Prismo Blog

Analysis of CVE-2019-2030: OGNL Expression Language Vulnerability

by Manish Sardiwal   In mid of August, Apache released a security bulletin S2-059 to address a vulnerability CVE-2019-0230. CVE-2019-0230 is an OGNL expression language vulnerability, which may lead to Remote Code Execution in the context of Apache...

Analysis of CVE-2020-9484: Persistent Manager Java Deserialization Vulnerability

  CVE-2020-9484 is a recently disclosed vulnerability in Apache. The vulnerability resides in how Apache Tomcat handles HTTP sessions. The first part of the blog details the handling of HTTP sessions for web applications. Followed by which we...

Detection of Vulnerabilities in Web Applications – Server-Side Request Forgery

By Abhishek Singh and Ramesh Mani In 2019 the server-side request forgery exploitation technique [1] was used to retrieve AWS (Amazon Web Services) credentials that were subsequently used to steal the personal information of over 100 million Capital...

Detection of Vulnerabilities in Web Applications – OS Command Injection

By Abhishek Singh and Ramesh Mani Web injection exploitation has ruled as the top web application vulnerability for a decade. “Security Vulnerabilities in Network Accessible Services” report was published by Independent Security Evaluators ISE[1]....