[SECURITY] [DLA 2726-1] shiro security update

Debian LTS Advisory DLA-2726-1 [email protected] https://www.debian.org/lts/security/ Roberto C. Sánchez August 02, 2021 https://wiki.debian.org/LTS Package : shiro Version : 1.3.2-1+deb9u2 CVE ID : CVE-2020-13933 CVE-2020-17510 Debian Bug : 968753 It was discovered that there were two...

CVE-2021-32769

Micronaut is a JVM-based, full stack Java framework designed for building JVM applications. A path traversal vulnerability exists in versions prior to 2.5.9. With a basic configuration, it is possible to access any file from a filesystem, using "/../../" in the URL. This occurs because Micronaut...

CVE-2021-32769

Micronaut’s CVE-2021-32769 is a path-traversal vulnerability in versions before 2.5.9. Affected component is the Micronaut file/resource loader which allows access to filesystem paths via URL patterns like /../../ when not restricted to configured paths. Exploitation details are described across ...

GHSA-72W9-FCJ5-3FCG Improper Authentication in Apache Shiro

Apache Shiro is a powerful and easy-to-use Java security framework that performs authentication, authorization, cryptography, and session management. Apache Shiro before 1.5.3, when using Apache Shiro with Spring dynamic controllers, a specially crafted request may cause an authentication bypass...

Vaadin flow path traversal vulnerability

Vaadin flow is a software application. the Vaadin platform is a Java framework for building modern websites that look great, perform well and keep you and your users happy. A path traversal vulnerability exists in vaadin: flow-server versions 2.0.0 through 2.4.1, which can be exploited by an...

Vaadin flow has an unspecified vulnerability

Vaadin flow is an application. vaadin platform Java framework for building modern websites that look good, perform well and keep you and your users happy. vaadin: flow-server versions 3.0.0 through 5.0.3 have a security vulnerability that can be exploited by attackers to guess the security token ...

Vaadin flow resource management error vulnerability

Vaadin flow is an application. vaadin platform Java framework for building modern websites that look good, perform well and delight you and your users. vaadin: vaadin-text-field-flow versions 2.0.4 through 2.3.2 are vulnerable to resource management errors, which can be exploited by attackers to ...

The vulnerability of the Java framework’s LDAP module for securing Spring-based industrial applications allows attackers to compromise the confidentiality, integrity, and accessibility of protected information.

The vulnerability of the LDAP module of the Java framework for securing Spring-based industrial applications is related to authentication errors. Exploiting this vulnerability could allow an attacker to compromise the confidentiality, integrity, and accessibility of the protected information...

The vulnerability of the RabbitMQ messaging broker’s Java framework and Apache Camel allows a attacker to cause a service failure or execute arbitrary code.

The vulnerability of the RabbitMQ Java framework of Apache Camel broker is related to the recovery of unreliable data structures in memory. Exploiting this vulnerability can allow an attacker to cause service failures or execute arbitrary code...

File upload vulnerability in jfinal

jfinal is based on the Java language of the extremely fast WEB + ORM framework . jfinal has a file upload vulnerability that can be exploited by an attacker to gain control of the server...

Apache Dubbo Deserialization Vulnerability

Apache Dubbo is a Java-based high-performance RPC framework . Apache Dubbo has a deserialization vulnerability that can be exploited by an attacker to execute code...

Unspecified Vulnerability in SAP NetWeaver Application Server Java

SAP NetWeaver Application Server Java is a German SAP SAP company provides a Java runtime environment of the application server. The product is mainly used to develop and run Java EE applications. A security vulnerability exists in SAP NetWeaver Application Server Java J2EE-Framework that can be...

Apache Struts 2.3.20 < 2.3.29 / 2.5.x < 2.5.13 Denial of Service Vulnerability (S2-041)

The version of Apache Struts running on the remote Windows host is 2.3.20 prior to 2.3.29 or 2.5.x 2.5.13. It is, therefore, affected by a denial of service vulnerability in URLValidator due to improper handling of form fields. An unauthenticated, remote attacker can exploit this, via a crafted...

Apache Struts 2.x < 2.3.14.3 Remote Code Execution Vulnerability (S2-012)

The version of Apache Struts running on the remote host is 2.x prior to 2.3.14.3. It, therefore, is affected by a remote command execution vulnerability in the ParameterInterceptor class due to improper handling of user-supplied input data. An unauthenticated, remote attacker could exploit this...

Apache Struts 2.x < 2.3.15.2 Dynamic Method Invocation Multiple Vulnerabilities (S2-019)

The version of Apache Struts running on the remote host is 2.x prior to 2.3.15.2. It, therefore, is affected by multiple Dynamic Method Invocation DMI vulnerabilities as DMI is enabled by default. Note that Nessus has not tested for these issues but has instead relied only on the application's...

Apache Struts 2.x < 2.3.15.1 Multiple Vulnerabilities (S2-016) (S2-017)

The version of Apache Struts running on the remote host is 2.x prior to 2.3.15.1. It, therefore, is affected by multiple vulnerabilities including a remote command execution vulnerability and an open redirect vulnerability. Note that Nessus has not tested for these issues but has instead relied...

JDK: path traversal flaw in the Diagnostic Tooling Framework

The IBM Java Runtime Environment's Diagnostic Tooling Framework for Java DTFJ IBM SDK, Java Technology Edition 6.0 , 7.0, and 8.0 does not protect against path traversal attacks when extracting compressed dump files. IBM X-Force ID: 144882...

Pivotal Spring Java Framework < 5.0 - Remote Code Execution Exploit

Exploit for java platform in category web applications Exploit Title: Pivotal Spring Java Framework Vendor Homepage: https://pivotal.io/agile/press-release/pivotal-releases-spring-framework-for-modern-java-application-development CVE: CVE: CVE-2018-1270 Version: = 5.0.x Description: By connecting...

Pivotal Spring Java Framework < 5.0 - Remote Code Execution

Pivotal Spring Java Framework Vendor Homepage: https://pivotal.io/agile/press-release/pivotal-releases-spring-framework-for-modern-java-application-development CVE: CVE: CVE-2018-1270 Version: = 5.0.x Description: By connecting to spring STOMP, and putting the key for "selector" header, we can...

Apache Struts 2.3.x Showcase App Struts 1 Plugin ActionMessage Class Error Message Input Handling RCE (S2-048)

The version of Apache Struts running on the remote Windows host is 2.3.x. It is, therefore, potentially affected by a remote code execution vulnerability in the Struts 1 plugin showcase app in the ActionMessage class due to improper validation of user-supplied input passed via error messages. An...