715 matches found
CVE-2019-0189
The java.io.ObjectInputStream is known to cause Java serialisation issues. This issue here is exposed by the "webtools/control/httpService" URL, and uses Java deserialization to perform code execution. In the HttpEngine, the value of the request parameter "serviceContext" is passed to the...
CVE-2019-0189
The CVE-2019-0189 issue affects Apache OFBiz via two dependencies (commons-beanutils and an outdated commons-fileupload). It uses Java deserialization in the HttpEngine: the request parameter serviceContext is passed to XmlSerializer.deserialize, enabling remote code execution through java.io.Obj...
Apache Struts 2.x < 2.3.16.1 Multiple Vulnerabilities (S2-020) - Linux
Apache Struts is prone to multiple vulnerabilities. This VT has been deprecated and merged into the VT SPDX-FileCopyrightText: 2019 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier:...
Oracle Application Testing Suite Multiple Vulnerabilities (Jul 2019 CPU)
The version of Oracle Application Testing Suite installed on the remote host is affected by multiple vulnerabilities: - A deserialization vulnerability exists in Apache Commons FileUpload library. An unauthenticated, remote attacker can exploit this, via customized Java serialised object, to...
Security Bulletin: Multiple vulnerabilities in Apache Commons FileUpload affect IBM InfoSphere Information Server
Summary Multiple vulnerabilities in Apache Commons FileUpload used by IBM InfoSphere Information Server was addressed. Vulnerability Details CVEID: CVE-2016-3092 DESCRIPTION: Apache Tomcat is vulnerable to a denial of service, caused by an error in the Apache Commons FileUpload component. By...
openSUSE: Security Advisory for jakarta-commons-fileupload (openSUSE-SU-2019:1399-1)
The remote host is missing an update for the Copyright C 2019 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This program is free software; you can...
OPENSUSE-SU-2019:1399-1 Security update for jakarta-commons-fileupload
This update for jakarta-commons-fileupload fixes the following issue: Security issue fixed: - CVE-2016-1000031: Fixed remote execution bsc1128963, bsc1128829. This update was imported from the SUSE:SLE-15:Update update project...
Oracle Enterprise Manager Ops Center (Apr 2019 CPU)
The version of Oracle Enterprise Manager Cloud Control installed on the remote host is affected by multiple vulnerabilities in Enterprise Manager Base Platform component: - A deserialization vulnerability in Apache Commons FileUpload allows for remote code execution. CVE-2016-1000031 - An...
Security update for jakarta-commons-fileupload (important)
openSUSE Security Update: Security update for jakarta-commons-fileupload Announcement ID: openSUSE-SU-2019:1399-1 Rating: important References: 1128829 1128963 Cross-References: CVE-2016-1000031 Affected Products: openSUSE Leap 15.0 An update that solves one vulnerability and has one errata is no...
Security Bulletin: Tivoli Composite Application Manager for Application Diagnostics Managing Server vulnerability (CVE-2014-0050)
Summary The following security vulnerability has been resolved in the ITCAM for Application Diagnostics Managing Server. This vunlerability could have caused the denial of service. Vulnerability Details CVE ID: CVE-2014-0050 DESCRIPTION: Apache Commons FileUpload and Tomcat are vulnerable to a...
SUSE-SU-2019:1214-1 Security update for jakarta-commons-fileupload
This update for jakarta-commons-fileupload fixes the following issue: Security issue fixed: - CVE-2016-1000031: Fixed remote execution bsc1128963, bsc1128829...
SUSE-SU-2019:14044-1 Security update for jakarta-commons-fileupload
This update for jakarta-commons-fileupload fixes the following issue: Security issue fixed: - CVE-2016-1000031: Fixed remote execution bsc1128963, bsc1128829...
SUSE-SU-2019:1212-1 Security update for jakarta-commons-fileupload
This update for jakarta-commons-fileupload fixes the following issue: Security issue fixed: - CVE-2016-1000031: Fixed remote execution bsc1128963, bsc1128829...
Oracle Primavera P6 Enterprise Project Portfolio Management (EPPM) Multiple Vulnerabilities (Apr 2019 CPU)
According to its self-reported version number, the Oracle Primavera P6 Enterprise Project Portfolio Management EPPM installation running on the remote web server is 8.4 prior to 8.4.15.10, 15.x prior to 15.2.18.4, 16.x prior to 16.2.17.2, 17.x prior to 17.12.12.0, or 18.x prior to 18.8.8.0. It is...
Oracle Primavera Unifier Multiple Vulnerabilities (Apr 2019 CPU)
According to its self-reported version number, the Oracle Primavera Unifier installation running on the remote web server is 16.x prior to 16.2.15.7 or 17.7.x prior to 17.12.10 or 18.x prior to 18.8.6. It is, therefore, affected by multiple vulnerabilities: - A deserialization vulnerability in...
Fisheye had a vulnerable version of Apache Commons FileUpload - CVE-2016-1000031
The DiskFileItem class from the Apache Commons FileUpload library before version 1.3.3 was vulnerable to CVE-2016-1000031. Atlassian Fisheye was using a vulnerable version of this library, although not the DiskFileItem class. Fisheye has been updated to use the safe version of the Apache Commons...
Fisheye had a vulnerable version of Apache Commons FileUpload - CVE-2016-1000031
The DiskFileItem class from the Apache Commons FileUpload library before version 1.3.3 was vulnerable to CVE-2016-1000031. Atlassian Fisheye was using a vulnerable version of this library, although not the DiskFileItem class. Fisheye has been updated to use the safe version of the Apache Commons...
Crucible had a vulnerable version of Apache Commons FileUpload - CVE-2016-1000031
The DiskFileItem class from the Apache Commons FileUpload library before version 1.3.3 was vulnerable to CVE-2016-1000031. Atlassian Crucible was using a vulnerable version of this library, although not the DiskFileItem class. Crucible has been updated to use the safe version of the Apache...
Crucible had a vulnerable version of Apache Commons FileUpload - CVE-2016-1000031
The DiskFileItem class from the Apache Commons FileUpload library before version 1.3.3 was vulnerable to CVE-2016-1000031. Atlassian Crucible was using a vulnerable version of this library, although not the DiskFileItem class. Crucible has been updated to use the safe version of the Apache...
Apache Struts 2 Commons FileUpload Insecure Deserialization (CVE-2016-1000031)
An insecure deserialization vulnerability exists in Apache Struts 2. This vulnerability is due to Apache Struts 2 having a dependency on a vulnerable version of Commons FileUpload. Successful exploitation can result in arbitrary file upload within the security context of the target application...