31 matches found
Apache CXF 安全漏洞
Apache CXF is an open-source web service framework developed by the Apache Foundation in the United States. This framework supports various web service standards and multiple front-end programming APIs. There are security vulnerabilities in Apache CXF; these vulnerabilities arise from incomplete...
GHSA-JG2M-9X48-3GVJ Apache Camel has an incomplete fix for CVE-2025-27636
The fix for CVE-2025-27636 added setLowerCasetrue to HttpHeaderFilterStrategy so that case-variant header names such as 'CAmelExecCommandExecutable' are filtered out alongside 'CamelExecCommandExecutable'. The same setLowerCasetrue call was not applied to five non-HTTP HeaderFilterStrategy...
EUVD-2016-0608
Malware in sbrugna...
Important: Red Hat Security Advisory: Red Hat JBoss Enterprise Application Platform 8.1.0 security update
A security update is now available for Red Hat JBoss Enterprise Application Platform 8.1. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each...
Apache CXF < 3.6.8 / 4.x < 4.0.9 / 4.1.x < 4.1.3 RCE (CVE-2025-48913)
The version of Apache CXF installed on the remote host is affected by remote code execution vulnerability. If untrusted users are allowed to configure JMS for Apache CXF, previously they could use RMI or LDAP URLs, potentially leading to code execution capabilities. This interface is now restrict...
CVE-2025-36124
CVE-2025-36124 is described by IBM security bulletins as a vulnerability in IBM WebSphere Liberty/Liberty-based IBM products where a remote attacker could bypass security restrictions due to JMS messaging configuration not being honored. Connected IBM bulletins show affected products/versions and...
CVE-2025-36124 IBM WebSphere Application Server Liberty bypass security
IBM WebSphere Application Server Liberty 17.0.0.3 through 25.0.0.8 could allow a remote attacker to bypass security restrictions caused by a failure to honor JMS messaging configuration...
CVE-2025-36124 IBM WebSphere Application Server Liberty bypass security
IBM WebSphere Application Server Liberty 17.0.0.3 through 25.0.0.8 could allow a remote attacker to bypass security restrictions caused by a failure to honor JMS messaging configuration...
Deserialization of Untrusted Data
Overview Affected versions of this package are vulnerable to Deserialization of Untrusted Data via the JMS configuration. An attacker with permissions to configure JMS for Apache CXF can achieve remote code execution by supplying malicious RMI or LDAP URLs in the configuration. Details...
Apache Flume 输入验证错误漏洞
Apache Flume is a distributed, reliable and available service from the Apache Foundation, USA. Used to efficiently collect, aggregate, and move large amounts of log data, versions of Apache Flume prior to 1.4.0 through 1.10.0 contain a security vulnerability that stems from vulnerability to remot...
Apache Flume 安全漏洞
Apache Flume is a distributed, reliable and available service from the Apache Foundation. A remote code execution vulnerability exists in Apache Flume, which stems from the configuration of a JMS source with a JNDI LDAP data source URI, and could be exploited by an attacker to cause a remote code...
log4j: Remote code execution in Log4j 1.x when application is configured to use JMSSink
A flaw was found in the Java logging library Apache Log4j in version 1.x. JMSSink in Log4j 1.x is vulnerable to deserialization of untrusted data. This allows a remote attacker to execute code on the server if JMSSink is deployed and has been configured to perform JNDI requests...
log4j: Remote code execution in Log4j 1.x when application is configured to use JMSAppender
A flaw was found in the Java logging library Apache Log4j in version 1.x. JMSAppender in Log4j 1.x is vulnerable to deserialization of untrusted data. This allows a remote attacker to execute code on the server if the deployed application is configured to use JMSAppender and to the attacker's JND...
Pivotal Software RabbitMQ 代码问题漏洞
Pivotal Software RabbitMQ is a suite of open source message broker software from Pivotal Software, USA that implements the Advanced Message Queuing Protocol AMQP. A code issue vulnerability exists in JMS Client on RabbitMQ 1.x before 1.15.2 and 2.x before 2.2.0, which stems from vulnerability to...
GHSA-C2Q3-4QRH-FM48 Deserialization of untrusted data in Jackson Databind
FasterXML jackson-databind 2.x before 2.9.10.5 mishandles the interaction between serialization gadgets and typing, related to oracle.jms.AQjmsQueueConnectionFactory, oracle.jms.AQjmsXATopicConnectionFactory, oracle.jms.AQjmsTopicConnectionFactory, oracle.jms.AQjmsXAQueueConnectionFactory, and...
Artemis: Deserialization of untrusted input vulnerability
It was found that use of a JMS ObjectMessage does not safely handle user supplied data when deserializing objects. A remote attacker could use this flaw to execute arbitrary code with the permissions of the application using a JMS ObjectMessage...
Artemis: Deserialization of untrusted input vulnerability
It was found that use of a JMS ObjectMessage does not safely handle user supplied data when deserializing objects. A remote attacker could use this flaw to execute arbitrary code with the permissions of the application using a JMS ObjectMessage...
Oracle WebLogic Server Java Object Deserialization RCE (April 2016 CPU)
The remote Oracle WebLogic Server is affected by a remote code execution vulnerability in the Java Messaging Service subcomponent in the readExternal function due to improper sanitization of user-supplied input. An unauthenticated, remote attacker can exploit this, via a crafted object payload, t...
Unspecified Vulnerability in Oracle Fusion Middleware WebLogic Server Component (CNVD-2016-02481)
Oracle Fusion Middleware Oracle Fusion Middleware is a set of Oracle's business innovation platform for enterprise and cloud environments, of which Oracle WebLogic Server is an application server component for both cloud and traditional environments. An unspecified vulnerability exists in the Jav...
Oracle WebLogic Server Multiple Vulnerabilities (April 2016 CPU)
Binary data oracleweblogicservercpuapr2016.nbin...