1 min
Application Security
Apache Struts Vulnerability (CVE-2017-5638) Protection: Scanning with Nexpose
On March 9th, 2017 we highlighted the availability of a vulnerability check in
Nexpose for CVE-2017-5638
[https://rapid7.com/db/modules/exploit/multi/http/struts2_content_type_ognl] –
see the full blog post describing the Apache Struts vulnerability here
[/2017/03/09/apache-jakarta-vulnerability-attacks-in-the-wild]. This check would
be performed against the root URI of any HTTP/S endpoints discovered during a
scan.
On March 10th, 2017 we added an additional check that would work in conjunctio
1 min
Nexpose
CVE-2017-3823: Remote Code Execution Vulnerability in Cisco WebEx Browser Plugin
On January 21st 2017, Google's Project Zero disclosed a vulnerability in Cisco's
WebEx browser plugin extension that could allow attackers to perform a remote
code execution (RCE) exploit on any Windows host running the plugin.
An initial fix was pushed out by Cisco that warned a user if they were launching
a meeting from a domain other than *.webex.com or *.webex.com.cn, however, the
fix was questioned by April King from Mozilla
[https://bugs.chromium.org/p/project-zero/issues/detail?id=1096#c