Close Menu
World Forbes – Business, Tech, AI & Global Insights
  • Home
  • AI
  • Billionaires
  • Business
  • Cybersecurity
  • Education
    • Innovation
  • Money
  • Small Business
  • Sports
  • Trump
What's Hot

Sam Altman apparently does not respect olive oil

May 12, 2025

Equifax launches mobile app to help consumers track credit scores and improve financial health

May 12, 2025

Creditspring teams up with Doshi to boost UK borrowers’ financial literacy

May 12, 2025
Facebook X (Twitter) Instagram
Trending
  • Sam Altman apparently does not respect olive oil
  • Equifax launches mobile app to help consumers track credit scores and improve financial health
  • Creditspring teams up with Doshi to boost UK borrowers’ financial literacy
  • Google’s Gemma AI models surpass 150M downloads
  • Trump visits Saudi Arabia, Qatar, UAE: What to know | Donald Trump News
  • Google Agrees to $1.3 Billion Settlement in Texas Privacy Lawsuits
  • 437,000 Impacted by Ascension Health Data Breach
  • This American VC is betting on European defense tech; that’s still very unusual
World Forbes – Business, Tech, AI & Global InsightsWorld Forbes – Business, Tech, AI & Global Insights
Monday, May 12
  • Home
  • AI
  • Billionaires
  • Business
  • Cybersecurity
  • Education
    • Innovation
  • Money
  • Small Business
  • Sports
  • Trump
World Forbes – Business, Tech, AI & Global Insights
Home » Critical Vulnerability Found in Apache Roller Blog Server
Cybersecurity

Critical Vulnerability Found in Apache Roller Blog Server

adminBy adminApril 16, 2025No Comments2 Mins Read
Facebook Twitter Pinterest LinkedIn Tumblr WhatsApp Telegram Email
Share
Facebook Twitter LinkedIn Pinterest Email
Post Views: 26


A critical vulnerability in Apache Roller could allow attackers to abuse previous sessions to maintain persistent access even after password changes.

An open source, Java-based blog server, Roller includes a content management system, multi-user support with three permission levels, integrated search, and support for templates and themes.

Last week, Apache warned that Roller version 6.1.5 was released with patches for a critical-severity bug in the software’s session management functionality that resulted in active user sessions not being properly invalidated.

Tracked as CVE-2025-24859 (CVSS score of 10/10), the issue resulted in existing sessions remaining active even after the users changed their passwords. These sessions, Apache warned, could be used to maintain persistent access to the server.

“This allows continued access to the application through old sessions even after password changes, potentially enabling unauthorized access if credentials were compromised,” Apache explains.

All Roller versions up to and including 6.1.4 are affected by the security defect. Roller version 6.1.5 comes with a centralized session management improvement to properly invalidate all active sessions upon password changes or when a user account is disabled.

According to the release notes, the latest Roller iteration implements RollerLoginSessionManager for better session tracking and improves cache handling for user sessions.

This is the second critical-severity vulnerability with a maximum severity rating that Apache has resolved over the past two weeks, after patching CVE-2025-30065 in Apache Parquet.

Advertisement. Scroll to continue reading.

Described as the deserialization of untrusted data in the parquet-avro module, the Parquet bug could be exploited remotely for arbitrary code execution, potentially leading to complete system takeover.

Related: Exploit Code for Apache Tomcat RCE Vulnerability Published on Chinese Forum

Related: CISA Urges Urgent Patching for Exploited CentreStack, Windows Zero-Days

Related: Vulnerabilities Patched by Ivanti, VMware, Zoom

Related: Exploitation of Recent Critical Apache Struts 2 Flaw Begins



Source link

Share. Facebook Twitter Pinterest LinkedIn Tumblr Email
admin
  • Website

Related Posts

Google Agrees to $1.3 Billion Settlement in Texas Privacy Lawsuits

May 12, 2025

437,000 Impacted by Ascension Health Data Breach

May 12, 2025

Asus DriverHub Vulnerabilities Expose Users to Remote Code Execution Attacks

May 12, 2025

US Deportation Airline GlobalX Confirms Hack

May 12, 2025

German Authorities Take Down Crypto Swapping Service eXch

May 12, 2025

US Announces Botnet Takedown, Charges Against Russian Administrators

May 12, 2025
Add A Comment
Leave A Reply Cancel Reply

Don't Miss
Billionaires

Skechers’ Greenbergs Set To Pocket Up To $1.1 Billion From Sale To 3G

May 6, 2025

Skechers founders Robert Greenberg (left) and Michael Greenberg (right) started the brand more than 30…

Trump Organization Admits President Still Controls His Business

May 6, 2025

Forbes Richest Person In Every State 2025

April 30, 2025

These Billionaire Signers Of The Giving Pledge Signers On Why The Philanthropy Group Still Matters

April 29, 2025
Our Picks

Sam Altman apparently does not respect olive oil

May 12, 2025

Equifax launches mobile app to help consumers track credit scores and improve financial health

May 12, 2025

Creditspring teams up with Doshi to boost UK borrowers’ financial literacy

May 12, 2025

Google’s Gemma AI models surpass 150M downloads

May 12, 2025

Subscribe to Updates

Subscribe to our newsletter and never miss our latest news

Subscribe my Newsletter for New Posts & tips Let's stay updated!

About Us
About Us

Welcome to World-Forbes.com
At World-Forbes.com, we bring you the latest insights, trends, and analysis across various industries, empowering our readers with valuable knowledge. Our platform is dedicated to covering a wide range of topics, including sports, small business, business, technology, AI, cybersecurity, and lifestyle.

Our Picks

Sam Altman apparently does not respect olive oil

May 12, 2025

Google’s Gemma AI models surpass 150M downloads

May 12, 2025

This American VC is betting on European defense tech; that’s still very unusual

May 12, 2025

Subscribe to Updates

Subscribe to our newsletter and never miss our latest news

Subscribe my Newsletter for New Posts & tips Let's stay updated!

Facebook X (Twitter) Instagram Pinterest
  • Home
  • About Us
  • Advertise With Us
  • Contact Us
  • DMCA Policy
  • Privacy Policy
  • Terms & Conditions
© 2025 world-forbes. Designed by world-forbes.

Type above and press Enter to search. Press Esc to cancel.