Articles SolarWinds has fixed a vulnerability in Serv-U that was...

SolarWinds has fixed a vulnerability in Serv-U that was used in attacks on Log4j

-

Microsoft  discovered a vulnerability in Serv-U that hackers exploited to carry out Log4j attacks on internal devices in the network of victim companies.

The bug was discovered by Microsoft experts while monitoring attacks using Log4j . The bug, identified as CVE-2021-35247 , was related to incorrect input validation, which allowed attackers to create requests and send them over the network in an unverified form.

SolarWinds, which is responsible for the development of Serv-U, has already published a security bulletin on CVE-2021-35247, and also released Serv-U version 15.3, which fixed the issue.

“The Serv-U web login for LDAP authentication allowed characters to be used that were not properly sanitized. SolarWinds has updated the input engine, adding an additional input validation and sanitization routine,” the developers write.

Interestingly, the company claims that the LDAP servers ignored invalid characters, that is, no further development of the attack allegedly could occur. Thus, it is not yet clear whether the attackers tried to exploit the vulnerability and failed, or whether the attacks successfully continued by exploiting problems in Log4j, as Microsoft stated.

Must read

28 dangerous extensions detected for Google Chrome and Microsoft Edge

Avast experts have discovered malware hidden in at least 28 third-party...

Critical Infrastructure Warning! Millions of PLCs, switches, IoT devices are under threat

Eleven vulnerabilities, combined under the name Urgent / 11,...

Why Is It Important To Have Intrusion Detection And Prevention ?

This article describes why detection and prevention of burglaries...

The risk is real: attacks on OT infrastructure

Previously, many believed that attacks on an isolated OT...

Gitpaste-12: Linux bot armed with a dozen exploits

Researchers at Juniper Networks have discovered a Linux scripting...

Saferwall : Open Source Malware Analysis

Saferwall is an open source malware analysis platform. It...

Network Vulnerability Assessment ? Why Should Every Company Do it at least once a Year !

Network vulnerability assessment analyzes a variety of network issues,...

Artificial Intelligence and Cyber Security

As artificial intelligence intrudes into the world of cybersecurity,...

You might also likeRELATED
Recommended to you