The Apache Software Foundation Company Cyber Security Posture
apache.orgThe global home for open source software, powering some of the worldโs most ubiquitous software projects in web, big data, Java, IoT, cloud computing, and more. Learn more at https://apache.org. Through the ASF's meritocratic process known as "The Apache Way,"โ 850+ individual Members and 8,200+ Committers successfully collaborate to develop freely available enterprise-grade software, benefiting millions of users worldwide: thousands of software solutions are distributed under the Apache License; and the community actively participates in ASF mailing lists, mentoring initiatives, and ApacheCon, the Foundation's official global conference series. The ASF is a US 501(c)(3) charitable organization, funded by individual donations and corporate sponsors including Aetna, Alibaba Cloud Computing, Amazon Web Services, Anonymous, Baidu, Bloomberg, Budget Direct, Capital One, Cerner, Cloudera, Comcast, Didi Chuxing, Facebook, Google, Huawei, IBM, Microsoft, Pineapple Fund, Red Hat, Reprise Software, Target, Tencent, Workday, Union Investment, and Verizon Media. For more information, visit https://www.apache.org/ and https://twitter.com/TheASF
ASF Company Details
the-apache-software-foundation
2322 employees
76750.0
511
Software Development
apache.org
Scan still pending
THE_1560853
In-progress
ASF Risk Score (AI oriented)Between 900 and 1000
This score is AI-generated and less favored by cyber insurers, who prefer the TPRM score.
ASF Global Score.png)
The Apache Software Foundation Company Scoring based on AI Models
| Model Name | Date | Description | Current Score Difference | Score |
|---|---|---|---|---|
| AVERAGE-Industry | 03-12-2025 | This score represents the average cybersecurity rating of companies already scanned within the same industry. It provides a benchmark to compare an individual company's security posture against its industry peers. | N/A | Between 900 and 1000 |
The Apache Software Foundation Company Cyber Security News & History
| Entity | Type | Severity | Impact | Seen | Url ID | Details | View |
|---|---|---|---|---|---|---|---|
| Apache Software Foundation | Vulnerability | 100 | 5 | 3/2025 | THE659030725 | Link | |
Rankiteo Explanation : Attack threatening the organizationโs existenceDescription: A critical vulnerability, CVE-2024-56325, in Apache Pinot has been disclosed with a CVSS score of 9.8 for allowing authentication bypass. Organizations utilizing Apache Pinot prior to version 1.3.0 are at risk of unauthorized data access, record injection, or service disruption. This flaw affects real-time analytics dashboards, financial monitoring, and IoT data processing. Given the remote exploitability and impact on confidentiality, integrity, and availability, immediate system upgrades and auditing for suspicious access patterns are imperative. This vulnerability emphasizes the need for robust defense strategies and software composition analysis tools in handling authentication in distributed systems. | |||||||
| Apache Software | Vulnerability | 100 | 5 | 3/2025 | THE318031825 | Link | |
Rankiteo Explanation : Attack threatening the organizationโs existenceDescription: Apache Software has disclosed a critical RCE flaw in their widely-used Tomcat web container. Threat actors, exploiting a public PoC, can compromise and gain control over vulnerable servers with a simple PUT API request. This attack has significant implications as it could allow unauthorized access to sensitive data, disruption of services, and potential hijacking of systems. The exploitation of this vulnerability can result in data breaches, operational downtime, and severe security ramifications for enterprises relying on Apache Tomcat for their Java-based web applications. | |||||||
| The Apache Software Foundation | Vulnerability | 60 | 1 | 4/2025 | THE718040425 | Link | |
Rankiteo Explanation : Attack without any consequencesDescription: A critical vulnerability identified as CVE-2024-53868 was discovered in Apache Traffic Server, potentially leading to cache poisoning, security control bypass, and session hijacking. The flaw relates to improper handling of HTTP chunked transfer encoding, where attackers can exploit malformed chunked messages to perform request smuggling attacks. Although the vulnerability has a CVSS score of 6.5, denoting a medium severity level, its exploitation could lead to data exposure and inconsistent request handling. Organizations using the affected versions are advised to upgrade and implement security measures to safeguard their systems. | |||||||
| Apache Software Foundation | Vulnerability | 100 | 5 | 5/2025 | THE300050525 | Link | |
Rankiteo Explanation : Attack threatening the organizationโs existenceDescription: A critical deserialization vulnerability (CVE-2025-46762) was disclosed in Apache Parquet Javaโs parquet-avro module, affecting all versions through 1.15.1. The flaw allows an attacker supplying a crafted Parquet file with a malicious Avro schema to execute arbitrary code on any system that uses the โspecificโ or โreflectโ Avro models for reading data. This impacts big data processing frameworksโsuch as Hadoop, Spark, and Flinkโthat rely on Parquet for high-performance columnar storage and retrieval. Exploitation can lead to full system compromise, unauthorized access to sensitive data, disruption of analytics pipelines, and potential lateral movement within enterprise networks. Although version 1.15.1 included a partial fix, the default trustedโpackages setting remained permissive, leaving the vulnerability exploitable. Organizations that process untrusted Parquet files without proper restrictions face the risk of supplyโchain attacks, malware deployment, and critical service outages. Immediate remediation requires upgrading to Parquet Java 1.15.2 or setting the org.apache.parquet.avro.SERIALIZABLE_PACKAGES property to an empty string to block execution of untrusted classes. Failure to address this issue could result in severe operational and reputational damage. | |||||||
| Apache Tomcat | Vulnerability | 100 | 5 | 6/2025 | THE951060625 | Link | |
