Total
39 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2020-5398 | 3 Netapp, Oracle, Vmware | 33 Data Availability Services, Snapcenter, Application Testing Suite and 30 more | 2024-02-28 | 7.6 HIGH | 7.5 HIGH |
| In Spring Framework, versions 5.2.x prior to 5.2.3, versions 5.1.x prior to 5.1.13, and versions 5.0.x prior to 5.0.16, an application is vulnerable to a reflected file download (RFD) attack when it sets a "Content-Disposition" header in the response where the filename attribute is derived from user supplied input. | |||||
| CVE-2019-12423 | 2 Apache, Oracle | 8 Cxf, Commerce Guided Search, Communications Diameter Signaling Router and 5 more | 2024-02-28 | 4.3 MEDIUM | 7.5 HIGH |
| Apache CXF ships with a OpenId Connect JWK Keys service, which allows a client to obtain the public keys in JWK format, which can then be used to verify the signature of tokens issued by the service. Typically, the service obtains the public key from a local keystore (JKS/PKCS12) by specifing the path of the keystore and the alias of the keystore entry. This case is not vulnerable. However it is also possible to obtain the keys from a JWK keystore file, by setting the configuration parameter "rs.security.keystore.type" to "jwk". For this case all keys are returned in this file "as is", including all private key and secret key credentials. This is an obvious security risk if the user has configured the signature keystore file with private or secret key credentials. From CXF 3.3.5 and 3.2.12, it is mandatory to specify an alias corresponding to the id of the key in the JWK file, and only this key is returned. In addition, any private key information is omitted by default. "oct" keys, which contain secret keys, are not returned at all. | |||||
| CVE-2019-10219 | 3 Netapp, Oracle, Redhat | 195 Active Iq Unified Manager, Element, Management Services For Element Software And Netapp Hci and 192 more | 2024-02-28 | 4.3 MEDIUM | 6.1 MEDIUM |
| A vulnerability was found in Hibernate-Validator. The SafeHtml validator annotation fails to properly sanitize payloads consisting of potentially malicious code in HTML comments and instructions. This vulnerability can result in an XSS attack. | |||||
| CVE-2019-12415 | 2 Apache, Oracle | 27 Poi, Application Testing Suite, Banking Enterprise Originations and 24 more | 2024-02-28 | 2.1 LOW | 5.5 MEDIUM |
| In Apache POI up to 4.1.0, when using the tool XSSFExportToXml to convert user-provided Microsoft Excel documents, a specially crafted document can allow an attacker to read files from the local filesystem or from internal network resources via XML External Entity (XXE) Processing. | |||||
| CVE-2019-17573 | 2 Apache, Oracle | 7 Cxf, Commerce Guided Search, Communications Element Manager and 4 more | 2024-02-28 | 4.3 MEDIUM | 6.1 MEDIUM |
| By default, Apache CXF creates a /services page containing a listing of the available endpoint names and addresses. This webpage is vulnerable to a reflected Cross-Site Scripting (XSS) attack, which allows a malicious actor to inject javascript into the web page. Please note that the attack exploits a feature which is not typically not present in modern browsers, who remove dot segments before sending the request. However, Mobile applications may be vulnerable. | |||||
| CVE-2019-12419 | 2 Apache, Oracle | 5 Cxf, Commerce Guided Search, Enterprise Manager Base Platform and 2 more | 2024-02-28 | 7.5 HIGH | 9.8 CRITICAL |
| Apache CXF before 3.3.4 and 3.2.11 provides all of the components that are required to build a fully fledged OpenId Connect service. There is a vulnerability in the access token services, where it does not validate that the authenticated principal is equal to that of the supplied clientId parameter in the request. If a malicious client was able to somehow steal an authorization code issued to another client, then they could exploit this vulnerability to obtain an access token for the other client. | |||||
