Lucene search
K

4458 matches found

CVE
CVE
added 2013/10/28 9:0 p.m.210 views

CVE-2013-2186

CVE-2013-2186 affects Apache Commons FileUpload (DiskFileItem) and allows remote attackers to overwrite/write arbitrary files by exploiting a NULL byte in a serialized file name. The vulnerability is present in affected Red Hat/JBoss stacks (BRMS, Portal, Web Server) and also appears across IBM a...

7.5CVSS7.8AI score0.12768EPSS
Exploits0References19Affected Software4
Debian CVE
Debian CVE
added 2013/10/28 9:0 p.m.44 views

CVE-2013-2186

The DiskFileItem class in Apache Commons FileUpload, as used in Red Hat JBoss BRMS 5.3.1; JBoss Portal 4.3 CP07, 5.2.2, and 6.0.0; and Red Hat JBoss Web Server 1.0.2 allows remote attackers to write to arbitrary files via a NULL byte in a file name in a serialized instance...

7.5CVSS7.4AI score0.12768EPSS
Exploits0
Positive Technologies
Positive Technologies
added 2013/10/28 12:0 a.m.6 views

PT-2013-1117 · Red Hat +3 · Red Hat Jboss Brms +5

Name of the Vulnerable Software and Affected Versions: Apache Commons FileUpload versions affected versions not specified Red Hat JBoss BRMS version 5.3.1 Red Hat JBoss Portal versions 4.3 CP07, 5.2.2, and 6.0.0 Red Hat JBoss Web Server version 1.0.2 Description: The issue affects the DiskFileIte...

7.5CVSS8AI score0.83175EPSS
Exploits8References41
RedHat Linux
RedHat Linux
added 2013/10/21 5:22 p.m.5 views

commons-fileupload: Arbitrary file upload via deserialization

The DiskFileItem class in Apache Commons FileUpload, as used in Red Hat JBoss BRMS 5.3.1; JBoss Portal 4.3 CP07, 5.2.2, and 6.0.0; and Red Hat JBoss Web Server 1.0.2 allows remote attackers to write to arbitrary files via a NULL byte in a file name in a serialized instance...

7.5CVSS6.9AI score0.12768EPSS
Exploits0References4
RedHat Linux
RedHat Linux
added 2013/10/17 5:17 p.m.3 views

commons-fileupload: Arbitrary file upload via deserialization

The DiskFileItem class in Apache Commons FileUpload, as used in Red Hat JBoss BRMS 5.3.1; JBoss Portal 4.3 CP07, 5.2.2, and 6.0.0; and Red Hat JBoss Web Server 1.0.2 allows remote attackers to write to arbitrary files via a NULL byte in a file name in a serialized instance...

7.5CVSS6.9AI score0.12768EPSS
Exploits0References4
RedHat Linux
RedHat Linux
added 2013/10/15 6:31 p.m.7 views

Important: Red Hat Security Advisory: commons-fileupload security update

An update for the commons-fileupload component that fixes one security issue is now available from the Red Hat Customer Portal for Red Hat JBoss BRMS 5.3.1; and Red Hat JBoss Portal 4.3 CP07, 5.2.2 and 6.0.0. The Red Hat Security Response Team has rated this update as having important security...

7.5CVSS6.8AI score0.12768EPSS
Exploits0References6
RedHat Linux
RedHat Linux
added 2013/10/15 6:30 p.m.5 views

commons-fileupload: Arbitrary file upload via deserialization

The DiskFileItem class in Apache Commons FileUpload, as used in Red Hat JBoss BRMS 5.3.1; JBoss Portal 4.3 CP07, 5.2.2, and 6.0.0; and Red Hat JBoss Web Server 1.0.2 allows remote attackers to write to arbitrary files via a NULL byte in a file name in a serialized instance...

7.5CVSS6.9AI score0.12768EPSS
Exploits0References4
RedHat Linux
RedHat Linux
added 2013/10/15 6:18 p.m.6 views

commons-fileupload: Arbitrary file upload via deserialization

The DiskFileItem class in Apache Commons FileUpload, as used in Red Hat JBoss BRMS 5.3.1; JBoss Portal 4.3 CP07, 5.2.2, and 6.0.0; and Red Hat JBoss Web Server 1.0.2 allows remote attackers to write to arbitrary files via a NULL byte in a file name in a serialized instance...

7.5CVSS6.9AI score0.12768EPSS
Exploits0References4
RedHat Linux
RedHat Linux
added 2013/10/15 6:18 p.m.39 views

Important: Red Hat Security Advisory: jakarta-commons-fileupload security update

An updated jakarta-commons-fileupload package that fixes one security issue is now available for Red Hat JBoss Web Server 1.0.2 for Red Hat Enterprise Linux 5 and 6. The Red Hat Security Response Team has rated this update as having important security impact. A Common Vulnerability Scoring System...

