Lucene search
K

4458 matches found

OSV
OSV
added 2014/02/07 12:0 a.m.2 views

UBUNTU-CVE-2014-0050

MultipartStream.java in Apache Commons FileUpload before 1.3.1, as used in Apache Tomcat, JBoss Web, and other products, allows remote attackers to cause a denial of service infinite loop and CPU consumption via a crafted Content-Type header that bypasses a loop's intended exit conditions...

7.5CVSS7.2AI score0.83175EPSS
Exploits8References4
Kitploit
Kitploit
added 2014/01/14 4:39 a.m.26 views

[Xplico 1.1.0] Open Source Network Forensic Analysis Tool (NFAT)

The goal of Xplico is extract from an internet traffic capture the applications data contained. For example, from a pcap file Xplico extracts each email POP, IMAP, and SMTP protocols, all HTTP contents, each VoIP call SIP, FTP, TFTP, and so on. Xplico isn’t a network protocol analyzer. Xplico is ...

7AI score
Exploits0
Debian
Debian
added 2013/12/24 5:38 a.m.42 views

[SECURITY] [DSA 2827-1] libcommons-fileupload-java security update

------------------------------------------------------------------------- Debian Security Advisory DSA-2827-1 [email protected] http://www.debian.org/security/ Salvatore Bonaccorso December 24, 2013 http://www.debian.org/security/faq -...

7.5CVSS7.7AI score0.12768EPSS
Exploits0
Tenable Nessus
Tenable Nessus
added 2013/12/24 12:0 a.m.38 views

Debian DSA-2827-1 : libcommons-fileupload-java - arbitrary file upload via deserialization

It was discovered that Apache Commons FileUpload, a package to make it easy to add robust, high-performance, file upload capability to servlets and web applications, incorrectly handled file names with NULL bytes in serialized instances. A remote attacker able to supply a serialized instance of t...

7.5CVSS7.3AI score0.12768EPSS
Exploits0References6
OpenVAS
OpenVAS
added 2013/12/24 12:0 a.m.41 views

Debian Security Advisory DSA 2827-1 (libcommons-fileupload-java - arbitrary file upload via deserialization)

It was discovered that Apache Commons FileUpload, a package to make it easy to add robust, high-performance, file upload capability to servlets and web applications, incorrectly handled file names with NULL bytes in serialized instances. A remote attacker able to supply a serialized instance of t...

7.5CVSS7.8AI score0.12768EPSS
Exploits0References1
OSV
OSV
added 2013/12/24 12:0 a.m.14 views

DSA-2827-1 libcommons-fileupload-java - arbitrary file upload via deserialization

Bulletin has no description...

7.5CVSS9.4AI score0.12768EPSS
Exploits0
OpenVAS
OpenVAS
added 2013/12/23 12:0 a.m.28 views

Debian: Security Advisory (DSA-2827-1)

The remote host is missing an update for the Debian SPDX-FileCopyrightText: 2013 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

7.5CVSS8.7AI score0.12768EPSS
Exploits0References3
RedHat Linux
RedHat Linux
added 2013/12/17 6:30 p.m.2 views

jakarta-commons-httpclient: missing connection hostname check against X.509 certificate name

It was found that Apache Commons HttpClient 3.x, as used in Amazon Flexible Payments Service FPS merchant Java SDK and other products, does not verify that the server hostname matches a domain name in the subject's Common Name CN or subjectAltName field of the X.509 certificate, which allows...

5.8CVSS7.2AI score0.09254EPSS
Exploits0References4
securityvulns
securityvulns
added 2013/12/09 12:0 a.m.106 views

[USN-2029-1] Apache Commons FileUpload vulnerability

========================================================================== Ubuntu Security Notice USN-2029-1 November 13, 2013 libcommons-fileupload-java vulnerability ========================================================================== A security issue affects these releases of Ubuntu and...

7.5CVSS0.4AI score0.12768EPSS
Exploits0
OpenVAS
OpenVAS
added 2013/11/18 12:0 a.m.36 views

Ubuntu Update for libcommons-fileupload-java USN-2029-1

Check for the Version of libcommons-fileupload-java OpenVAS Vulnerability Test $Id: gbubuntuUSN20291.nasl 8650 2018-02-03 12:16:59Z teissa $ Ubuntu Update for libcommons-fileupload-java USN-2029-1 Authors: System Generated Check Copyright: Copyright C 2013 Greenbone Networks GmbH,...