| CVE-2020-1935 | 6 Apache, Canonical, Debian and 3 more | 20 Tomcat, Ubuntu Linux, Debian Linux and 17 more | 2024-02-28 | 5.8 MEDIUM | 4.8 MEDIUM |
| In Apache Tomcat 9.0.0.M1 to 9.0.30, 8.5.0 to 8.5.50 and 7.0.0 to 7.0.99 the HTTP header parsing code used an approach to end-of-line parsing that allowed some invalid HTTP headers to be parsed as valid. This led to a possibility of HTTP Request Smuggling if Tomcat was located behind a reverse proxy that incorrectly handled the invalid Transfer-Encoding header in a particular manner. Such a reverse proxy is considered unlikely. | |||||
| CVE-2019-13990 | 5 Apache, Atlassian, Netapp and 2 more | 31 Tomee, Jira Service Management, Active Iq Unified Manager and 28 more | 2024-02-28 | 7.5 HIGH | 9.8 CRITICAL |
| initDocumentParser in xml/XMLSchedulingDataProcessor.java in Terracotta Quartz Scheduler through 2.3.0 allows XXE attacks via a job description. | |||||
| CVE-2018-8034 | 4 Apache, Canonical, Debian and 1 more | 4 Tomcat, Ubuntu Linux, Debian Linux and 1 more | 2024-02-28 | 5.0 MEDIUM | 7.5 HIGH |
| The host name verification when using TLS with the WebSocket client was missing. It is now enabled by default. Versions Affected: Apache Tomcat 9.0.0.M1 to 9.0.9, 8.5.0 to 8.5.31, 8.0.0.RC1 to 8.0.52, and 7.0.35 to 7.0.88. | |||||
| CVE-2018-11784 | 6 Apache, Canonical, Debian and 3 more | 15 Tomcat, Ubuntu Linux, Debian Linux and 12 more | 2024-02-28 | 4.3 MEDIUM | 4.3 MEDIUM |
| When the default servlet in Apache Tomcat versions 9.0.0.M1 to 9.0.11, 8.5.0 to 8.5.33 and 7.0.23 to 7.0.90 returned a redirect to a directory (e.g. redirecting to '/foo/' when the user requested '/foo') a specially crafted URL could be used to cause the redirect to be generated to any URI of the attackers choice. | |||||
| CVE-2018-15756 | 3 Debian, Oracle, Vmware | 40 Debian Linux, Agile Plm, Communications Brm - Elastic Charging Engine and 37 more | 2024-02-28 | 5.0 MEDIUM | 7.5 HIGH |
| Spring Framework, version 5.1, versions 5.0.x prior to 5.0.10, versions 4.3.x prior to 4.3.20, and older unsupported versions on the 4.2.x branch provide support for range requests when serving static resources through the ResourceHttpRequestHandler, or starting in 5.0 when an annotated controller returns an org.springframework.core.io.Resource. A malicious user (or attacker) can add a range header with a high number of ranges, or with wide ranges that overlap, or both, for a denial of service attack. This vulnerability affects applications that depend on either spring-webmvc or spring-webflux. Such applications must also have a registration for serving static resources (e.g. JS, CSS, images, and others), or have an annotated controller that returns an org.springframework.core.io.Resource. Spring Boot applications that depend on spring-boot-starter-web or spring-boot-starter-webflux are ready to serve static resources out of the box and are therefore vulnerable. | |||||
| CVE-2018-1275 | 2 Oracle, Vmware | 19 Application Testing Suite, Big Data Discovery, Communications Converged Application Server and 16 more | 2024-02-28 | 7.5 HIGH | 9.8 CRITICAL |
| Spring Framework, versions 5.0 prior to 5.0.5 and versions 4.3 prior to 4.3.16 and older unsupported versions, allow applications to expose STOMP over WebSocket endpoints with a simple, in-memory STOMP broker through the spring-messaging module. A malicious user (or attacker) can craft a message to the broker that can lead to a remote code execution attack. This CVE addresses the partial fix for CVE-2018-1270 in the 4.3.x branch of the Spring Framework. | |||||
