July 16, 2024 at 06:19PM CISA warns of actively exploited GeoServer GeoTools remote code execution flaw (CVE-2024-36401). The flaw allows arbitrary code execution and affects all GeoServer instances. Researchers demonstrated proof of concept exploits, prompting patching of versions 2.23.6, 2.24.4, and 2.25.2. CISA requires federal agencies to patch servers by August 5th, 2024, while private … Read more
July 16, 2024 at 12:09PM CISA is urgently advising federal agencies to address a high-severity vulnerability in GeoServer (CVE-2024-36401) due to active exploitation risks. The flaw allows unauthenticated attackers to execute remote code through crafted input, affecting all GeoServer instances. Users are recommended to apply the latest patches and review CISA’s Known Exploited Vulnerabilities list … Read more
July 16, 2024 at 12:45AM The U.S. CISA identified a critical security flaw in OSGeo GeoServer GeoTools as actively exploited. The vulnerability, CVE-2024-36401, allows remote code execution. Versions 2.23.6, 2.24.4, and 2.25.2 address the issue. Another flaw, CVE-2024-36404, also poses RCE risk. Federal agencies must apply fixes by August 5, 2024, amid reports of active … Read more