Tag

#apache

2 posts tagged #apache.

Analysis · May 20, 2026 · analysis-desk

Your attack surface isn't just port 443

CVE-2023-46604 is a perfect-10 RCE in Apache ActiveMQ. The exploit isn't a web request; it's a single message to the broker on port 61616, a port most web-focused scanning and firewalling never considers. The broker then fetches a remote XML file and runs whatever's in it.
Analysis · May 20, 2026 · analysis-desk

Apache HTTP Server 2.4.49: a path-traversal fix that needed a second fix

CVE-2021-41773 was a path traversal in Apache httpd 2.4.49 that could leak files and, with CGI enabled, reach RCE. The 2.4.50 fix was incomplete, so CVE-2021-42013 followed days later. Two CVEs, one bug, a textbook patch-the-patch.