Lucene search
K

141 matches found

OSV
OSV
added 2022/05/17 4:48 a.m.9 views

GHSA-V64W-96P6-FX7W Apache Geronimo JMX Remoting functionality allows remote code execution in 3.x before v3.0.1

The JMX Remoting functionality in Apache Geronimo 3.x before 3.0.1, as used in IBM WebSphere Application Server WAS Community Edition 3.0.0.3 and other products, does not properly implement the RMI classloader, which allows remote attackers to execute arbitrary code by using the JMX connector to...

10CVSS6.2AI score0.09808EPSS
Exploits0References9
Github Security Blog
Github Security Blog
added 2022/05/17 4:48 a.m.32 views

Apache Geronimo JMX Remoting functionality allows remote code execution in 3.x before v3.0.1

The JMX Remoting functionality in Apache Geronimo 3.x before 3.0.1, as used in IBM WebSphere Application Server WAS Community Edition 3.0.0.3 and other products, does not properly implement the RMI classloader, which allows remote attackers to execute arbitrary code by using the JMX connector to...

10CVSS6.6AI score0.09808EPSS
Exploits0References9Affected Software1
vulnersOsv
vulnersOsv
added 2022/05/17 4:21 a.m.5 views

com.alibaba.otter:manager.deployer (>=4.2.1 <=4.2.15), com.alibaba.otter:manager.web (>=4.2.1 <=4.2.15) +53 more potentially affected by CVE-2014-5326 via org.directwebremoting:dwr (>=2.0.rc2 <=2.0.11-RELEASE)

org.directwebremoting:dwr MAVEN version =2.0.rc2, =4.2.1, =4.2.1, =2.1, =2.1, =2.1, =2.1, =2.1, =2.1, =2.1, =2.1, =2.1, =2.1, =2.1, =2.1, =2.1.1 and more Source cves: CVE-2014-5326 Source advisory: OSV:GHSA-Q5V2-2V66-6HWM...

4.3CVSS6.7AI score0.01148EPSS
Exploits0
vulnersOsv
vulnersOsv
added 2022/05/17 4:21 a.m.5 views

com.butor:butor-sso (=0.9.0), org.apache.geronimo.assemblies:geronimo-jetty7-javaee5 (>=2.2 <=2.2.1) +31 more potentially affected by CVE-2014-5326 via org.directwebremoting:dwr (=3.0.M1)

org.directwebremoting:dwr MAVEN version =3.0.M1 is affected by a known vulnerability. The following packages have a transitive dependency on org.directwebremoting:dwr and may be impacted: - com.butor:butor-sso =0.9.0 - org.apache.geronimo.assemblies:geronimo-jetty7-javaee5 =2.2, =2.2, =2.2, =2.2,...

4.3CVSS6.7AI score0.01148EPSS
Exploits0
vulnersOsv
vulnersOsv
added 2022/05/17 3:46 a.m.5 views

com.butor:butor-sso (=0.9.0), org.apache.geronimo.assemblies:geronimo-jetty7-javaee5 (>=2.2 <=2.2.1) +31 more potentially affected by CVE-2014-5325 via org.directwebremoting:dwr (=3.0.M1)

org.directwebremoting:dwr MAVEN version =3.0.M1 is affected by a known vulnerability. The following packages have a transitive dependency on org.directwebremoting:dwr and may be impacted: - com.butor:butor-sso =0.9.0 - org.apache.geronimo.assemblies:geronimo-jetty7-javaee5 =2.2, =2.2, =2.2, =2.2,...

5CVSS5.8AI score0.02318EPSS
Exploits0
OSV
OSV
added 2022/05/17 2:22 a.m.67 views

GHSA-23VV-V25H-QWQW Improper Input Validation in Apache Axis2

Apache Axis2 before 1.5.2, as used in IBM WebSphere Application Server WAS 7.0 through 7.0.0.12, IBM Feature Pack for Web Services 6.1.0.9 through 6.1.0.32, IBM Feature Pack for Web 2.0 1.0.1.0, Apache Synapse, Apache ODE, Apache Tuscany, Apache Geronimo, and other products, does not properly...

