JDK: privilege escalation via insufficiently restricted access to Attach API

In Eclipse OpenJ9 version 0.8, users other than the process owner may be able to use Java Attach API to connect to an Eclipse OpenJ9 or IBM JVM on the same machine and use Attach API operations, which includes the ability to execute untrusted native code. Attach API is enabled by default on...

Debian: Security Advisory (DLA-1475-1)

The remote host is missing an update for the Debian SPDX-FileCopyrightText: 2018 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Multiple Elevation of Privilege Vulnerabilities in Eclipse OpenJ9

Eclipse OpenJ9 is a Java application engine of the Eclipse Foundation , it is mainly used to run Java applications . Multiple elevation of privilege vulnerabilities exist in Eclipse OpenJ9 version 0.8 that stem from the program enforcing weak access control and failing to adequately and properly...

Debian DLA-1475-1 : tomcat-native security update

When using an OCSP responder Tomcat Native did not correctly handle invalid responses. This allowed for revoked client certificates to be incorrectly identified. It was therefore possible for users to authenticate with revoked certificates when using mutual TLS. Users not using OCSP checks are no...

[SECURITY] [DLA 1475-1] tomcat-native security update

Package : tomcat-native Version : 1.1.32repack-2+deb8u2 CVE ID : CVE-2018-8019 CVE-2018-8020 When using an OCSP responder Tomcat Native did not correctly handle invalid responses. This allowed for revoked client certificates to be incorrectly identified. It was therefore possible for users to...

DLA-1475-1 tomcat-native - security update

Bulletin has no description...

Apache Releases Security Updates for Tomcat Native

The Apache Foundation has released security updates to address vulnerabilities in Apache Tomcat Native. A remote attacker could exploit these vulnerabilities to take control of an affected server. NCCIC encourages users and administrators to review the Apache Advisory and Tomcat Native Downloads...

tomcat-native: Mishandled OCSP invalid response

When using an OCSP responder Apache Tomcat Native 1.2.0 to 1.2.16 and 1.1.23 to 1.1.34 did not correctly handle invalid responses. This allowed for revoked client certificates to be incorrectly identified. It was therefore possible for users to authenticate with revoked certificates when using...

tomcat-native: Mishandled OCSP responses can allow clients to authenticate with revoked certificates

When using pre-produced responses from an OCSP responder, Tomcat Native did not correctly validate the status of certificates. This allowed for revoked client certificates to be incorrectly identified. It was therefore possible for users to authenticate with revoked certificates when using mutual...

Important: Red Hat Security Advisory: Red Hat JBoss Web Server 3.1.0 Service Pack 4 security and bug fix update

An update is now available for Red Hat JBoss Web Server 3.1. Red Hat Product Security has rated this release as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from the CVE...

tomcat-native: Mishandled OCSP invalid response

When using an OCSP responder Apache Tomcat Native 1.2.0 to 1.2.16 and 1.1.23 to 1.1.34 did not correctly handle invalid responses. This allowed for revoked client certificates to be incorrectly identified. It was therefore possible for users to authenticate with revoked certificates when using...

tomcat-native: Mishandled OCSP responses can allow clients to authenticate with revoked certificates

When using pre-produced responses from an OCSP responder, Tomcat Native did not correctly validate the status of certificates. This allowed for revoked client certificates to be incorrectly identified. It was therefore possible for users to authenticate with revoked certificates when using mutual...

Default configuration

In Eclipse OpenJ9 version 0.8, users other than the process owner may be able to use Java Attach API to connect to an Eclipse OpenJ9 or IBM JVM on the same machine and use Attach API operations, which includes the ability to execute untrusted native code. Attach API is enabled by default on...

CVE-2018-12539

In Eclipse OpenJ9 version 0.8, users other than the process owner may be able to use Java Attach API to connect to an Eclipse OpenJ9 or IBM JVM on the same machine and use Attach API operations, which includes the ability to execute untrusted native code. Attach API is enabled by default on...

CVE-2018-12539

In Eclipse OpenJ9 version 0.8, users other than the process owner may be able to use Java Attach API to connect to an Eclipse OpenJ9 or IBM JVM on the same machine and use Attach API operations, which includes the ability to execute untrusted native code. Attach API is enabled by default on...

CVE-2018-12539

CVE-2018-12539 affects IBM/OpenJ9-based JVMs where the Java Attach API can be used by non-owners to connect to a local OpenJ9/IBM JVM and run untrusted native code. By default Attach API is enabled on Windows, Linux and AIX; a workaround is to disable it with -Dcom.ibm.tools.attach.enable=no. IBM...

Win-PortFwd - Powershell Script To Setup Windows Port Forwarding Using Native Netsh Client

Powershell script to setup windows port forwarding using native netsh client. Install: git clone https://github.com/deepzec/Win-PortFwd.git Usage: .\win-portfwd.ps1 or powershell.exe -noprofile -executionpolicy bypass -file .\win-portfwd.ps1 Note: This script require admin privileges to run, this...

Apache Tomcat Native Authentication Vulnerability

Apache Tomcat is the United States Apache Apache Software Foundation under the Jakarta project of a lightweight Web application server , it is mainly used for the development and debugging of JSP programs for small and medium-sized systems.Apache Tomcat Native is a support for the use of native...

Apache Tomcat Native Authentication Vulnerability (CNVD-2018-15547)

Apache Tomcat is the United States Apache Apache Software Foundation under the Jakarta project of a lightweight Web application server , it is mainly used for the development and debugging of JSP programs for small and medium-sized systems.Apache Tomcat Native is a support for the use of native...

WebRTC - H264 NAL Packet Processing Type Confusion Exploit

Exploit for multiple platform in category dos / poc Type confusion can occur when processing a H264 packet. In the method PacketBuffer::FindFrames in modules/videocoding/packetbuffer.cc there is a loop on line 296 that goes through the databuffer vector backwards. The flag ish264 is set before th...