141 matches found
GHSA-V64W-96P6-FX7W Apache Geronimo JMX Remoting functionality allows remote code execution in 3.x before v3.0.1
The JMX Remoting functionality in Apache Geronimo 3.x before 3.0.1, as used in IBM WebSphere Application Server WAS Community Edition 3.0.0.3 and other products, does not properly implement the RMI classloader, which allows remote attackers to execute arbitrary code by using the JMX connector to...
Apache Geronimo JMX Remoting functionality allows remote code execution in 3.x before v3.0.1
The JMX Remoting functionality in Apache Geronimo 3.x before 3.0.1, as used in IBM WebSphere Application Server WAS Community Edition 3.0.0.3 and other products, does not properly implement the RMI classloader, which allows remote attackers to execute arbitrary code by using the JMX connector to...
com.alibaba.otter:manager.deployer (>=4.2.1 <=4.2.15), com.alibaba.otter:manager.web (>=4.2.1 <=4.2.15) +53 more potentially affected by CVE-2014-5326 via org.directwebremoting:dwr (>=2.0.rc2 <=2.0.11-RELEASE)
org.directwebremoting:dwr MAVEN version =2.0.rc2, =4.2.1, =4.2.1, =2.1, =2.1, =2.1, =2.1, =2.1, =2.1, =2.1, =2.1, =2.1, =2.1, =2.1, =2.1, =2.1.1 and more Source cves: CVE-2014-5326 Source advisory: OSV:GHSA-Q5V2-2V66-6HWM...
com.butor:butor-sso (=0.9.0), org.apache.geronimo.assemblies:geronimo-jetty7-javaee5 (>=2.2 <=2.2.1) +31 more potentially affected by CVE-2014-5326 via org.directwebremoting:dwr (=3.0.M1)
org.directwebremoting:dwr MAVEN version =3.0.M1 is affected by a known vulnerability. The following packages have a transitive dependency on org.directwebremoting:dwr and may be impacted: - com.butor:butor-sso =0.9.0 - org.apache.geronimo.assemblies:geronimo-jetty7-javaee5 =2.2, =2.2, =2.2, =2.2,...
com.butor:butor-sso (=0.9.0), org.apache.geronimo.assemblies:geronimo-jetty7-javaee5 (>=2.2 <=2.2.1) +31 more potentially affected by CVE-2014-5325 via org.directwebremoting:dwr (=3.0.M1)
org.directwebremoting:dwr MAVEN version =3.0.M1 is affected by a known vulnerability. The following packages have a transitive dependency on org.directwebremoting:dwr and may be impacted: - com.butor:butor-sso =0.9.0 - org.apache.geronimo.assemblies:geronimo-jetty7-javaee5 =2.2, =2.2, =2.2, =2.2,...
GHSA-23VV-V25H-QWQW Improper Input Validation in Apache Axis2
Apache Axis2 before 1.5.2, as used in IBM WebSphere Application Server WAS 7.0 through 7.0.0.12, IBM Feature Pack for Web Services 6.1.0.9 through 6.1.0.32, IBM Feature Pack for Web 2.0 1.0.1.0, Apache Synapse, Apache ODE, Apache Tuscany, Apache Geronimo, and other products, does not properly...
Improper Input Validation in Apache Axis2
Apache Axis2 before 1.5.2, as used in IBM WebSphere Application Server WAS 7.0 through 7.0.0.12, IBM Feature Pack for Web Services 6.1.0.9 through 6.1.0.32, IBM Feature Pack for Web 2.0 1.0.1.0, Apache Synapse, Apache ODE, Apache Tuscany, Apache Geronimo, and other products, does not properly...
GHSA-XM92-RF24-H74W Apache Geronimo Application Server multiple directory traversal vulnerabilities
Multiple directory traversal vulnerabilities in the web administration console in Apache Geronimo Application Server 2.1 through 2.1.3 on Windows allow remote attackers to upload files to arbitrary directories via directory traversal sequences in the 1 group, 2 artifact, 3 version, or 4 fileType...
Apache Geronimo Application Server multiple directory traversal vulnerabilities
Multiple directory traversal vulnerabilities in the web administration console in Apache Geronimo Application Server 2.1 through 2.1.3 on Windows allow remote attackers to upload files to arbitrary directories via directory traversal sequences in the 1 group, 2 artifact, 3 version, or 4 fileType...