7.5CVSS8.3AI score0.22372EPSS
Exploits3References9
Github Security Blog
Github Security Blog
added 2022/05/17 2:22 a.m.36 views

Improper Input Validation in Apache Axis2

Apache Axis2 before 1.5.2, as used in IBM WebSphere Application Server WAS 7.0 through 7.0.0.12, IBM Feature Pack for Web Services 6.1.0.9 through 6.1.0.32, IBM Feature Pack for Web 2.0 1.0.1.0, Apache Synapse, Apache ODE, Apache Tuscany, Apache Geronimo, and other products, does not properly...

7.5CVSS3.4AI score0.22372EPSS
Exploits3References10Affected Software1
OSV
OSV
added 2022/05/14 2:40 a.m.22 views

GHSA-XM92-RF24-H74W Apache Geronimo Application Server multiple directory traversal vulnerabilities

Multiple directory traversal vulnerabilities in the web administration console in Apache Geronimo Application Server 2.1 through 2.1.3 on Windows allow remote attackers to upload files to arbitrary directories via directory traversal sequences in the 1 group, 2 artifact, 3 version, or 4 fileType...

9.4CVSS7.7AI score0.35929EPSS
Exploits1References12
Github Security Blog
Github Security Blog
added 2022/05/14 2:40 a.m.27 views

Apache Geronimo Application Server multiple directory traversal vulnerabilities

Multiple directory traversal vulnerabilities in the web administration console in Apache Geronimo Application Server 2.1 through 2.1.3 on Windows allow remote attackers to upload files to arbitrary directories via directory traversal sequences in the 1 group, 2 artifact, 3 version, or 4 fileType...

9.4CVSS7.2AI score0.35929EPSS
Exploits1References12Affected Software1
OSV
OSV
added 2022/05/13 1:7 a.m.32 views

GHSA-V3H8-RW48-H4GR Apache Geronimo Hash Collisions Cause DoS

Apache Geronimo 2.2.1 and earlier computes hash values for form parameters without restricting the ability to trigger hash collisions predictably, which allows remote attackers to cause a denial of service CPU consumption by sending many crafted parameters. NOTE: this might overlap CVE-2011-4461...

7.8CVSS5.3AI score0.81155EPSS
Exploits5References18
Github Security Blog
Github Security Blog
added 2022/05/13 1:7 a.m.36 views

Apache Geronimo Hash Collisions Cause DoS

Apache Geronimo 2.2.1 and earlier computes hash values for form parameters without restricting the ability to trigger hash collisions predictably, which allows remote attackers to cause a denial of service CPU consumption by sending many crafted parameters. NOTE: this might overlap CVE-2011-4461...

7.8CVSS7.2AI score0.81155EPSS
Exploits5References18Affected Software1
Rockylinux
Rockylinux
added 2022/05/10 8:4 a.m.44 views

maven:3.6 security and enhancement update

An update is available for apache-commons-io, atinject, jsr-305, maven-shared-utils, plexus-cipher, aopalliance, plexus-classworlds, guava, apache-commons-cli, plexus-containers, plexus-sec-dispatcher, httpcomponents-client, maven-resolver, apache-commons-lang3, plexus-interpolation, sisu,...

5.3CVSS6.2AI score0.08665EPSS
Exploits1
vulnersOsv
vulnersOsv
added 2022/05/02 3:13 a.m.6 views

org.apache.camel:camel-xmlsecurity (>=2.0-M1 <=2.5.0), org.apache.cxf.dosgi.samples:cxf-dosgi-ri-samples-greeter-client (=1.0) +71 more potentially affected by CVE-2009-0217 via org.apache.santuario:xmlsec (=1.4.2)

org.apache.santuario:xmlsec MAVEN version =1.4.2 is affected by a known vulnerability. The following packages have a transitive dependency on org.apache.santuario:xmlsec and may be impacted: - org.apache.camel:camel-xmlsecurity =2.0-M1, =2.0.10, =2.0.10, =2.0.10, =2.0.10, =2.0.10, =2.0.10, =2.2.2...