7.5CVSS7.8AI score0.12768EPSS
Exploits0References2
OpenVAS
OpenVAS
added 2013/11/18 12:0 a.m.34 views

Ubuntu: Security Advisory (USN-2029-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2013 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

7.5CVSS8.7AI score0.12768EPSS
Exploits0References2
Ubuntu
Ubuntu
added 2013/11/13 3:11 p.m.62 views

USN-2029-1: Apache Commons FileUpload vulnerability

It was discovered that Apache Commons FileUpload incorrectly handled file names with NULL bytes in serialized instances. An attacker could use this issue to possibly write to arbitrary files...

7.5CVSS7.5AI score0.12768EPSS
Exploits0
Tenable Nessus
Tenable Nessus
added 2013/11/13 12:0 a.m.32 views

Ubuntu 10.04 LTS : libcommons-fileupload-java vulnerability (USN-2029-1)

It was discovered that Apache Commons FileUpload incorrectly handled file names with NULL bytes in serialized instances. An attacker could use this issue to possibly write to arbitrary files. Note that Tenable Network Security has extracted the preceding description block directly from the Ubuntu...

7.5CVSS7.5AI score0.12768EPSS
Exploits0References3
Tenable Nessus
Tenable Nessus
added 2013/11/13 12:0 a.m.45 views

SuSE 11.2 / 11.3 Security Update : jakarta-commons-fileupload (SAT Patch Numbers 8445 / 8446)

jakarta-commons-fileupload received a security fix : - A poison null byte flaw was found in the implementation of the DiskFileItem class. A remote attacker could able to supply a serialized instance of the DiskFileItem class, which would be deserialized on a server, could use this flaw to write...

7.5CVSS7.3AI score0.12768EPSS
Exploits0References3
OSV
OSV
added 2013/10/28 9:55 p.m.9 views

CVE-2013-2186

The DiskFileItem class in Apache Commons FileUpload, as used in Red Hat JBoss BRMS 5.3.1; JBoss Portal 4.3 CP07, 5.2.2, and 6.0.0; and Red Hat JBoss Web Server 1.0.2 allows remote attackers to write to arbitrary files via a NULL byte in a file name in a serialized instance...

9.2AI score
Exploits0References19
NVD
NVD
added 2013/10/28 9:55 p.m.32 views

CVE-2013-2186

The DiskFileItem class in Apache Commons FileUpload, as used in Red Hat JBoss BRMS 5.3.1; JBoss Portal 4.3 CP07, 5.2.2, and 6.0.0; and Red Hat JBoss Web Server 1.0.2 allows remote attackers to write to arbitrary files via a NULL byte in a file name in a serialized instance...

7.5CVSS7.5AI score0.12768EPSS
Exploits0References19
OSV
OSV
added 2013/10/28 9:55 p.m.2 views

DEBIAN-CVE-2013-2186

The DiskFileItem class in Apache Commons FileUpload, as used in Red Hat JBoss BRMS 5.3.1; JBoss Portal 4.3 CP07, 5.2.2, and 6.0.0; and Red Hat JBoss Web Server 1.0.2 allows remote attackers to write to arbitrary files via a NULL byte in a file name in a serialized instance...

7.5CVSS7.3AI score0.12768EPSS
Exploits0References1
Prion
Prion
added 2013/10/28 9:55 p.m.25 views

Design/Logic Flaw

The DiskFileItem class in Apache Commons FileUpload, as used in Red Hat JBoss BRMS 5.3.1; JBoss Portal 4.3 CP07, 5.2.2, and 6.0.0; and Red Hat JBoss Web Server 1.0.2 allows remote attackers to write to arbitrary files via a NULL byte in a file name in a serialized instance...

7.5CVSS6.7AI score0.12768EPSS
Exploits0References19Affected Software5
UbuntuCve
UbuntuCve
added 2013/10/28 9:55 p.m.34 views

CVE-2013-2186

The DiskFileItem class in Apache Commons FileUpload, as used in Red Hat JBoss BRMS 5.3.1; JBoss Portal 4.3 CP07, 5.2.2, and 6.0.0; and Red Hat JBoss Web Server 1.0.2 allows remote attackers to write to arbitrary files via a NULL byte in a file name in a serialized instance...

7.5CVSS7AI score0.12768EPSS
Exploits0References2
Cvelist
Cvelist
added 2013/10/28 9:0 p.m.34 views

CVE-2013-2186

The DiskFileItem class in Apache Commons FileUpload, as used in Red Hat JBoss BRMS 5.3.1; JBoss Portal 4.3 CP07, 5.2.2, and 6.0.0; and Red Hat JBoss Web Server 1.0.2 allows remote attackers to write to arbitrary files via a NULL byte in a file name in a serialized instance...

7.8AI score0.12768EPSS
Exploits0References19
Rows per page
Query Builder