7.5CVSS6.7AI score0.12768EPSS
Exploits0References2
Tenable Nessus
Tenable Nessus
added 2013/09/04 12:0 a.m.33 views

Amazon Linux AMI : jakarta-commons-httpclient (ALAS-2013-169)

The Jakarta Commons HttpClient component did not verify that the server hostname matched the domain name in the subject's Common Name CN or subjectAltName field in X.509 certificates. This could allow a man-in-the-middle attacker to spoof an SSL server if they had a certificate that was valid for...

5.8CVSS6.8AI score0.09254EPSS
Exploits0References2
RedHat Linux
RedHat Linux
added 2013/08/08 5:4 p.m.5 views

jakarta-commons-httpclient: missing connection hostname check against X.509 certificate name

It was found that Apache Commons HttpClient 3.x, as used in Amazon Flexible Payments Service FPS merchant Java SDK and other products, does not verify that the server hostname matches a domain name in the subject's Common Name CN or subjectAltName field of the X.509 certificate, which allows...

5.8CVSS7.2AI score0.09254EPSS
Exploits0References4
NVD
NVD
added 2013/07/16 6:55 p.m.16 views

CVE-2013-1907

The Commons Group module before 7.x-3.1 for Drupal, as used in the Commons module before 7.x-3.1, does not properly restrict access to groups, which allows remote attackers to post arbitrary content to groups via unspecified vectors...

5CVSS6.8AI score0.02908EPSS
Exploits0References9
NVD
NVD
added 2013/07/16 6:55 p.m.20 views

CVE-2013-1908

The Commons Wikis module before 7.x-3.1 for Drupal, as used in the Commons module before 7.x-3.1, does not properly restrict access to groups, which allows remote attackers to post arbitrary content to groups via unspecified vectors...

5CVSS6.8AI score0.02558EPSS
Exploits0References8
Prion
Prion
added 2013/07/16 6:55 p.m.13 views

Design/Logic Flaw

The Commons Group module before 7.x-3.1 for Drupal, as used in the Commons module before 7.x-3.1, does not properly restrict access to groups, which allows remote attackers to post arbitrary content to groups via unspecified vectors...

5CVSS7.3AI score0.02908EPSS
Exploits0References9Affected Software2
Prion
Prion
added 2013/07/16 6:55 p.m.15 views

Design/Logic Flaw

The Commons Wikis module before 7.x-3.1 for Drupal, as used in the Commons module before 7.x-3.1, does not properly restrict access to groups, which allows remote attackers to post arbitrary content to groups via unspecified vectors...

5CVSS7.3AI score0.02558EPSS
Exploits0References8Affected Software2
Cvelist
Cvelist
added 2013/07/16 6:0 p.m.20 views

CVE-2013-1907

The Commons Group module before 7.x-3.1 for Drupal, as used in the Commons module before 7.x-3.1, does not properly restrict access to groups, which allows remote attackers to post arbitrary content to groups via unspecified vectors...

6.8AI score0.02908EPSS
Exploits0References9
CVE
CVE
added 2013/07/16 6:0 p.m.48 views

CVE-2013-1907

The CVE-2013-1907 issue affects the Drupal Commons distribution’s Commons Groups module (versions prior to 7.x-3.1). The vulnerability arises from inadequate access control, allowing remote/anonymous users to post arbitrary content to groups via unspecified vectors, effectively an access bypass w...

5CVSS7AI score0.02908EPSS
Exploits0References9Affected Software2
Cvelist
Cvelist
added 2013/07/16 6:0 p.m.24 views

CVE-2013-1908

The Commons Wikis module before 7.x-3.1 for Drupal, as used in the Commons module before 7.x-3.1, does not properly restrict access to groups, which allows remote attackers to post arbitrary content to groups via unspecified vectors...

6.8AI score0.02558EPSS
Exploits0References8
CVE
CVE
added 2013/07/16 6:0 p.m.54 views

CVE-2013-1908

The CVE-2013-1908 issue affects the Drupal Commons Wikis module (versions prior to 7.x-3.1) as used in the Commons distribution. The vulnerability is an access bypass/privilege-escalation flaw that allows anonymous users to post content into groups due to improper access restrictions. Impact is l...

5CVSS7AI score0.02558EPSS
Exploits0References8Affected Software2
Tenable Nessus
Tenable Nessus
added 2013/07/12 12:0 a.m.26 views

Oracle Linux 5 / 6 : jakarta-commons-httpclient (ELSA-2013-0270)

The remote Oracle Linux 5 / 6 host has packages installed that are affected by a vulnerability as referenced in the ELSA-2013-0270 advisory. 1:3.1-0.7 - Add missing connection hostname check against X.509 certificate name - Resolves: CVE-2012-5783 Tenable has extracted the preceding description...

5.8CVSS6.9AI score0.09254EPSS
Exploits0References2
Rows per page
Query Builder