoo Finance

    Promising Technology Stocks To Follow Today – June 22nd – MarketBeat

    Top Technology Stocks to Watch Today – June 22nd

    Technology Convergence Report 2025 – The World Economic Forum

    Technology Convergence Report 2025 – The World Economic Forum

    How AI can help make cities work better for residents – MIT Technology Review

    How AI can help make cities work better for residents – MIT Technology Review

    Tech Champions with Leo Bletnitsky of Healthy Technology Solutions – Buzz Media Group

    Meet Tech Champion Leo Bletnitsky of Healthy Technology Solutions

    Crypto’s true revolution is about humanity, not technology – Cointelegraph

    Crypto’s Real Revolution: Transforming Humanity Beyond Technology

    Trending Tags

    • Nintendo Switch
    • CES 2017
    • Playstation 4 Pro
    • Mark Zuckerberg
No Result
View All Result
Earth-News
No Result
View All Result
Home Technology

CISA warns critical Geoserver GeoTools RCE flaw is exploited in attacks

July 17, 2024
in Technology
CISA warns critical Geoserver GeoTools RCE flaw is exploited in attacks
Share on FacebookShare on Twitter

GeoServer logo

​CISA is warning that a critical GeoServer GeoTools remote code execution flaw tracked as CVE-2024-36401 is being actively exploited in attacks.

GeoServer is an open-source server that allows users to share, process, and modify geospatial data.

On June 30th, GeoServer disclosed a critical 9.8 severity remote code execution vulnerability in its GeoTools plugin caused by unsafely evaluating property names as XPath expressions.

“The GeoTools library API that GeoServer calls evaluates property/attribute names for feature types in a way that unsafely passes them to the commons-jxpath library which can execute arbitrary code when evaluating XPath expressions,” reads the GeoServer advisory.

“This XPath evaluation is intended to be used only by complex feature types (i.e., Application Schema data stores) but is incorrectly being applied to simple feature types as well which makes this vulnerability apply to ALL GeoServer instances.”

While the vulnerability was not being actively exploited at the time, researchers quickly released proof of concept exploits [1, 2, 3] that demonstrated how to perform remote code execution on exposed servers and open reverse shells, make outbound connections, or create a file in the /tmp folder.

POC tweet

The project maintainers patched the flaw in GeoServer versions 2.23.6, 2.24.4, and 2.25.2 and recommended that all users upgrade to these releases.

The developers also offer workarounds but warn that they may break some GeoServer functionality.

CVE-2024-36401 used in attacks

Yesterday, the US Cybersecurity and Infrastructure Security Agency added CVE-2024-36401 to its Known Exploited Vulnerabilities Catalog, warning that the flaw is being actively exploited in attacks. CISA now requires federal agencies to patch servers by August 5th, 2024.

While CISA did not provide any information on how the flaws were being exploited, the threat monitoring service Shadowserver said they observed CVE-2024-36401 being actively exploited starting on July 9th.

ShadowServer toot on Mastodon

OSINT search engine ZoomEye says that approximately 16,462 GeoServer servers are exposed online, most located in the US, China, Romania, Germany, and France.

Although the agency’s KEV catalog primarily targets federal agencies, private organizations GeoServer should also prioritize patching this vulnerability to prevent attacks.

Those who haven’t already patched should immediately upgrade to the latest version and thoroughly review their system and logs for possible compromise.

>>> Read full article>>>
Copyright for syndicated content belongs to the linked Source : BleepingComputer – https://www.bleepingcomputer.com/news/security/cisa-warns-critical-geoserver-geotools-rce-flaw-is-exploited-in-attacks/

Tags: criticaltechnologywarns
Previous Post

Email addresses of 15 million Trello users leaked on hacking forum

Next Post

Kaspersky offers free security software for six months in U.S. goodbye

Clay Minerals From Mars’ Most Ancient Past? – NASA Science (.gov)

Unveiling Clay Minerals from Mars’ Most Ancient Past

June 24, 2025

Retro Translucent Lifestyle Sneakers – Trend Hunter

June 24, 2025
The World’s 50 Best Restaurants Announces Its 2025 List – The New York Times

The World’s 50 Best Restaurants Announces Its 2025 List – The New York Times

June 24, 2025
Former INSS head Manuel Trajtenberg: Israeli economy rises in Iran war – The Jerusalem Post

Former INSS head Manuel Trajtenberg: Israeli economy rises in Iran war – The Jerusalem Post

June 24, 2025
Panel reacts as VP Vance downplays risk of foreign entanglement in Iran: ‘Back then we had dumb presidents’ – CNN

Panel reacts as VP Vance downplays risk of foreign entanglement in Iran: ‘Back then we had dumb presidents’ – CNN

June 24, 2025
Marvell Technology Stock Rallies After AI Event Sparks Investor Optimism – Yahoo Finance

Marvell Technology Stock Rallies After AI Event Sparks Investor Optimism – Yahoo Finance

June 23, 2025
Atlanta Sports: High school, college and pro sports from the AJC – AJC.com

Atlanta Sports Update: Exciting High School, College, and Pro Highlights

June 23, 2025
US judge blocks slashing of universities’ federal funding from National Science Foundation – Reuters

US Judge Halts Cuts to Federal Funding for Universities from National Science Foundation

June 23, 2025
The Computer-Science Bubble Is Bursting – The Atlantic

Is the Computer-Science Boom Coming to an End?

June 23, 2025

6 Life Moments When Staying Silent Is the Wisest Choice

June 23, 2025

Categories

Archives

June 2025
MTWTFSS
 1
2345678
9101112131415
16171819202122
23242526272829
30 
« May    
Earth-News.info

The Earth News is an independent English-language daily published Website from all around the World News

Browse by Category

  • Business (20,132)
  • Ecology (697)
  • Economy (714)
  • Entertainment (21,611)
  • General (15,534)
  • Health (9,753)
  • Lifestyle (719)
  • News (22,149)
  • People (716)
  • Politics (721)
  • Science (15,932)
  • Sports (21,210)
  • Technology (15,699)
  • World (694)

Recent News

Clay Minerals From Mars’ Most Ancient Past? – NASA Science (.gov)

Unveiling Clay Minerals from Mars’ Most Ancient Past

June 24, 2025

Retro Translucent Lifestyle Sneakers – Trend Hunter

June 24, 2025
  • About
  • Advertise
  • Privacy & Policy
  • Contact

© 2023 earth-news.info

No Result
View All Result

© 2023 earth-news.info

No Result
View All Result

© 2023 earth-news.info

Go to mobile version