Rankiteo Explanation : Attack threatening the organization's existenceDescription: A critical denial-of-service vulnerability in Apache Tomcat has been publicly exposed, affecting servers running versions 10.1.10 through 10.1.39. The exploit, designated as CVE-2025-31650, leverages malformed HTTP/2 priority headers to cause memory exhaustion on vulnerable Tomcat instances. This vulnerability, if exploited, can lead to complete service disruption, overwhelming even well-provisioned servers through sustained memory exhaustion. | |||||||
| Apache Software Foundation | Vulnerability | 25 | 1 | 6/2025 | THE903061725 | Link | |
Rankiteo Explanation : Attack without any consequencesDescription: Multiple critical security vulnerabilities in Apache Tomcat web servers were discovered, including high-severity flaws enabling denial-of-service (DoS) attacks and a moderate-severity vulnerability allowing authentication bypass. These vulnerabilities, identified as CVE-2025-48976, CVE-2025-48988, CVE-2025-49124, and CVE-2025-49125, affect millions of web applications worldwide running on affected Tomcat versions spanning from 9.0.x to 11.0.x series. The vulnerabilities were reported on June 16, 2025, and immediate patches are available across all affected version branches. | |||||||
| Apache | Vulnerability | 85 | 4 | 6/2025 | THE302062025 | Link | |
Rankiteo Explanation : Attack with significant impact with customers data leaksDescription: A significant security vulnerability (CVE-2025-32896) was disclosed in Apache SeaTunnel, a widely used distributed data integration platform. This flaw allows unauthorized users to execute arbitrary file read operations and deserialization attacks, potentially leading to remote code execution (RCE). The vulnerability affects versions 2.3.1 through 2.3.10 and was reported on April 12, 2025. The flaw stems from insufficient access controls in the RESTful API-v1 implementation, specifically targeting the /hazelcast/rest/maps/submit-job endpoint. This vulnerability is particularly dangerous as it can allow attackers to gain control over the affected SeaTunnel instance. | |||||||
| Apache Foundation | Vulnerability | 100 | 5 | 7/2025 | THE409071125 | Link | |
Rankiteo Explanation : Attack threatening the organization's existenceDescription: The Opossum attack exploits a sophisticated cross-protocol application layer desynchronization vulnerability that compromises TLS-based communications. This attack affects critical protocols including HTTP, FTP, POP3, SMTP, LMTP, and NNTP. By leveraging man-in-the-middle positioning, attackers can inject unexpected messages into secure channels, causing persistent desynchronization between clients and servers and breaking the integrity assumptions of encrypted communications. This vulnerability enables session hijacking, content manipulation, and XSS attacks, posing a significant threat to the organization's security. | |||||||
| Apache | Vulnerability | 25 | 1 | 7/2025 | THE754071625 | Link | |
Rankiteo Explanation : Attack without any consequencesDescription: A newly disclosed flaw in Apache Tomcatโs Coyote engine, tracked as CVE-2025-53506, has been identified. The vulnerability allows a remote attacker to exhaust the serverโs thread pool and force the container into a prolonged denial-of-service state by repeatedly initiating streams that are never closed. This issue affects various maintained branches and has been scored 6.3 by CVSS v4. Modern reverse proxies can mitigate the attack by enforcing a SETTINGS-ack timeout or hard stream ceiling until full patch deployment. | |||||||
| Apache | Vulnerability | 50 | 2 | 8/2025 | THE207081225 | Link | |
Rankiteo Explanation : Attack limited on finance or reputationDescription: A severe vulnerability in Apache bRPC (CVE-2025-54472) allows attackers to crash services by exploiting unlimited memory allocation in the Redis protocol parser. This affects all versions prior to 1.14.1. Attackers can send crafted packets with large integers, triggering memory allocation failures and causing immediate service termination. The vulnerability is particularly dangerous for internet-facing deployments, as it requires only network access. While version 1.14.0 attempted to fix the issue, a critical flaw left it vulnerable. Organizations are advised to upgrade to version 1.14.1 or apply the security patch to mitigate the risk. | |||||||
The Apache Software Foundation Company Subsidiaries
The global home for open source software, powering some of the worldโs most ubiquitous software projects in web, big data, Java, IoT, cloud computing, and more. Learn more at https://apache.org. Through the ASF's meritocratic process known as "The Apache Way,"โ 850+ individual Members and 8,200+ Committers successfully collaborate to develop freely available enterprise-grade software, benefiting millions of users worldwide: thousands of software solutions are distributed under the Apache License; and the community actively participates in ASF mailing lists, mentoring initiatives, and ApacheCon, the Foundation's official global conference series. The ASF is a US 501(c)(3) charitable organization, funded by individual donations and corporate sponsors including Aetna, Alibaba Cloud Computing, Amazon Web Services, Anonymous, Baidu, Bloomberg, Budget Direct, Capital One, Cerner, Cloudera, Comcast, Didi Chuxing, Facebook, Google, Huawei, IBM, Microsoft, Pineapple Fund, Red Hat, Reprise Software, Target, Tencent, Workday, Union Investment, and Verizon Media. For more information, visit https://www.apache.org/ and https://twitter.com/TheASF
Access Data Using Our API
Get company history
Rapid.png)
ASF Cyber Security News
New Apache Traffic Server Flaws Allow Malformed Request Exploits
These vulnerabilities allow malicious actors to exploit malformed requests and access control list (ACL) issues, posing serious security risksย ...
ASF releases patches for critical Apache Tomcat vulnerabilities
One of the primary vulnerabilities, identified as CVE-2025-48976, involves a flaw in Apache Commons FileUpload. Previously, this component had aย ...
