Having problems with your account or logging in?
A lot of changes are happening in the community right now. Some may affect you. READ MORE HERE
Security Research Blog
Get innovative research, observations and updates from the Micro Focus Security Research experts to help you proactively identify threats and manage risk.
Use the OPTIONS button below to subscribe

Security Research Blog

SasiSiddharth Absent Member.
Absent Member.

An OGNL Expression Injection vulnerability in the Jakarta Multipart parser has recently been garnering a lot of attention. The parser is used in Apache Struts 2, versions 2.3.x (2.3.5 - 2.3.32) and 2.5.x (below 2.5.10.1). The vulnerability allows a remote attacker to inject OGNL expressions using a malformed multipart request and is assigned CVE-2017-5638. This article provides a quick assessment of the vulnerability.


Read Blog Article

Read more
0 0 12.2K
alvaro_munoz Trusted Contributor.
Trusted Contributor.

pimgpsh_fullsize_distr.jpg

When reports surface that the White House and NATO were hacked using an unknown vulnerability, it peaked our interest. When it was later announced that the Java Naming and Directory Interface (JNDI) was used, we decided to look at other Java APIs to see if we could find similar vulnerabilities. We expected to find a bug or two. What we actually found was two new classes of vulnerabilities: JNDI Injection and LDAP Entry Poisoning.


Read Blog Article

Read more
0 0 26.5K
Reasearch Blog Welcome to the Security Research Blog!
Get innovative research, observations and updates from the Micro Focus Security Research experts to help you proactively identify threats and manage risk
The opinions expressed above are the personal opinions of the authors, not of Micro Focus. By using this site, you accept the Terms of Use and Rules of Participation. Certain versions of content ("Material") accessible here may contain branding from Hewlett-Packard Company (now HP Inc.) and Hewlett Packard Enterprise Company. As of September 1, 2017, the Material is now offered by Micro Focus, a separately owned and operated company. Any reference to the HP and Hewlett Packard Enterprise/HPE marks is historical in nature, and the HP and Hewlett Packard Enterprise/HPE marks are the property of their respective owners.