| CVE-2018-1272 | 2 Oracle, Vmware | 25 Application Testing Suite, Big Data Discovery, Communications Converged Application Server and 22 more | 2024-02-28 | 6.0 MEDIUM | 7.5 HIGH |
| Spring Framework, versions 5.0 prior to 5.0.5 and versions 4.3 prior to 4.3.15 and older unsupported versions, provide client-side support for multipart requests. When Spring MVC or Spring WebFlux server application (server A) receives input from a remote client, and then uses that input to make a multipart request to another server (server B), it can be exposed to an attack, where an extra multipart is inserted in the content of the request from server A, causing server B to use the wrong value for a part it expects. This could to lead privilege escalation, for example, if the part content represents a username or user roles. | |||||
| CVE-2018-1270 | 4 Debian, Oracle, Redhat and 1 more | 28 Debian Linux, Application Testing Suite, Big Data Discovery and 25 more | 2024-02-28 | 7.5 HIGH | 9.8 CRITICAL |
| Spring Framework, versions 5.0 prior to 5.0.5 and versions 4.3 prior to 4.3.15 and older unsupported versions, allow applications to expose STOMP over WebSocket endpoints with a simple, in-memory STOMP broker through the spring-messaging module. A malicious user (or attacker) can craft a message to the broker that can lead to a remote code execution attack. | |||||
| CVE-2018-1257 | 3 Oracle, Redhat, Vmware | 30 Agile Product Lifecycle Management, Application Testing Suite, Big Data Discovery and 27 more | 2024-02-28 | 4.0 MEDIUM | 6.5 MEDIUM |
| Spring Framework, versions 5.0.x prior to 5.0.6, versions 4.3.x prior to 4.3.17, and older unsupported versions allows applications to expose STOMP over WebSocket endpoints with a simple, in-memory STOMP broker through the spring-messaging module. A malicious user (or attacker) can craft a message to the broker that can lead to a regular expression, denial of service attack. | |||||
| CVE-2018-1271 | 2 Oracle, Vmware | 28 Application Testing Suite, Big Data Discovery, Communications Converged Application Server and 25 more | 2024-02-28 | 4.3 MEDIUM | 5.9 MEDIUM |
| Spring Framework, versions 5.0 prior to 5.0.5 and versions 4.3 prior to 4.3.15 and older unsupported versions, allow applications to configure Spring MVC to serve static resources (e.g. CSS, JS, images). When static resources are served from a file system on Windows (as opposed to the classpath, or the ServletContext), a malicious user can send a request using a specially crafted URL that can lead a directory traversal attack. | |||||
| CVE-2018-8013 | 4 Apache, Canonical, Debian and 1 more | 21 Batik, Ubuntu Linux, Debian Linux and 18 more | 2024-02-28 | 7.5 HIGH | 9.8 CRITICAL |
| In Apache Batik 1.x before 1.10, when deserializing subclass of `AbstractDocument`, the class takes a string from the inputStream as the class name which then use it to call the no-arg constructor of the class. Fix was to check the class type before calling newInstance in deserialization. | |||||
| CVE-2017-15707 | 3 Apache, Netapp, Oracle | 12 Struts, Oncommand Balance, Agile Plm Framework and 9 more | 2024-02-28 | 5.0 MEDIUM | 6.2 MEDIUM |
| In Apache Struts 2.5 to 2.5.14, the REST Plugin is using an outdated JSON-lib library which is vulnerable and allow perform a DoS attack using malicious request with specially crafted JSON payload. | |||||
| CVE-2016-3565 | 1 Oracle | 1 Retail Order Broker | 2024-02-28 | 6.5 MEDIUM | 7.6 HIGH |
| Unspecified vulnerability in the Oracle Retail Order Broker component in Oracle Retail Applications 5.1 and 5.2 allows remote authenticated users to affect confidentiality, integrity, and availability via vectors related to System Administration. | |||||