Apache HTTP Server 2.4.64 Released With Patch for 8 Vulnerabilities
The Apache Software Foundation has released Apache HTTP Server version 2.4.64, addressing eight critical security vulnerabilities thatย ...
Critical Apache Tomcat Vulnerability (CVE-2024-50379) Exposes Systems to Remote Code Execution
Apache Tomcat, a widely used open-source Java servlet container, powers numerous web applications globally, making this vulnerability aย ...
Apache Software Foundation Issues Patch for Two Critical Vulnerabilities in Apache HTTP Server
The Apache Software Foundation has issued an update for critical vulnerabilities, but this time it's for the Apache HTTP Server. The new patch fixes aย ...
Apache Software Foundation Initiatives to Fuel the Next 25 Years of Open Source Innovation
The ASF celebrated its 25th anniversary on March 24, 2024. For more than two decades the ASF has led innovation in open source, pioneering industry standards.
The Cyber Security Agency Of Singapore Alerts CVE-2024-43441
The Cyber Security Agency of Singapore has issued a warning about several critical vulnerabilities found in Apache software products.
Apache Traffic Server Vulnerability Allows DoS Attacks Through Memory Exhaustion
A newly disclosed vulnerability in Apache Traffic Server (ATS) has raised serious concerns among enterprise users and cloud providers, asย ...
Apache Traffic Server Vulnerability Let Attackers Trigger DoS Attack via Memory Exhaustion
A critical security vulnerability has been discovered in Apache Traffic Server that allows remote attackers to trigger denial-of-service (DoS)ย ...
ASF Similar Companies
Cadence
Cadence is a pivotal leader in electronics and system design, building upon more than 30 years of computational software expertise. The company applies its underlying Intelligent System Design strategy to deliver software, hardware and IP that turn design concepts into reality. Cadence customers are
EduTech AI
EduTech AI is a leading provider of artificial intelligence (AI) solutions for the education sector. We are committed to helping educators and learners around the world harness the power of AI to improve teaching and learning outcomes. Our AI-powered products and services are used by schools, unive
[24]7.ai
[24]7.aiโข customer engagement solutions use conversational artificial intelligence to understand customer intent, enabling companies to create personalized, predictive, and effortless customer experiences across all channels; attract and retain customers; boost agent productivity and satisfaction; a
OpenText
OpenText is a world leader in Information Management, helping companies securely capture, govern and exchange information on a global scale. OpenText solves digital business challenges for customers, ranging from small and mid-sized businesses to the largest and most complex organizations in the wor
Baidu, Inc.
Baidu is a leading AI company with strong Internet foundation, driven by our mission to โmake the complicated world simpler through technologyโ. Founded in 2000 as a search engine platform, we were an early adopter of artificial intelligence in 2010. Since then, we have established a full AI stack,
Microsoft
Every company has a mission. What's ours? To empower every person and every organization to achieve more. We believe technology can and should be a force for good and that meaningful innovation contributes to a brighter world in the future and today. Our culture doesnโt just encourage curiosity; it
Frequently Asked Questions
Explore insights on cybersecurity incidents, risk posture, and Rankiteo's assessments.
ASF CyberSecurity History Information
How many cyber incidents has ASF faced?
Total Incidents: According to Rankiteo, ASF has faced 10 incidents in the past.
What types of cybersecurity incidents have occurred at ASF?
Incident Types: The types of cybersecurity incidents that have occurred include Vulnerability.
How does ASF detect and respond to cybersecurity incidents?
Detection and Response: The company detects and responds to cybersecurity incidents through an remediation measures with upgrade to apache brpc version 1.14.1, apply the available security patch and containment measures with disable http/2, limit maxconcurrentstreams at the reverse-proxy layer and remediation measures with upgrade to patched versions, enforce settings-ack timeout or hard stream ceiling and remediation measures with disable opportunistic tls, use implicit tls only and containment measures with upgrade to version 2.3.11, enable restful api-v2, implement https two-way authentication and remediation measures with upgrade to version 2.3.11, enable restful api-v2, implement https two-way authentication and remediation measures with immediate patches available across all affected version branches and containment measures with upgrade to patched releases, rate limiting for http/2 connections, monitoring for unusual patterns in priority header usage, memory monitoring alerts, disabling http/2 support temporarily and remediation measures with upgrade to patched releases, rate limiting for http/2 connections, monitoring for unusual patterns in priority header usage, memory monitoring alerts, disabling http/2 support temporarily and enhanced monitoring with rate limiting for http/2 connections, monitoring for unusual patterns in priority header usage, memory monitoring alerts and containment measures with upgrade to parquet java 1.15.2, set org.apache.parquet.avro.serializable_packages to an empty string and remediation measures with upgrade and implement security measures and remediation measures with immediate system upgrades, auditing for suspicious access patterns.
Incident Details
Can you provide details on each incident?
Incident : Vulnerability
Title: Apache bRPC Redis Protocol Parser Vulnerability
Description: A severe vulnerability in Apache bRPC has been discovered that allows attackers to crash services through network exploitation, affecting all versions prior to 1.14.1. The vulnerability, identified as CVE-2025-54472 with 'important' severity classification, stems from unlimited memory allocation in the Redis protocol parser component.
Type: Vulnerability
Attack Vector: Network exploitation
Vulnerability Exploited: CVE-2025-54472
Incident : Denial of Service (DoS)
Title: Apache Tomcat Coyote Engine Vulnerability CVE-2025-53506
Description: A flaw in Apache Tomcatโs Coyote engine allows a remote attacker to exhaust the serverโs thread pool and force a denial-of-service state by exploiting a race condition in HTTP/2 stream handling.
