Home » Tags

RCE

🔥 Featured Posts

How to Block ECH and Mitigate DoH in Enterprise Networks

How to Block ECH and Mitigate DoH in Enterprise Networks

A hands-on guide using dnsmasq to filter SVCB and HTTPS records for disabling ECH and enforcing central DNS policies. Notes that DoH requires separate network-layer policies.

Review of Citrix Security Policy Effectiveness

Review of Citrix Security Policy Effectiveness

Citrix administrators apply security policies to each user’s VDI (Virtual Desktop Infrastructure) through Citrix Group Policy. However, certain structural vulnerabilities in Citrix CSE (Citrix Service Engine) and the Citrix VDI Agent allow for potential bypassing of these security policies.

Security threats and mitigation strategies for java reflection

Security threats and mitigation strategies for java reflection

The **Java Reflection API** is a powerful tool that allows dynamic manipulation of classes, methods, and interfaces at runtime. However, due to its flexibility, it introduces significant security risks, as attackers can exploit it to gain unauthorized access to systems. In this article, we will explore the security threats posed by Java Reflection and outline strategies to mitigate these risks.

CVE-2019-17570 Apache XML-RPC Vulnerability Analysis Report

A detailed analysis of the CVE-2019-17570 deserialization vulnerability in the Apache XML-RPC library, including patching methods and secure implementation practices.

April 24, 2025 · 2 min · 360 words

XML-RPC Security Vulnerabilities Analysis and Mitigation Strategies

Summary Overview of XML-RPC Vulnerabilities: As a lightweight remote call protocol for inter-system communication, XML-RPC is exposed to various threats such as RCE, XXE, DDoS, and privilege escalation. Notable Cases: NodeBB (CVE-2023-43187), Apache OFBiz (CVE-2020-9496), PHP XML-RPC (CVE-2005-1921), etc. Real-World Use Cases: In addition to WordPress, Bugzilla, ManageEngine, and Apache OFBiz, XML-RPC is still used in some legacy systems. Mitigation Strategies: Disabling XML-RPC, enhancing input validation, reinforcing authentication systems, applying up-to-date security patches, implementing access control, and deploying WAFs. What is XML-RPC? XML-RPC (XML Remote Procedure Call) is a remote procedure call protocol that uses XML as its data format and HTTP as its transport mechanism. Proposed jointly by Dave Winer and Microsoft in 1998, it was designed to simplify cross-platform communication. ...

March 28, 2025 · 4 min · 657 words