SRC-2017-0011 : Hewlett Packard Enterprise Intelligent Management Center addVsiInterfaceInfo Expression Language Injection Remote Code Execution Vulnerability

Vulnerability Details: This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Hewlett Packard Enterprise Intelligent Management Center. Although authentication is required to exploit this vulnerability, the existing authentication mechanism can be...

SRC-2017-0009 : Hewlett Packard Enterprise Intelligent Management Center SyslogTempletSelectWin Expression Language Injection Remote Code Execution Vulnerability

Vulnerability Details: This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Hewlett Packard Enterprise Intelligent Management Center. Although authentication is required to exploit this vulnerability, the existing authentication mechanism can be...

SRC-2017-0020 : Hewlett Packard Enterprise Intelligent Management Center powershellConfigContent Expression Language Injection Remote Code Execution Vulnerability

Vulnerability Details: This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Hewlett Packard Enterprise Intelligent Management Center. Although authentication is required to exploit this vulnerability, the existing authentication mechanism can be...

SRC-2017-0017 : Hewlett Packard Enterprise Intelligent Management Center ictExpertCSVDownload IctTableExportToCSVBean Expression Language Injection Remote Code Execution Vulnerability

Vulnerability Details: This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Hewlett Packard Enterprise Intelligent Management Center. Although authentication is required to exploit this vulnerability, the existing authentication mechanism can be...

Scientific Linux Security Update : tomcat6 on SL6.x i386/x86_64 (20160323)

It was found that the expression language resolver evaluated expressions within a privileged code section. A malicious web application could use this flaw to bypass security manager protections. CVE-2014-7810 This update also fixes the following bug : - Previously, using a New I/O NIO connector i...

Tomcat/JbossWeb: security manager bypass via EL expressions

It was found that the expression language resolver evaluated expressions within a privileged code section. A malicious web application could use this flaw to bypass security manager protections...

Amazon Linux AMI : tomcat6 (ALAS-2016-656)

It was found that the expression language resolver evaluated expressions within a privileged code section. A malicious web application could use this flaw to bypass security manager protections. CVE-2014-7810 It was found that Tomcat would keep connections open after processing requests with a...

Amazon Linux: Security Advisory (ALAS-2016-657)

The remote host is missing an update for the SPDX-FileCopyrightText: 2016 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Amazon Linux: Security Advisory (ALAS-2016-658)

The remote host is missing an update for the SPDX-FileCopyrightText: 2016 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Medium: tomcat6

Issue Overview: It was found that the expression language resolver evaluated expressions within a privileged code section. A malicious web application could use this flaw to bypass security manager protections. CVE-2014-7810 It was found that Tomcat would keep connections open after processing...

Medium: tomcat7

Issue Overview: A directory traversal vulnerability in RequestUtil.java was discovered which allows remote authenticated users to bypass intended SecurityManager restrictions and list a parent directory via a /.. slash dot dot in a pathname used by a web application in a getResource,...

Medium: tomcat8

Issue Overview: A directory traversal vulnerability in RequestUtil.java was discovered which allows remote authenticated users to bypass intended SecurityManager restrictions and list a parent directory via a /.. slash dot dot in a pathname used by a web application in a getResource,...

Debian DSA-3447-1 : tomcat7 - security update

It was discovered that malicious web applications could use the Expression Language to bypass protections of a Security Manager as expressions were evaluated within a privileged code section. %NASLMINLEVEL 70300 C Tenable Network Security, Inc. The descriptive text and package checks in this plug...

Debian Security Advisory DSA 3447-1 (tomcat7 - security update)

It was discovered that malicious web applications could use the Expression Language to bypass protections of a Security Manager as expressions were evaluated within a privileged code section. OpenVAS Vulnerability Test $Id: deb3447.nasl 6608 2017-07-07 12:05:05Z cfischer $ Auto-generated from...

DSA-3447-1 tomcat7 - security update

Bulletin has no description...

DSA-3428-1 tomcat8 - security update

Bulletin has no description...

OpenMRS 2.3 (1.11.4) - Expression Language Injection

OpenMRS 2.3 1.11.4 - Expression Language Injection OpenMRS 2.3 1.11.4 Expression Language Injection Vulnerability Vendor: OpenMRS Inc. Product web page: http://www.openmrs.org Affected version: OpenMRS 2.3, 2.2, 2.1, 2.0 Platform 1.11.4 Build 6ebcaf, 1.11.2 and 1.10.0 OpenMRS-TB System OpenMRS...

OpenMRS 2.3 (1.11.4) - Expression Language Injection Vulnerability

Exploit for php platform in category web applications OpenMRS 2.3 1.11.4 Expression Language Injection Vulnerability Vendor: OpenMRS Inc. Product web page: http://www.openmrs.org Affected version: OpenMRS 2.3, 2.2, 2.1, 2.0 Platform 1.11.4 Build 6ebcaf, 1.11.2 and 1.10.0 OpenMRS-TB System OpenMRS...

OpenMRS 2.3 (1.11.4) - Expression Language Injection

OpenMRS 2.3 1.11.4 Expression Language Injection Vulnerability Vendor: OpenMRS Inc. Product web page: http://www.openmrs.org Affected version: OpenMRS 2.3, 2.2, 2.1, 2.0 Platform 1.11.4 Build 6ebcaf, 1.11.2 and 1.10.0 OpenMRS-TB System OpenMRS 1.9.7 Build 60bd9b Summary: OpenMRS is an application...

OpenMRS 2.3 (1.11.4) Expression Language Injection Vulnerability

Summary OpenMRS is an application which enables design of a customized medical records system with no programming knowledge although medical and systems analysis knowledge is required. It is a common framework upon which medical informatics efforts in developing countries can be built. Descriptio...