303 matches found
[SECURITY] Fedora 26 Update: jetty-9.4.6-1.v20170531.fc26
Jetty is a 100% Java HTTP Server and Servlet Container. This means that you do not need to configure and run a separate web server like Apache in ord er to use Java, servlets and JSPs to generate dynamic content. Jetty is a fully featured web server for static and dynamic content. Unlike separate...
CMS4J suffers from an arbitrary file download vulnerability patch bypass vulnerability
CMS4J is a CMS system developed by Beijing Paidao Network based on JSP program. CMS4J has an arbitrary file download vulnerability patch bypass vulnerability. The vulnerability arises from the DownloadFile servlet arbitrary file download repair code to download the file filtering is not strict, c...
Buffer overflow
Vulnerability in the Oracle GlassFish Server component of Oracle Fusion Middleware subcomponent: Java Server Faces. The supported version that is affected is 3.1.2. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Oracle...
UBUNTU-CVE-2017-3626
Vulnerability in the Oracle GlassFish Server component of Oracle Fusion Middleware subcomponent: Java Server Faces. The supported version that is affected is 3.1.2. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Oracle...
CVE-2017-3626
Vulnerability in the Oracle GlassFish Server component of Oracle Fusion Middleware subcomponent: Java Server Faces. The supported version that is affected is 3.1.2. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Oracle...
CVE-2017-3626
Vulnerability in the Oracle GlassFish Server component of Oracle Fusion Middleware subcomponent: Java Server Faces. The supported version that is affected is 3.1.2. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Oracle...
Oracle GlassFish Server 3.1.2.x < 3.1.2.17 Java Server Faces Information Disclosure (April 2017 CPU)
According to its self-reported version, the Oracle GlassFish Server running on the remote host is 3.1.2.x prior to 3.1.2.17. It is, therefore, affected by an unspecified flaw in the Java Server Faces subcomponent that allows an unauthenticated, remote attacker to disclose potentially sensitive...
Oracle Fusion Middleware Oracle GlassFish Server Component Information Disclosure Vulnerability
Oracle Fusion Middleware Oracle Fusion Middleware is the United States Oracle Oracle company's set of business innovation platform for enterprise and cloud environments. The platform provides middleware, software collection and other functions. Oracle GlassFish Server is one of the components tha...
Oracle GlassFish Server 3.1.2 Multiple Vulnerabilities
Oracle GlassFish Server is prone to multiple vulnerabilities. SPDX-FileCopyrightText: 2017 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE =...
Nuxeo Platform Arbitrary File Upload Vulnerability
Nuxeo Platform is a content management system CMS. An arbitrary file upload vulnerability exists in Nuxeo Platform. A remote attacker can exploit this vulnerability to upload arbitrary JSP code with the help of '...' in the X-File-Name header. in the X-File-Name header to upload arbitrary JSP cod...
NetIQ Access Manager Information Disclosure Vulnerability (CNVD-2017-04728)
NetIQ Access Manager provides a simple, secure, and scalable solution to handle all your Web access needs. NetIQ Access Manager Information Disclosure Vulnerability. Since Access Manager 4.1 and 4.2 support risk-based authentication on the Identity Server. An attacker can obtain local file...
Expression Language (EL) Injection
Java Server Faces is vulnerable to expression language injection. The vulnerability is possible when includeViewParameters is set to true on a navigation case...
CVE-2016-5750
The certificate upload feature in iManager in NetIQ Access Manager 4.1 before 4.1.2 Hot Fix 1 and 4.2 before 4.2.2 could be used to upload JSP pages that would be executed as the iManager user, allowing code execution by logged-in remote users...
tomcat: security manager bypass via JSP Servlet config parameters
It was discovered that a malicious web application could bypass a configured SecurityManager via manipulation of the configuration parameters for the JSP Servlet...
tomcat: security manager bypass via JSP Servlet config parameters
It was discovered that a malicious web application could bypass a configured SecurityManager via manipulation of the configuration parameters for the JSP Servlet...
[SECURITY] Fedora 25 Update: tomcat-8.0.38-1.fc25
Tomcat is the servlet container that is used in the official Reference Implementation for the Java Servlet and JavaServer Pages technologies. The Java Servlet and JavaServer Pages specifications are developed by Sun under the Java Community Process. Tomcat is developed in an open and participator...
UBUNTU-CVE-2016-6796
A malicious web application running on Apache Tomcat 9.0.0.M1 to 9.0.0.M9, 8.5.0 to 8.5.4, 8.0.0.RC1 to 8.0.36, 7.0.0 to 7.0.70 and 6.0.0 to 6.0.45 was able to bypass a configured SecurityManager via manipulation of the configuration parameters for the JSP Servlet...
CVE-2016-5519
Unspecified vulnerability in the Oracle GlassFish Server component in Oracle Fusion Middleware 2.1.1, 3.0.1, and 3.1.2 allows remote authenticated users to affect confidentiality, integrity, and availability via vectors related to Java Server Faces...
CVE-2016-5519
Unspecified vulnerability in the Oracle GlassFish Server component in Oracle Fusion Middleware 2.1.1, 3.0.1, and 3.1.2 allows remote authenticated users to affect confidentiality, integrity, and availability via vectors related to Java Server Faces...
CVE-2016-3505
Unspecified vulnerability in the Oracle WebLogic Server component in Oracle Fusion Middleware 10.3.6.0, 12.1.3.0, and 12.2.1.0 allows remote authenticated users to affect confidentiality, integrity, and availability via vectors related to JavaServer Faces...