Vulnerability to be Found at Apache Struts

Fortunately, developers fixed the bug in versions of Apache Struts 2.3.35 and 2.5.17
24 August 2018   748

Semmle employee Man Yue Mo disclosed details about the vulnerability CVE-2018-11776 of the framework for creating web applications called Apache Struts. The problem was discovered in April 2018. It allowed to remotely run malicious code and grab control over the web server.

The problem was the configuration of the framework, which allowed errors to appear in two cases:

  • if the alwaysSelectFullNamespace parameter was set to true;
  • if the action and url tags did not contain a namespace attribute, or if wildcard characters were used instead.

The attack began with a transition through a pre-configured link to a vulnerable web server. Further attackers were able to launch malicious code to capture control over the application.

Vulnerability was present in all web applications based on Apache Struts 2.3 versions prior to Struts 2.5.16. With the correct configuration file, the application could be invulnerable, but the risk of hacking increased even with the slightest change. The developers fixed the bug in versions of Apache Struts 2.3.35 and 2.5.17.

Android-x86 8.1 Released

Let's see what team has made in the fresh release of Android to x86 port
17 January 2019   166

The team of the Android-x86 project, which is the independent community porting the Android platform for the x86 architecture, have published the first stable release of the assembly based on the Android 8.1 platform, which includes fixes and additions that ensure seamless operation on x86-based platforms. Universal Android-x86 8.1 Live-builds for x86 32-bit and x86_64 architectures suitable for use on typical laptops and tablet PCs are prepared for download. In addition, assemblies in the form of rpm-packages are available for installing the Android environment in Linux distributions.

Let's check new features:

  • Support both 64-bit and 32-bit kernel and userspace with latest LTS kernel 4.19.15.
  • Support OpenGL ES 3.x hardware acceleration for Intel, AMD, Nvidia and QEMU(virgl) by Mesa 18.3.1.
  • Support OpenGL ES 2.0 via SwiftShader for software rendering on unsupported GPU devices.
  • Support hardware accelerated codecs on devices with Intel HD & G45 graphics family.
  • Support secure booting from UEFI and installing to UEFI disk.
  • A text based GUI installer.
  • Add theme support to GRUB-EFI.
  • Support Multi-touch, Audio, Wifi, Bluetooth, Sensors, Camera and Ethernet (DHCP only).
  • Auto-mount external usb drive and sdcard.
  • Add Taskbar as an alternative launcher which puts a start menu and recent apps tray on top of your screen and support freeform window mode.
  • Enable ForceDefaultOrientation on devices without known sensors. Portrait apps can run in a landscape device without rotating the screen.
  • Support arm arch apps via the native bridge mechanism. (Settings -> Android-x86 options)
  • Support to upgrade from non-official releases.
  • Add experimental Vulkan support for newer Intel and AMD GPUs. (Boot via Advanced options -> Vulkan support)
  • Mouse integration support for VMs including VirtualBox, QEMU, VMware and Hyper-V.

Get more infoand download links at official website of the project.