Type: Denial of Service (DoS)
Attack Vector: Network
Vulnerability Exploited: CVE-2025-53506
Motivation: Disruption of service
Incident : Cross-protocol Application Layer Desynchronization
Title: Opossum Attack
Description: The Opossum attack is a sophisticated cross-protocol application layer desynchronization vulnerability that compromises TLS-based communications by exploiting differences between implicit and opportunistic TLS implementations. It affects critical protocols including HTTP, FTP, POP3, SMTP, LMTP, and NNTP, and enables session hijacking, content manipulation, and XSS attacks.
Type: Cross-protocol Application Layer Desynchronization
Attack Vector: Man-in-the-Middle
Vulnerability Exploited: Implicit TLS, Opportunistic TLS
Motivation: Session Hijacking, Content Manipulation, XSS Attacks
Incident : Remote Code Execution (RCE)
Title: Apache SeaTunnel RESTful API Vulnerability
Description: A significant security vulnerability in Apache SeaTunnel enables unauthorized users to execute arbitrary file read operations and deserialization attacks through its RESTful API interface.
Date Detected: 2025-04-12
Date Publicly Disclosed: 2025-04-12
Type: Remote Code Execution (RCE)
Attack Vector: Insufficient access controls in the RESTful API-v1 implementation, specifically the /hazelcast/rest/maps/submit-job endpoint.
Vulnerability Exploited: CVE-2025-32896
Motivation: Unauthorized access to sensitive system resources and remote code execution.
Incident : Vulnerability Exploitation
Title: Multiple Critical Security Vulnerabilities in Apache Tomcat
Description: Multiple critical security vulnerabilities affecting Apache Tomcat web servers, including two high-severity flaws enabling denial-of-service (DoS) attacks and one moderate-severity vulnerability allowing authentication bypass.
Date Detected: 2025-06-16
Date Publicly Disclosed: 2025-06-16
Type: Vulnerability Exploitation
Attack Vector: Memory Exhaustion via Multipart Header Exploitation, Multipart Upload Resource Exhaustion, Windows Installer Side-Loading Risk, Security Constraint Bypass in Resource Mounting
Vulnerability Exploited: CVE-2025-48976, CVE-2025-48988, CVE-2025-49124, CVE-2025-49125
Incident : Denial-of-Service
Title: Critical Denial-of-Service Vulnerability in Apache Tomcat
Description: A proof-of-concept exploit targeting a critical denial-of-service vulnerability in Apache Tomcat has been publicly released, exposing servers running versions 10.1.10 through 10.1.39 to potential attacks. The exploit, designated as CVE-2025-31650, leverages malformed HTTP/2 priority headers to cause memory exhaustion on vulnerable Tomcat instances.
Date Detected: 2025-06-05
Date Publicly Disclosed: 2025-06-05
Type: Denial-of-Service
Attack Vector: Malformed HTTP/2 priority headers
Vulnerability Exploited: CVE-2025-31650
Threat Actor: Security researcher Abdualhadi Khalifa
Motivation: Security research and public disclosure
Incident : Vulnerability Exploitation
Title: Critical Deserialization Vulnerability in Apache Parquet Java
Description: A critical deserialization vulnerability (CVE-2025-46762) was disclosed in Apache Parquet Javaโs parquet-avro module, affecting all versions through 1.15.1. The flaw allows an attacker supplying a crafted Parquet file with a malicious Avro schema to execute arbitrary code on any system that uses the โspecificโ or โreflectโ Avro models for reading data. This impacts big data processing frameworksโsuch as Hadoop, Spark, and Flinkโthat rely on Parquet for high-performance columnar storage and retrieval. Exploitation can lead to full system compromise, unauthorized access to sensitive data, disruption of analytics pipelines, and potential lateral movement within enterprise networks. Although version 1.15.1 included a partial fix, the default trustedโpackages setting remained permissive, leaving the vulnerability exploitable. Organizations that process untrusted Parquet files without proper restrictions face the risk of supplyโchain attacks, malware deployment, and critical service outages. Immediate remediation requires upgrading to Parquet Java 1.15.2 or setting the org.apache.parquet.avro.SERIALIZABLE_PACKAGES property to an empty string to block execution of untrusted classes. Failure to address this issue could result in severe operational and reputational damage.
Type: Vulnerability Exploitation
Attack Vector: Deserialization of untrusted data
Vulnerability Exploited: CVE-2025-46762
Motivation: System compromise, Data theft, Disruption of services, Lateral movement
Incident : Vulnerability
Title: CVE-2024-53868 in Apache Traffic Server
Description: A critical vulnerability identified as CVE-2024-53868 was discovered in Apache Traffic Server, potentially leading to cache poisoning, security control bypass, and session hijacking. The flaw relates to improper handling of HTTP chunked transfer encoding, where attackers can exploit malformed chunked messages to perform request smuggling attacks. Although the vulnerability has a CVSS score of 6.5, denoting a medium severity level, its exploitation could lead to data exposure and inconsistent request handling. Organizations using the affected versions are advised to upgrade and implement security measures to safeguard their systems.
Type: Vulnerability
Attack Vector: HTTP chunked transfer encoding
Vulnerability Exploited: CVE-2024-53868
Incident : Remote Code Execution (RCE)
Title: Critical RCE Flaw in Apache Tomcat
Description: Apache Software has disclosed a critical RCE flaw in their widely-used Tomcat web container. Threat actors, exploiting a public PoC, can compromise and gain control over vulnerable servers with a simple PUT API request. This attack has significant implications as it could allow unauthorized access to sensitive data, disruption of services, and potential hijacking of systems. The exploitation of this vulnerability can result in data breaches, operational downtime, and severe security ramifications for enterprises relying on Apache Tomcat for their Java-based web applications.