5CVSS7.1AI score0.06348EPSS
Exploits0
OSV
OSV
added 2022/05/02 3:12 a.m.30 views

GHSA-678X-XFP4-R92R Apache Geronimo Application Server CSRF vulnerabilities

Multiple cross-site request forgery CSRF vulnerabilities in the web administration console in Apache Geronimo Application Server 2.1 through 2.1.3 allow remote attackers to hijack the authentication of administrators for requests that 1 change the web administration password, 2 upload application...

6.8CVSS8AI score0.11059EPSS
Exploits2References10
Github Security Blog
Github Security Blog
added 2022/05/02 3:12 a.m.37 views

Apache Geronimo Application Server CSRF vulnerabilities

Multiple cross-site request forgery CSRF vulnerabilities in the web administration console in Apache Geronimo Application Server 2.1 through 2.1.3 allow remote attackers to hijack the authentication of administrators for requests that 1 change the web administration password, 2 upload application...

6.8CVSS5.6AI score0.11059EPSS
Exploits2References10Affected Software1
OSV
OSV
added 2022/05/02 3:12 a.m.26 views

GHSA-C372-X57P-6X7V Apache Geronimo Application Server multiple cross-site scripting (XSS) vulnerabilities

Multiple cross-site scripting XSS vulnerabilities in the web administration console in Apache Geronimo Application Server 2.1 through 2.1.3 allow remote attackers to inject arbitrary web script or HTML via the 1 name, 2 ip, 3 username, or 4 description parameter to console/portal/Server/Monitorin...

4.3CVSS6.8AI score0.18003EPSS
Exploits2References8
Github Security Blog
Github Security Blog
added 2022/05/02 3:12 a.m.26 views

Apache Geronimo Application Server multiple cross-site scripting (XSS) vulnerabilities

Multiple cross-site scripting XSS vulnerabilities in the web administration console in Apache Geronimo Application Server 2.1 through 2.1.3 allow remote attackers to inject arbitrary web script or HTML via the 1 name, 2 ip, 3 username, or 4 description parameter to console/portal/Server/Monitorin...

4.3CVSS5.8AI score0.18003EPSS
Exploits2References8Affected Software1
vulnersOsv
vulnersOsv
added 2022/05/01 6:38 a.m.2 views

geronimo:geronimo-console (>=1.0 <=1.0-M5) potentially affected by CVE-2006-0254 via geronimo:geronimo-console-standard (>=1.0 <=1.0-M5)

geronimo:geronimo-console-standard MAVEN version =1.0, =1.0, =1.0-M5 Source cves: CVE-2006-0254 Source advisory: OSV:GHSA-2JXH-3CX8-XW65...

4.3CVSS5.8AI score0.32247EPSS
Exploits1
OSV
OSV
added 2022/05/01 6:38 a.m.4 views

GHSA-2JXH-3CX8-XW65 Apache Geronimo console 1.0 vulnerable to cross-site scripting

Multiple cross-site scripting XSS vulnerabilities in Apache Geronimo 1.0 allow remote attackers to inject arbitrary web script or HTML via the 1 time parameter to cal2.jsp and 2 any invalid parameter, which causes an XSS when the log file is viewed by the Web-Access-Log viewer. Version 1.1 contai...

4.3CVSS6AI score0.32247EPSS
Exploits1References17
Github Security Blog
Github Security Blog
added 2022/05/01 6:38 a.m.54 views

Apache Geronimo console 1.0 vulnerable to cross-site scripting

Multiple cross-site scripting XSS vulnerabilities in Apache Geronimo 1.0 allow remote attackers to inject arbitrary web script or HTML via the 1 time parameter to cal2.jsp and 2 any invalid parameter, which causes an XSS when the log file is viewed by the Web-Access-Log viewer. Version 1.1 contai...

4.3CVSS4.9AI score0.32247EPSS
Exploits1References17Affected Software1
Rows per page
Query Builder