Lucene search
K

215 matches found

RedHat Linux
RedHat Linux
added 2023/11/15 5:7 p.m.4 views

spring-security-webflux: path wildcard leads to security bypass

A flaw was found in Spring Security's WebFlux framework pattern matching, where it does not properly evaluate certain patterns. A server using path-based pattern matching in WebFlux could allow an attacker to bypass security settings for some request paths, potentially leading to information...

9.8CVSS7.1AI score0.03465EPSS
Exploits1References5
Veracode
Veracode
added 2023/10/13 6:43 p.m.18 views

Authentication Bypass

org.apache.shiro: shiro-spring is vulnerable to Authentication Bypass. The vulnerability is due to different pattern matching techniques between Spring-Boot 2.6+ and Apache Shiro. This can result in an authentication bypass. As a workaround, set the following Spring Boot configuration value:...

7.5CVSS7AI score0.01553EPSS
Exploits0References3Affected Software1
RedhatCVE
RedhatCVE
added 2023/10/02 7:55 p.m.64 views

CVE-2023-34034

A flaw was found in Spring Security's WebFlux framework pattern matching, where it does not properly evaluate certain patterns. A server using path-based pattern matching in WebFlux could allow an attacker to bypass security settings for some request paths, potentially leading to information...

8.1CVSS9.1AI score0.03465EPSS
Exploits1References4
Tenable Nessus
Tenable Nessus
added 2023/09/25 12:0 a.m.69 views

Apache Shiro < 1.11.0 Authentication Bypass

Apache Shiro before 1.11.0, when using Apache Shiro with Spring Boot 2.6+, a specially crafted HTTP request may cause an authentication bypass. The authentication bypass occurs when Shiro and Spring Boot are using different pattern-matching techniques. Both Shiro and Spring Boot 2.6 default to An...

7.5CVSS7.3AI score0.01553EPSS
Exploits0References2
Spring Security Advisories
Spring Security Advisories
added 2023/09/20 12:0 a.m.22 views

Hello, Java 21

Hi, Spring fans! Get the bits Before we get started, do something for me quickly. If you haven’t already, go install SKDMAN. Then run: sdk install java 21-graalce && sdk default java 21-graalce There you have it. You now have Java 21 and graalvm supporting Java 21 on your machine, ready to go. Ja...

6.9AI score
Exploits0
Spring Security Advisories
Spring Security Advisories
added 2023/09/19 12:0 a.m.16 views

Spring Tips: Making the joyful jump to Java 21

Hi, Spring fans! Java 21 and GraalVM supporting Java 21 are at long last here! It's been a long time in coming, but Java 21 - which comes out later today on the 19th of September, 2023 - brings with it some of the most exciting new features of any Java release. In this video, I will look at some ...

6.7AI score
Exploits0
OpenVAS
OpenVAS
added 2023/09/05 12:0 a.m.29 views

Huawei EulerOS: Security Advisory for curl (EulerOS-SA-2023-2635)

The remote host is missing an update for the Huawei EulerOS SPDX-FileCopyrightText: 2023 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

9.8CVSS7.5AI score0.02211EPSS
Exploits7References2
ATTACKERKB
ATTACKERKB
added 2023/08/29 4:15 p.m.4 views

CVE-2023-41362

MyBB before 1.8.36 allows Code Injection by users with certain high privileges. Templates in Admin CP intentionally use eval, and there was some validation of the input to eval, but type juggling interfered with this when using PCRE within PHP...

7.2CVSS7.1AI score0.01641EPSS
Exploits1References5
Amazon
Amazon
added 2023/07/26 12:0 a.m.5 views

Medium: curl

Issue Overview: libcurl offers a feature to verify an SSH server's public key using a SHA 256 hash. When this check fails, libcurl would free the memory for the fingerprint before it returns an error message containing the now freed hash. This flaw risks inserting sensitive heap-based data into t...

7.5CVSS6.9AI score0.02489EPSS
Exploits3
Veracode
Veracode
added 2023/07/22 8:3 p.m.28 views

Improper Access Control

org.springframework.security:spring-security-config is vulnerable to Improper Access Control. The vulnerability exists due to lack of checks in multiple files, which allows an attacker to use as a pattern in the configurations for WebFlux, creating a mismatch in pattern matching, resulting in a...