Type: Remote Code Execution (RCE)
Attack Vector: Exploitation of Public PoC
Vulnerability Exploited: Critical RCE flaw in Apache Tomcat
Motivation: Unauthorized access to sensitive data, disruption of services, potential hijacking of systems
Incident : Vulnerability Exploit
Title: Critical Vulnerability in Apache Pinot (CVE-2024-56325)
Description: A critical vulnerability, CVE-2024-56325, in Apache Pinot has been disclosed with a CVSS score of 9.8 for allowing authentication bypass. Organizations utilizing Apache Pinot prior to version 1.3.0 are at risk of unauthorized data access, record injection, or service disruption. This flaw affects real-time analytics dashboards, financial monitoring, and IoT data processing. Given the remote exploitability and impact on confidentiality, integrity, and availability, immediate system upgrades and auditing for suspicious access patterns are imperative. This vulnerability emphasizes the need for robust defense strategies and software composition analysis tools in handling authentication in distributed systems.
Type: Vulnerability Exploit
Attack Vector: Authentication Bypass
Vulnerability Exploited: CVE-2024-56325
What are the most common types of attacks the company has faced?
Common Attack Types: The most common types of attacks the company has faced is Vulnerability.
How does the company identify the attack vectors used in incidents?
Identification of Attack Vectors: The company identifies the attack vectors used in incidents through TCP port 443, Man-in-the-Middle, /hazelcast/rest/maps/submit-job endpoint, HTTP/2 priority headers and Simple PUT API request.
Impact of the Incidents
What was the impact of each incident?
Incident : Vulnerability THE207081225
Operational Impact: Denial of Service
Incident : Denial of Service (DoS) THE754071625
Systems Affected: Apache Tomcat servers
Downtime: High
Operational Impact: High
Incident : Cross-protocol Application Layer Desynchronization THE409071125
Systems Affected: HTTP, FTP, SMTP, POP3, LMTP, NNTP
Operational Impact: Persistent desynchronization between clients and servers
Incident : Vulnerability Exploitation THE903061725
Systems Affected: Apache Tomcat web servers
Incident : Denial-of-Service THE951060625
Systems Affected: Apache Tomcat servers running versions 10.1.10 through 10.1.39
Operational Impact: Complete service disruption
Incident : Vulnerability Exploitation THE300050525
Data Compromised: Sensitive data
Systems Affected: Hadoop, Spark, Flink
Operational Impact: Disruption of analytics pipelines
Brand Reputation Impact: Severe reputational damage
Incident : Vulnerability THE718040425
Systems Affected: Apache Traffic Server
Incident : Remote Code Execution (RCE) THE318031825
Systems Affected: Vulnerable servers
Operational Impact: Operational downtime, severe security ramifications
Incident : Vulnerability Exploit THE659030725
Systems Affected: Real-time analytics dashboards, Financial monitoring, IoT data processing
Which entities were affected by each incident?
Incident : Denial of Service (DoS) THE754071625
Entity Type: Software users
Industry: Various
Location: Global
Incident : Cross-protocol Application Layer Desynchronization THE409071125
Entity Type: Server
Industry: Technology
Incident : Remote Code Execution (RCE) THE302062025
Entity Type: Software Platform
Industry: Technology
Incident : Vulnerability Exploitation THE300050525
Entity Type: Big data processing frameworks
Industry: Technology
Incident : Vulnerability THE718040425
Entity Type: Organization
Incident : Remote Code Execution (RCE) THE318031825
Entity Type: Software Company
Industry: Technology
Incident : Vulnerability Exploit THE659030725
Entity Type: Organizations
Industry: ['Technology', 'Finance', 'IoT']
Response to the Incidents
What measures were taken in response to each incident?
Incident : Vulnerability THE207081225
Remediation Measures: Upgrade to Apache bRPC version 1.14.1, Apply the available security patch
Incident : Denial of Service (DoS) THE754071625
Containment Measures: Disable HTTP/2, Limit maxConcurrentStreams at the reverse-proxy layer
Remediation Measures: Upgrade to patched versions, Enforce SETTINGS-ack timeout or hard stream ceiling
Incident : Cross-protocol Application Layer Desynchronization THE409071125
Remediation Measures: Disable opportunistic TLS, Use implicit TLS only
Incident : Remote Code Execution (RCE) THE302062025
Containment Measures: Upgrade to version 2.3.11, enable RESTful API-v2, implement HTTPS two-way authentication
Remediation Measures: Upgrade to version 2.3.11, enable RESTful API-v2, implement HTTPS two-way authentication
Incident : Vulnerability Exploitation THE903061725
Remediation Measures: Immediate patches available across all affected version branches
Incident : Denial-of-Service THE951060625
Containment Measures: Upgrade to patched releases, rate limiting for HTTP/2 connections, monitoring for unusual patterns in priority header usage, memory monitoring alerts, disabling HTTP/2 support temporarily
Remediation Measures: Upgrade to patched releases, rate limiting for HTTP/2 connections, monitoring for unusual patterns in priority header usage, memory monitoring alerts, disabling HTTP/2 support temporarily
Enhanced Monitoring: Rate limiting for HTTP/2 connections, monitoring for unusual patterns in priority header usage, memory monitoring alerts
Incident : Vulnerability Exploitation THE300050525
Containment Measures: Upgrade to Parquet Java 1.15.2, Set org.apache.parquet.avro.SERIALIZABLE_PACKAGES to an empty string
Incident : Vulnerability THE718040425
Remediation Measures: Upgrade and implement security measures
Incident : Vulnerability Exploit THE659030725
Remediation Measures: Immediate system upgrades, Auditing for suspicious access patterns
Data Breach Information
What measures does the company take to prevent data exfiltration?
