A SINGLE VULNERABILITY IN APACHE COULD ALLOW ATTACKERS TO LAUNCH 8 DIFFERENT EXPLOITS TO TAKE OVER YOUR IT ASSETS

It’s a matter of fact that to earn living, you need to serve required service to the people in one way or the other. Serving is the only way to survive in the environment. If you are a tech geek, you might know this fact that machines too communicate using this concept i.e there exists a server and the client requests for the required service. The server then accordingly response and entertains the end user uniquely. But do we actually know what’s makes a server differentiable from the client (as at the end they both are machines)?

On the upper layer, any machines running the web server software like Apache or Nginx becomes a server. It means that any machine if properly configured with web server software becomes discoverable to all the available clients in the network (private or public). This is very basic need of every web application or website which serves you amazing content on the internet. If this component is vulnerable, the whole web application is at risk.

Some researchers from Tencent Security Intelligence have found the attackers using Apache Solr remote code execution vulnerability (CVE-2019–0193) to exploit the vulnerable servers. Later on exploiting the vulnerability, the payload BuleHero mining trojan comes with 8 other different exploits to exploit other services running in the server in order to gain access over the whole network. Let’s traverse through its actions!

To continue reading, click here.