9.8CVSS6.8AI score0.03465EPSS
Exploits1References4Affected Software1
Github Security Blog
Github Security Blog
added 2023/07/19 3:30 p.m.125 views

Access Control Bypass in Spring Security

Using "" as a pattern in Spring Security configuration for WebFlux creates a mismatch in pattern matching between Spring Security and Spring WebFlux, and the potential for a security bypass...

9.8CVSS8.9AI score0.03465EPSS
Exploits1References6Affected Software1
ATTACKERKB
ATTACKERKB
added 2023/07/19 3:15 p.m.6 views

CVE-2023-34034

Using "" as a pattern in Spring Security configuration for WebFlux creates a mismatch in pattern matching between Spring Security and Spring WebFlux, and the potential for a security bypass...

9.8CVSS5.1AI score0.03465EPSS
Exploits1References3
Cvelist
Cvelist
added 2023/07/19 2:16 p.m.48 views

CVE-2023-34034

Using "" as a pattern in Spring Security configuration for WebFlux creates a mismatch in pattern matching between Spring Security and Spring WebFlux, and the potential for a security bypass...

9.1CVSS9.6AI score0.03465EPSS
Exploits1References2
Vulnrichment
Vulnrichment
added 2023/07/19 2:16 p.m.26 views

CVE-2023-34034

Using "" as a pattern in Spring Security configuration for WebFlux creates a mismatch in pattern matching between Spring Security and Spring WebFlux, and the potential for a security bypass...

9.1CVSS9.5AI score0.03465EPSS
Exploits1References2
OSV
OSV
added 2023/07/19 2:16 p.m.38 views

CVE-2023-34034

Using "" as a pattern in Spring Security configuration for WebFlux creates a mismatch in pattern matching between Spring Security and Spring WebFlux, and the potential for a security bypass...

9.1CVSS7.2AI score0.03465EPSS
Exploits1References4
CVE
CVE
added 2023/07/19 2:16 p.m.308 views

CVE-2023-34034

CVE-2023-34034 is documented in IBM security bulletins as affecting VMware Tanzu Spring Security when using "**" as a pattern in WebFlux configuration, causing a pattern-matching bypass. The IBM bulletin assigns a CVSS v3.0 base score of 9.1 (Impact: Confidentiality High, Integrity High, Availabi...

9.8CVSS9.2AI score0.03465EPSS
Exploits1References2Affected Software1
CNNVD
CNNVD
added 2023/07/19 12:0 a.m.6 views

VMware Spring Security 安全漏洞

VMware Spring Security is a suite of security frameworks from VMware that provide illustrative security protection for Spring-based applications. A security vulnerability exists in VMware Spring Security that stems from the presence of a pattern matching mismatch that could lead to a security...

9.8CVSS7.2AI score0.03465EPSS
Exploits1References5
CNNVD
CNNVD
added 2023/07/18 12:0 a.m.6 views

PCRE2 输入验证错误漏洞

PCRE2 is PCRE2Project open source set of C functions. Use the same syntax and semantics as Perl5 to achieve regular expression pattern matching . A security vulnerability exists in PCRE2 versions prior to 10.41, which stems from an integer overflow problem in pcre2test that allows an attacker to...

7.5CVSS6.7AI score0.00962EPSS
Exploits1References3
IBM Security Bulletins
IBM Security Bulletins
added 2023/05/29 1:35 p.m.32 views

Security Bulletin: Vulnerability in Spring Framework affects IBM Process Mining [CVE-2023-20860]

Summary There is a vulnerability in Spring Framework that could allow a remote authenticated attacker to bypass security restrictions. The code is used by IBM Process Mining. This bulletin identifies the security fixes to apply to address the vulnerability. CVE-2023-20860 Vulnerability Details...

7.5CVSS7.3AI score0.03514EPSS
Exploits1Affected Software1
Github Security Blog
Github Security Blog
added 2023/05/23 7:54 p.m.214 views

Administration Console authentication bypass in openfire xmppserver

An important security issue affects a range of versions of Openfire, the cross-platform real-time collaboration server based on the XMPP protocol that is created by the Ignite Realtime community. Impact Openfire's administrative console the Admin Console, a web-based application, was found to be...

8.6CVSS7AI score0.99999EPSS
Exploits15References11Affected Software1
Rows per page
Query Builder