Prevention of Data Exfiltration: The company takes the following measures to prevent data exfiltration: Upgrade to Apache bRPC version 1.14.1, Apply the available security patch, Upgrade to patched versions, Enforce SETTINGS-ack timeout or hard stream ceiling, Disable opportunistic TLS, Use implicit TLS only, Upgrade to version 2.3.11, enable RESTful API-v2, implement HTTPS two-way authentication, Immediate patches available across all affected version branches, Upgrade to patched releases, rate limiting for HTTP/2 connections, monitoring for unusual patterns in priority header usage, memory monitoring alerts, disabling HTTP/2 support temporarily, Upgrade and implement security measures, Immediate system upgrades, Auditing for suspicious access patterns.
How does the company handle incidents involving personally identifiable information (PII)?
Handling of PII Incidents: The company handles incidents involving personally identifiable information (PII) through by disable http/2, limit maxconcurrentstreams at the reverse-proxy layer, upgrade to version 2.3.11, enable restful api-v2, implement https two-way authentication, upgrade to patched releases, rate limiting for http/2 connections, monitoring for unusual patterns in priority header usage, memory monitoring alerts, disabling http/2 support temporarily, upgrade to parquet java 1.15.2 and set org.apache.parquet.avro.serializable_packages to an empty string.
Lessons Learned and Recommendations
What lessons were learned from each incident?
Incident : Denial of Service (DoS) THE754071625
Lessons Learned: Ensuring timely updates and monitoring of HTTP/2 stream limits can prevent such vulnerabilities.
Incident : Cross-protocol Application Layer Desynchronization THE409071125
Lessons Learned: Disable opportunistic TLS and prioritize implicit TLS implementations to maintain secure communications integrity.
Incident : Remote Code Execution (RCE) THE302062025
Lessons Learned: Implement comprehensive security improvements, including enhanced authentication mechanisms and input validation procedures.
Incident : Denial-of-Service THE951060625
Lessons Learned: Immediate prioritization of upgrades to patched releases, implementation of rate limiting and monitoring for unusual patterns in priority header usage, and considering temporary disabling of HTTP/2 support on critical instances.
Incident : Vulnerability Exploit THE659030725
Lessons Learned: The need for robust defense strategies and software composition analysis tools in handling authentication in distributed systems.
What recommendations were made to prevent future incidents?
Incident : Vulnerability THE207081225
Recommendations: Upgrade to Apache bRPC version 1.14.1, Apply the available security patch, Adjust redis_max_allocation_size gflag parameter if processing Redis requests or responses exceeding 64MB
Incident : Denial of Service (DoS) THE754071625
Recommendations: Upgrade to the latest patched versions, Enforce SETTINGS-ack timeout or hard stream ceiling at the reverse-proxy layer
Incident : Cross-protocol Application Layer Desynchronization THE409071125
Recommendations: Disable opportunistic TLS, Use implicit TLS only
Incident : Remote Code Execution (RCE) THE302062025
Recommendations: Upgrade to the latest release, enable RESTful API-v2, implement HTTPS two-way authentication.
Incident : Vulnerability Exploitation THE903061725
Recommendations: Organizations must prioritize immediate updates to address these vulnerabilities. System administrators should verify their Tomcat installations and implement configuration changes to the server.xml file, specifically adjusting Connector parameters to prevent resource exhaustion attacks while maintaining application functionality.
Incident : Denial-of-Service THE951060625
Recommendations: Upgrade to patched releases, implement rate limiting for HTTP/2 connections, monitor for unusual patterns in priority header usage, set up memory monitoring alerts, and consider temporarily disabling HTTP/2 support on critical instances.
Incident : Vulnerability Exploitation THE300050525
Recommendations: Upgrade to Parquet Java 1.15.2, Set org.apache.parquet.avro.SERIALIZABLE_PACKAGES to an empty string
Incident : Vulnerability THE718040425
Recommendations: Upgrade and implement security measures
Incident : Vulnerability Exploit THE659030725
Recommendations: Immediate system upgrades, Auditing for suspicious access patterns
What are the key lessons learned from past incidents?
Key Lessons Learned: The key lessons learned from past incidents are Ensuring timely updates and monitoring of HTTP/2 stream limits can prevent such vulnerabilities.Disable opportunistic TLS and prioritize implicit TLS implementations to maintain secure communications integrity.Implement comprehensive security improvements, including enhanced authentication mechanisms and input validation procedures.Immediate prioritization of upgrades to patched releases, implementation of rate limiting and monitoring for unusual patterns in priority header usage, and considering temporary disabling of HTTP/2 support on critical instances.The need for robust defense strategies and software composition analysis tools in handling authentication in distributed systems.
What recommendations has the company implemented to improve cybersecurity?
Implemented Recommendations: The company has implemented the following recommendations to improve cybersecurity: Upgrade to Apache bRPC version 1.14.1, Apply the available security patch, Adjust redis_max_allocation_size gflag parameter if processing Redis requests or responses exceeding 64MBUpgrade to the latest patched versions, Enforce SETTINGS-ack timeout or hard stream ceiling at the reverse-proxy layerDisable opportunistic TLS, Use implicit TLS onlyUpgrade to the latest release, enable RESTful API-v2, implement HTTPS two-way authentication.Organizations must prioritize immediate updates to address these vulnerabilities. System administrators should verify their Tomcat installations and implement configuration changes to the server.xml file, specifically adjusting Connector parameters to prevent resource exhaustion attacks while maintaining application functionality.Upgrade to patched releases, implement rate limiting for HTTP/2 connections, monitor for unusual patterns in priority header usage, set up memory monitoring alerts, and consider temporarily disabling HTTP/2 support on critical instances.Upgrade to Parquet Java 1.15.2, Set org.apache.parquet.avro.SERIALIZABLE_PACKAGES to an empty stringUpgrade and implement security measuresImmediate system upgrades, Auditing for suspicious access patterns.
