Orangetw

**Name of the Vulnerable Software and Affected Versions** ModSecurity versions 2.9.11 and below **Description** ModSecurity is a web application firewall engine for Apache, IIS, and Nginx. An attacker can override the HTTP response’s Content-Type, potentially leading to issues such as cross-site scripting (XSS) and arbitrary script source code disclosure. **Recommendations** Update to version 2.9.12 or later.

**Name of the Vulnerable Software and Affected Versions** PHP versions 8.1.0 through 8.1.28 PHP versions 8.2.0 through 8.2.19 PHP versions 8.3.0 through 8.3.7 **Description** An argument injection issue exists in PHP when using Apache and PHP-CGI on Windows. The flaw occurs because the Windows implementation of PHP does not account for "Best-Fit" behavior, where Unicode characters are converted to the closest matching ANSI characters based on specific system code pages. A remote attacker can send specially crafted HTTP requests containing specific character sequences that the PHP CGI module misinterprets as PHP options. This allows the attacker to pass arguments to the PHP binary, potentially revealing script source code or achieving remote code execution (RCE). Real-world exploitation has been observed globally, including in Japan, Taiwan, Hong Kong, the USA, UK, Singapore, Indonesia, India, Spain, and Malaysia. Attackers have used this flaw to deploy the Msupedge backdoor, Quasar RAT, and XMRig cryptocurrency miners. In some campaigns, such as the Contagious Interview campaign targeting developers, this vulnerability was found in XAMPP server configurations. Attackers have also been observed using tools like JuicyPotato to escalate privileges and Cobalt Strike TaoWu plugins to create malicious services. **Recommendations** Update PHP version 8.1.x to 8.1.29. Update PHP version 8.2.x to 8.2.20. Update PHP version 8.3.x to 8.3.8. As a temporary mitigation, avoid running PHP in CGI mode.

**Name of the Vulnerable Software and Affected Versions** Microsoft Exchange Server versions 2013 through 2019 **Description** The issue is related to errors in code generation management, allowing a remote attacker to execute arbitrary code. This can impact the system. The estimated number of potentially affected devices worldwide is not specified. There have been real-world incidents where this issue was exploited, including a critical MS Exchange ProxyShell attack. **Recommendations** For Microsoft Exchange Server versions 2013 through 2019, update to a version that contains a fix for this issue. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Microsoft Exchange Server versions 2013 through 2019 **Description** The issue is related to errors in privilege management, allowing an attacker to elevate their privileges. This can affect the system and potentially lead to remote code execution due to improper authentication in Microsoft Exchange Server's PowerShell. **Recommendations** For Microsoft Exchange Server versions 2013 through 2019, consider restricting access to the PowerShell module to minimize the risk of exploitation until a patch is available. As a temporary workaround, consider disabling the vulnerable authentication mechanism in the PowerShell interface until a fix is provided. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Western Digital My Cloud OS 5 versions prior to 5.07.118 **Description** An issue was discovered that could allow an unauthenticated user to gain access to the device due to a NAS Admin authentication bypass. This could potentially lead to unauthorized access. **Recommendations** For versions prior to 5.07.118, update to version 5.07.118 or later to resolve the issue.

**Name of the Vulnerable Software and Affected Versions** Sinatra versions 2.0.0 through 2.0.1 **Description** An issue was discovered in the rack-protection/lib/rack/protection/path traversal.rb file. Path traversal is possible via backslash characters. **Recommendations** For Sinatra versions 2.0.0 through 2.0.1, update to version 2.0.1 or later to resolve the issue.