 |
Post ArwXWiYVNX7Typfyj2 by [email protected] |
 |
More posts by [email protected] |
|
Post #ArsXMTmYfokMdKWm5g by [email protected] |
|
0 likes, 0 repeats |
|
|
|
New by me - No, there isn’t a world ending Apache Camel vulnerabilityhttps://… |
|
|
|
Post #ArsZoWkNRZMPqT0dzE by [email protected] |
|
0 likes, 0 repeats |
|
|
|
If anybody is wondering where the posts online are about this, we had most of t… |
|
|
|
Post #ArtKv7ovDMmSPQmcMK by [email protected] |
|
0 likes, 1 repeats |
|
|
|
Apache have updated their Camel advisory, it is really a particular and limited… |
|
|
|
Post #ArtLFJdWzXaMqf5CQS by [email protected] |
|
0 likes, 0 repeats |
|
|
|
Apache credit AT&T for the find - who are also listed as the source of the … |
|
|
|
Post #ArtYHNd6PnmnDSCHNg by [email protected] |
|
0 likes, 1 repeats |
|
|
|
@GossiTheDog there are some significant humps to reliable exploitation, I'm… |
|
|
|
Post #Aruqk7V5SHD5vHGHlg by [email protected] |
|
0 likes, 0 repeats |
|
|
|
Apache have modified the Camel vuln description again. The attack surface obvi… |
|
|
|
Post #Arv2utkM88mvtyJFTs by [email protected] |
|
0 likes, 0 repeats |
|
|
|
Akamai have released a PoC for the Camel thing, which introduces a deliberately… |
|
|
|
Post #Arv3PLm4ULydW1dHH6 by [email protected] |
|
0 likes, 0 repeats |
|
|
|
In b4 people start spraying coin miners at the URI /vulnerable after seeing tha… |
|
|
|
Post #Arv4NKM6tNyWUT5YdU by [email protected] |
|
0 likes, 0 repeats |
|
|
|
@GossiTheDog can't wait for copilot to add this repo to its corpus! |
|
|
|
Post #ArwOJMhCRTkmpbIjC4 by [email protected] |
|
0 likes, 0 repeats |
|
|
|
As if by magic, the function in the Akamai PoC is being sprayed online at any o… |
|
|
|
Post #ArwUMWkI8IuaatddJI by [email protected] |
|
0 likes, 0 repeats |
|
|
|
Updated El Bloggo with some prevention and detection suggestions, and noting pr… |
|
|
|
Post #ArwW346iaKkQBEyYYS by [email protected] |
|
0 likes, 1 repeats |
|
|
|
@GossiTheDog Well, "is being sprayed randomly" does not contradict &q… |
|
|
|
Post #ArwXWiYVNX7Typfyj2 by [email protected] |
|
0 likes, 0 repeats |
|
|
|
@GossiTheDog ok, but can we quickly talk about how the Description section read… |
|
|
|
Post #ArweMW7lRUT8CzFe4G by [email protected] |
|
0 likes, 1 repeats |
|
|
|
@GossiTheDog I did not even know what Apache Camel up until this weekend. |
|
|
|
Post #Arygf1j8Rp665cjkxc by [email protected] |
|
0 likes, 0 repeats |
|
|
|
Qualys' blog about CVE-2025-27636 shows a proof of concept which isn't … |
|
|
|
Post #AryhNqy7IHJXkq7SdM by [email protected] |
|
0 likes, 0 repeats |
|
|
|
In the latest with the Camel CVE-2025-27636 saga - the attempted exploitation a… |
|
|
|
Post #AryoDSLweuOEC4FpUe by [email protected] |
|
0 likes, 0 repeats |
|
|
|
@GossiTheDog They probably think it could be a log4j situation. thx for keeping… |
|
|
|
Post #Arz1vL82B9WLvw0Fvs by [email protected] |
|