References
Where can I find more information about each incident?
Incident : Vulnerability THE207081225
Source: Apache bRPC project documentation
Incident : Denial of Service (DoS) THE754071625
Source: National Vulnerability Database
Incident : Denial of Service (DoS) THE754071625
Source: GitHub analysts
Incident : Denial-of-Service THE951060625
Source: Security researcher Abdualhadi Khalifa
Date Accessed: 2025-06-05
Where can stakeholders find additional resources on cybersecurity best practices?
Additional Resources: Stakeholders can find additional resources on cybersecurity best practices at and Source: Apache bRPC project documentation, and Source: National Vulnerability Database, and Source: GitHub analysts, and Source: Security researcher Abdualhadi KhalifaDate Accessed: 2025-06-05.
Initial Access Broker
How did the initial access broker gain entry for each incident?
Incident : Denial of Service (DoS) THE754071625
Entry Point: TCP port 443
Incident : Cross-protocol Application Layer Desynchronization THE409071125
Entry Point: Man-in-the-Middle
Incident : Remote Code Execution (RCE) THE302062025
Entry Point: /hazelcast/rest/maps/submit-job endpoint
Incident : Denial-of-Service THE951060625
Entry Point: HTTP/2 priority headers
Incident : Remote Code Execution (RCE) THE318031825
Entry Point: Simple PUT API request
Post-Incident Analysis
What were the root causes and corrective actions taken for each incident?
Incident : Vulnerability THE207081225
Root Causes: Unlimited memory allocation in the Redis protocol parser component
Corrective Actions: Implemented proper bounds checking for memory allocation requests with a default maximum allocation limit of 64MB per Redis parser operation
Incident : Denial of Service (DoS) THE754071625
Root Causes: Race condition introduced during the refactor that added dynamic stream limits
Corrective Actions: Upgrade to patched versions, Enforce SETTINGS-ack timeout or hard stream ceiling
Incident : Cross-protocol Application Layer Desynchronization THE409071125
Root Causes: Differences between implicit and opportunistic TLS implementations
Corrective Actions: Disable opportunistic TLS, Use implicit TLS only
Incident : Remote Code Execution (RCE) THE302062025
Root Causes: Insufficient access controls in the RESTful API-v1 implementation
Corrective Actions: Upgrade to version 2.3.11, enable RESTful API-v2, implement HTTPS two-way authentication
Incident : Denial-of-Service THE951060625
Root Causes: Fundamental flaw in how Apache Tomcat processes HTTP/2 priority headers
Corrective Actions: Upgrade to patched releases, implement rate limiting and monitoring for unusual patterns in priority header usage, set up memory monitoring alerts, consider temporarily disabling HTTP/2 support on critical instances.
Incident : Vulnerability Exploitation THE300050525
Root Causes: Deserialization vulnerability in Apache Parquet Javaโs parquet-avro module
Corrective Actions: Upgrade to Parquet Java 1.15.2, Set org.apache.parquet.avro.SERIALIZABLE_PACKAGES to an empty string
Incident : Vulnerability THE718040425
Root Causes: Improper handling of HTTP chunked transfer encoding
Corrective Actions: Upgrade and implement security measures
Incident : Remote Code Execution (RCE) THE318031825
Root Causes: Critical RCE flaw in Apache Tomcat
What is the company's process for conducting post-incident analysis?
Post-Incident Analysis Process: The company's process for conducting post-incident analysis is described as Rate limiting for HTTP/2 connections, monitoring for unusual patterns in priority header usage, memory monitoring alerts.
What corrective actions has the company taken based on post-incident analysis?
Corrective Actions Taken: The company has taken the following corrective actions based on post-incident analysis: Implemented proper bounds checking for memory allocation requests with a default maximum allocation limit of 64MB per Redis parser operation, Upgrade to patched versions, Enforce SETTINGS-ack timeout or hard stream ceiling, Disable opportunistic TLS, Use implicit TLS only, Upgrade to version 2.3.11, enable RESTful API-v2, implement HTTPS two-way authentication, Upgrade to patched releases, implement rate limiting and monitoring for unusual patterns in priority header usage, set up memory monitoring alerts, consider temporarily disabling HTTP/2 support on critical instances., Upgrade to Parquet Java 1.15.2, Set org.apache.parquet.avro.SERIALIZABLE_PACKAGES to an empty string, Upgrade and implement security measures.
Additional Questions
General Information
Who was the attacking group in the last incident?
Last Attacking Group: The attacking group in the last incident was an Security researcher Abdualhadi Khalifa.
Incident Details
What was the most recent incident detected?
Most Recent Incident Detected: The most recent incident detected was on 2025-04-12.
What was the most recent incident publicly disclosed?
Most Recent Incident Publicly Disclosed: The most recent incident publicly disclosed was on 2025-04-12.
Impact of the Incidents
What was the most significant data compromised in an incident?
Most Significant Data Compromised: The most significant data compromised in an incident was Sensitive data.
What was the most significant system affected in an incident?
Most Significant System Affected: The most significant system affected in an incident were Apache Tomcat servers and HTTP, FTP, SMTP, POP3, LMTP, NNTP and Apache Tomcat web servers and Apache Tomcat servers running versions 10.1.10 through 10.1.39 and Hadoop, Spark, Flink and Apache Traffic Server and Vulnerable servers and Real-time analytics dashboards, Financial monitoring, IoT data processing.
