33 matches found
PT-2023-32325 · Unknown · Geoserver Geowebcache
Name of the Vulnerable Software and Affected Versions: GeoServer GeoWebCache versions up to 1.15.1 Description: A vulnerability was found in GeoServer GeoWebCache, affecting unknown code of the file /geoserver/gwc/rest.html. The manipulation leads to a direct request. The attack can be initiated...
CVE-2022-24846
GeoWebCache is a tile caching server implemented in Java. The GeoWebCache disk quota mechanism can perform an unchecked JNDI lookup, which in turn can be used to perform class deserialization and result in arbitrary code execution. While in GeoWebCache the JNDI strings are provided via local...
Deserialization of untrusted data
GeoWebCache is a tile caching server implemented in Java. The GeoWebCache disk quota mechanism can perform an unchecked JNDI lookup, which in turn can be used to perform class deserialization and result in arbitrary code execution. While in GeoWebCache the JNDI strings are provided via local...
CVE-2022-24846 Unchecked JNDI lookups in GeoWebCache
GeoWebCache is a tile caching server implemented in Java. The GeoWebCache disk quota mechanism can perform an unchecked JNDI lookup, which in turn can be used to perform class deserialization and result in arbitrary code execution. While in GeoWebCache the JNDI strings are provided via local...
CVE-2022-24846 Unchecked JNDI lookups in GeoWebCache
GeoWebCache is a tile caching server implemented in Java. The GeoWebCache disk quota mechanism can perform an unchecked JNDI lookup, which in turn can be used to perform class deserialization and result in arbitrary code execution. While in GeoWebCache the JNDI strings are provided via local...
CVE-2022-24846 Unchecked JNDI lookups in GeoWebCache
GeoWebCache is a tile caching server implemented in Java. The GeoWebCache disk quota mechanism can perform an unchecked JNDI lookup, which in turn can be used to perform class deserialization and result in arbitrary code execution. While in GeoWebCache the JNDI strings are provided via local...
CVE-2022-24846
CVE-2022-24846 affects GeoWebCache (Java) via the disk quota mechanism performing unchecked JNDI lookups, enabling class deserialization and arbitrary code execution. The issue is tied to JNDI strings supplied from local config in GeoWebCache and a remote UI in GeoServer that requires admin login...
GeoWebCache 代码问题漏洞
GeoWebCache is a Java Web application used to cache map slices from various sources, such as the OGC Web Map Service WMS. A code issue vulnerability exists in GeoWebCache that stems from a disk quota mechanism that can perform unchecked JNDI lookups, which in turn can be used to perform class...
CVE-2022-24847
GeoServer is an open source software server written in Java that allows users to share and edit geospatial data. The GeoServer security mechanism can perform an unchecked JNDI lookup, which in turn can be used to perform class deserialization and result in arbitrary code execution. The same can...
Deserialization of untrusted data
GeoServer is an open source software server written in Java that allows users to share and edit geospatial data. The GeoServer security mechanism can perform an unchecked JNDI lookup, which in turn can be used to perform class deserialization and result in arbitrary code execution. The same can...
CVE-2022-24847 Improper Input Validation in GeoServer
GeoServer is an open source software server written in Java that allows users to share and edit geospatial data. The GeoServer security mechanism can perform an unchecked JNDI lookup, which in turn can be used to perform class deserialization and result in arbitrary code execution. The same can...
CVE-2022-24847
CVE-2022-24847 affects GeoServer (Java) where an unchecked JNDI lookup can lead to class deserialization and arbitrary code execution. Exploitation requires admin rights and use of the GeoServer GUI or REST API. Mitigations include restricting access to geoserver/web and geoserver/rest (and GeoWe...
CVE-2022-24847 Improper Input Validation in GeoServer
GeoServer is an open source software server written in Java that allows users to share and edit geospatial data. The GeoServer security mechanism can perform an unchecked JNDI lookup, which in turn can be used to perform class deserialization and result in arbitrary code execution. The same can...