GHSA-V3H8-RW48-H4GR Apache Geronimo Hash Collisions Cause DoS
Apache Geronimo 2.2.1 and earlier computes hash values for form parameters without restricting the ability to trigger hash collisions predictably, which allows remote attackers to cause a denial of service CPU consumption by sending many crafted parameters. NOTE: this might overlap CVE-2011-4461...
Apache Geronimo Hash Collisions Cause DoS
Apache Geronimo 2.2.1 and earlier computes hash values for form parameters without restricting the ability to trigger hash collisions predictably, which allows remote attackers to cause a denial of service CPU consumption by sending many crafted parameters. NOTE: this might overlap CVE-2011-4461...
maven:3.6 security and enhancement update
An update is available for apache-commons-io, atinject, jsr-305, maven-shared-utils, plexus-cipher, aopalliance, plexus-classworlds, guava, apache-commons-cli, plexus-containers, plexus-sec-dispatcher, httpcomponents-client, maven-resolver, apache-commons-lang3, plexus-interpolation, sisu,...
org.apache.camel:camel-xmlsecurity (>=2.0-M1 <=2.5.0), org.apache.cxf.dosgi.samples:cxf-dosgi-ri-samples-greeter-client (=1.0) +71 more potentially affected by CVE-2009-0217 via org.apache.santuario:xmlsec (=1.4.2)
org.apache.santuario:xmlsec MAVEN version =1.4.2 is affected by a known vulnerability. The following packages have a transitive dependency on org.apache.santuario:xmlsec and may be impacted: - org.apache.camel:camel-xmlsecurity =2.0-M1, =2.0.10, =2.0.10, =2.0.10, =2.0.10, =2.0.10, =2.0.10, =2.2.2...
GHSA-678X-XFP4-R92R Apache Geronimo Application Server CSRF vulnerabilities
Multiple cross-site request forgery CSRF vulnerabilities in the web administration console in Apache Geronimo Application Server 2.1 through 2.1.3 allow remote attackers to hijack the authentication of administrators for requests that 1 change the web administration password, 2 upload application...
Apache Geronimo Application Server CSRF vulnerabilities
Multiple cross-site request forgery CSRF vulnerabilities in the web administration console in Apache Geronimo Application Server 2.1 through 2.1.3 allow remote attackers to hijack the authentication of administrators for requests that 1 change the web administration password, 2 upload application...
GHSA-C372-X57P-6X7V Apache Geronimo Application Server multiple cross-site scripting (XSS) vulnerabilities
Multiple cross-site scripting XSS vulnerabilities in the web administration console in Apache Geronimo Application Server 2.1 through 2.1.3 allow remote attackers to inject arbitrary web script or HTML via the 1 name, 2 ip, 3 username, or 4 description parameter to console/portal/Server/Monitorin...
Apache Geronimo Application Server multiple cross-site scripting (XSS) vulnerabilities
Multiple cross-site scripting XSS vulnerabilities in the web administration console in Apache Geronimo Application Server 2.1 through 2.1.3 allow remote attackers to inject arbitrary web script or HTML via the 1 name, 2 ip, 3 username, or 4 description parameter to console/portal/Server/Monitorin...
geronimo:geronimo-console (>=1.0 <=1.0-M5) potentially affected by CVE-2006-0254 via geronimo:geronimo-console-standard (>=1.0 <=1.0-M5)
geronimo:geronimo-console-standard MAVEN version =1.0, =1.0, =1.0-M5 Source cves: CVE-2006-0254 Source advisory: OSV:GHSA-2JXH-3CX8-XW65...
GHSA-2JXH-3CX8-XW65 Apache Geronimo console 1.0 vulnerable to cross-site scripting
Multiple cross-site scripting XSS vulnerabilities in Apache Geronimo 1.0 allow remote attackers to inject arbitrary web script or HTML via the 1 time parameter to cal2.jsp and 2 any invalid parameter, which causes an XSS when the log file is viewed by the Web-Access-Log viewer. Version 1.1 contai...
Apache Geronimo console 1.0 vulnerable to cross-site scripting
Multiple cross-site scripting XSS vulnerabilities in Apache Geronimo 1.0 allow remote attackers to inject arbitrary web script or HTML via the 1 time parameter to cal2.jsp and 2 any invalid parameter, which causes an XSS when the log file is viewed by the Web-Access-Log viewer. Version 1.1 contai...