Response to the Incidents
What containment measures were taken in the most recent incident?
Containment Measures in Most Recent Incident: The containment measures taken in the most recent incident were Disable HTTP/2, Limit maxConcurrentStreams at the reverse-proxy layer, Upgrade to version 2.3.11, enable RESTful API-v2, implement HTTPS two-way authentication, Upgrade to patched releases, rate limiting for HTTP/2 connections, monitoring for unusual patterns in priority header usage, memory monitoring alerts, disabling HTTP/2 support temporarily, Upgrade to Parquet Java 1.15.2 and Set org.apache.parquet.avro.SERIALIZABLE_PACKAGES to an empty string.
Data Breach Information
What was the most sensitive data compromised in a breach?
Most Sensitive Data Compromised: The most sensitive data compromised in a breach was Sensitive data.
Lessons Learned and Recommendations
What was the most significant lesson learned from past incidents?
Most Significant Lesson Learned: The most significant lesson learned from past incidents was Ensuring timely updates and monitoring of HTTP/2 stream limits can prevent such vulnerabilities., Disable opportunistic TLS and prioritize implicit TLS implementations to maintain secure communications integrity., Implement comprehensive security improvements, including enhanced authentication mechanisms and input validation procedures., Immediate prioritization of upgrades to patched releases, implementation of rate limiting and monitoring for unusual patterns in priority header usage, and considering temporary disabling of HTTP/2 support on critical instances., The need for robust defense strategies and software composition analysis tools in handling authentication in distributed systems.
What was the most significant recommendation implemented to improve cybersecurity?
Most Significant Recommendation Implemented: The most significant recommendation implemented to improve cybersecurity was Upgrade to Apache bRPC version 1.14.1, Apply the available security patch, Adjust redis_max_allocation_size gflag parameter if processing Redis requests or responses exceeding 64MB, Upgrade to the latest patched versions, Enforce SETTINGS-ack timeout or hard stream ceiling at the reverse-proxy layer, Disable opportunistic TLS, Use implicit TLS only, Upgrade to the latest release, enable RESTful API-v2, implement HTTPS two-way authentication., Organizations must prioritize immediate updates to address these vulnerabilities. System administrators should verify their Tomcat installations and implement configuration changes to the server.xml file, specifically adjusting Connector parameters to prevent resource exhaustion attacks while maintaining application functionality., Upgrade to patched releases, implement rate limiting for HTTP/2 connections, monitor for unusual patterns in priority header usage, set up memory monitoring alerts, and consider temporarily disabling HTTP/2 support on critical instances., Upgrade to Parquet Java 1.15.2, Set org.apache.parquet.avro.SERIALIZABLE_PACKAGES to an empty string, Upgrade and implement security measures, Immediate system upgrades, Auditing for suspicious access patterns.
References
What is the most recent source of information about an incident?
Most Recent Source: The most recent source of information about an incident are Apache bRPC project documentation, National Vulnerability Database, GitHub analysts and Security researcher Abdualhadi Khalifa.
Initial Access Broker
What was the most recent entry point used by an initial access broker?
Most Recent Entry Point: The most recent entry point used by an initial access broker were an TCP port 443, Simple PUT API request, HTTP/2 priority headers, Man-in-the-Middle and /hazelcast/rest/maps/submit-job endpoint.
Post-Incident Analysis
What was the most significant root cause identified in post-incident analysis?
Most Significant Root Cause: The most significant root cause identified in post-incident analysis was Unlimited memory allocation in the Redis protocol parser component, Race condition introduced during the refactor that added dynamic stream limits, Differences between implicit and opportunistic TLS implementations, Insufficient access controls in the RESTful API-v1 implementation, Fundamental flaw in how Apache Tomcat processes HTTP/2 priority headers, Deserialization vulnerability in Apache Parquet Javaโs parquet-avro module, Improper handling of HTTP chunked transfer encoding, Critical RCE flaw in Apache Tomcat.
What was the most significant corrective action taken based on post-incident analysis?
Most Significant Corrective Action: The most significant corrective action taken based on post-incident analysis was Implemented proper bounds checking for memory allocation requests with a default maximum allocation limit of 64MB per Redis parser operation, Upgrade to patched versions, Enforce SETTINGS-ack timeout or hard stream ceiling, Disable opportunistic TLS, Use implicit TLS only, Upgrade to version 2.3.11, enable RESTful API-v2, implement HTTPS two-way authentication, Upgrade to patched releases, implement rate limiting and monitoring for unusual patterns in priority header usage, set up memory monitoring alerts, consider temporarily disabling HTTP/2 support on critical instances., Upgrade to Parquet Java 1.15.2, Set org.apache.parquet.avro.SERIALIZABLE_PACKAGES to an empty string, Upgrade and implement security measures.
What Do We Measure?
Every week, Rankiteo analyzes billions of signals to give organizations a sharper, faster view of emerging risks. With deeper, more actionable intelligence at their fingertips, security teams can outpace threat actors, respond instantly to Zero-Day attacks, and dramatically shrink their risk exposure window.
These are some of the factors we use to calculate the overall score:
Identify exposed access points, detect misconfigured SSL certificates, and uncover vulnerabilities across the network infrastructure.
Gain visibility into the software components used within an organization to detect vulnerabilities, manage risk, and ensure supply chain security.
Monitor and manage all IT assets and their configurations to ensure accurate, real-time visibility across the company's technology environment.
Leverage real-time insights on active threats, malware campaigns, and emerging vulnerabilities to proactively defend against evolving cyberattacks.