0 likes, 0 repeats |
|
|
|
Apache issued another CVE - CVE-2025-29891 - but it's effectively the same … |
|
|
|
Post #As2lxDwJ3dMna7EYNc by [email protected] |
|
0 likes, 0 repeats |
|
|
|
Akamai did a blog on the Apache Camel vulns. It’s been marketing polished up … |
|
|
|
Post #As2mGKcmQWqzoiDBxo by [email protected] |
|
0 likes, 0 repeats |
|
|
|
In summary |
|
|
|
Post #As2p2FnzqaDWgAR9mq by [email protected] |
|
0 likes, 1 repeats |
|
|
|
@GossiTheDog Reminds me of the time that GreyNoise published a fake PoC exploit… |
|
|
|
Post #As2physj9w9SLzXxpI by [email protected] |
|
0 likes, 1 repeats |
|
|
|
@wdormann @GossiTheDog "We created a PoC and tested it, then saw active ex… |
|
|
|
Post #As2rTFAKX9DyQDsfjM by [email protected] |
|
0 likes, 0 repeats |
|
|
|
Qualys went back and fixed their blog, kudos - no longer says zero day and they… |
|
|
|
Post #As3ATQDtJwK1qSLSFM by [email protected] |
|
0 likes, 0 repeats |
|
|
|
@GossiTheDog People need to justify their salaries |
|
|
|
Post #As3Mia0sP0tS0CFfdY by [email protected] |
|
0 likes, 1 repeats |
|
|
|
Redhat have scored the Camel vuln CVE-2025–27636 as CVSS 6.3, CISA-ADP have s… |
|
|
|
Post #As3NsRJhgq2JsgK6zY by [email protected] |
|
0 likes, 0 repeats |
|
|
|
Another fun one from this saga - the Twitter 'dark web' accounts which … |
|
|
|
Post #As3OZzYGHVySVhtrXM by [email protected] |
|
0 likes, 0 repeats |
|
|
|
Critical... 9.8 CVSS score we made up... RED ALERT!!!!!!!!!!!!!!!!!!!!!!!!!!!!… |
|
|
|
Post #As3Oh1cwxkmuyVRlNQ by [email protected] |
|
0 likes, 0 repeats |
|
|
|
@GossiTheDog maybe a negative indicator on the reliability of those sources |
|
|
|
Post #As3PPO0n6BrP8nkdKi by [email protected] |
|
0 likes, 0 repeats |
|
|
|
@GossiTheDog CISA-ADP is a godsent, istg,if they ever let me rewrite our securi… |
|
|
|
Post #As3Pcju11MQKnYwujA by [email protected] |
|
0 likes, 0 repeats |
|
|
|
@GossiTheDog this reminds me of something mentioned by the Youtuber Lazerpig on… |
|
|
|
Post #As3Pik835mgXEoNNFQ by [email protected] |
|
0 likes, 0 repeats |
|
|
|
@GossiTheDog so, essentially, most of these are (possibly semi-automated) conte… |
|
|
|
Post #As3T1tAdzzAUe4PXdI by [email protected] |
|
0 likes, 0 repeats |
|
|
|
@GossiTheDog we need spanning-tree for CVE |
|
|
|
Post #As3T9kPMShJ7mk2fgW by [email protected] |
|
0 likes, 0 repeats |
|
|
|
Btw - this thread isn't to downplay the two Apache Camel vulns. They'r… |
|
|
|
Post #As3WLjCh45lTO5WNdY by [email protected] |
|
0 likes, 0 repeats |
|
|
|
@GossiTheDog "If you use Apache Camel for something like a Jetty based web… |
|
|
|
Post #As3aOT7ZiQpcC4gnz6 by [email protected] |
|
0 likes, 0 repeats |
|
|
|
@GossiTheDog isn’t the CVSS only useful if you have multiple „problems“ a… |
|
|
|
Post #Ay4qDuOJk4ssAsJDFY by [email protected] |
|
0 likes, 0 repeats |
|
|
|
@geekiga @GossiTheDog The score is a reasonable way to convert the multi-parame… |
