Lucene search
K

164 matches found

Tenable Nessus
Tenable Nessus
added 2020/04/28 12:0 a.m.30 views

Spring Boot < 1.2.8 / 1.3.0 Whitelabel Error Page Remote Code Execution

Pivotal Spring Boot is a Java framework designed to help developers create minimal Spring based applications. Spring applications provide the Spring Expression Language SpEL which is a powerful expression language for querying and manipulating an object graph at runtime. Spring Boot versions belo...

8.1AI score
Exploits0References3
Gitee
Gitee
added 2020/04/18 8:3 a.m.6 views

Exploit for Path Traversal in Pivotal_Software Spring_Framework

Web-Security-Learning 项目地址: https://github.com/CHYbeta/Web-Security-Learning 最近更新日期为:2018/10/31。 同步更新于: chybeta: Web-Security-Learning 目录: - Web-Security-Learning - Web Security - sql注入 - MySql - MSSQL - PostgreSQL - MongoDB - 技巧 - 工具 - XSS - CSRF - 其他前端安全 - SSRF - XXE - JSONP注入 - SSTI - 代码执行 /...

7.5CVSS8.2AI score0.16437EPSS
Exploits5
IBM Security Bulletins
IBM Security Bulletins
added 2020/04/03 6:1 a.m.45 views

Security Bulletin: A CSRF vulnerability in Pivotal Spring Framework affects IBM LKS Administration & Reporting Tool

Summary A CSRF related vulnerability in HTTP response has been found in Pivotal Spring Framework used by IBM LKS Administration & Reporting Tool ART. A mitigiation has been included in the latest ART release. Vulnerability Details Refer to the security bulletinss listed in the Remediation/Fixes...

5.3CVSS0.6AI score0.02382EPSS
Exploits1Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2020/04/02 4:33 p.m.10 views

Security Bulletin: A Response Header related vulnerability in Pivotal Spring Framework affects IBM LKS Administration & Reporting Tool

Summary A "Content-Description" header related vulnerability in HTTP response has been found in Pivotal Spring Framework used by IBM LKS Administration & Reporting Tool ART. A mitigiation has been included in the latest ART release. Vulnerability Details Refer to the security bulletins listed in...

1.1AI score
Exploits0Affected Software1
OSV
OSV
added 2020/01/02 11:15 p.m.40 views

CVE-2016-1000027

Pivotal Spring Framework through 5.3.16 suffers from a potential remote code execution RCE issue if used for Java deserialization of untrusted data. Depending on how the library is implemented within a product, this issue may or not occur, and authentication may be required. NOTE: the vendor's...

9.8CVSS7.9AI score0.32257EPSS
Exploits4References9
NVD
NVD
added 2020/01/02 11:15 p.m.36 views

CVE-2016-1000027

Pivotal Spring Framework through 5.3.16 suffers from a potential remote code execution RCE issue if used for Java deserialization of untrusted data. Depending on how the library is implemented within a product, this issue may or not occur, and authentication may be required. NOTE: the vendor's...

9.8CVSS9.9AI score0.32257EPSS
Exploits4References9
Prion
Prion
added 2020/01/02 11:15 p.m.33 views

Deserialization of untrusted data

Pivotal Spring Framework through 5.3.16 suffers from a potential remote code execution RCE issue if used for Java deserialization of untrusted data. Depending on how the library is implemented within a product, this issue may or not occur, and authentication may be required. NOTE: the vendor's...

7.5CVSS8.1AI score0.32257EPSS
Exploits4References9Affected Software1
UbuntuCve
UbuntuCve
added 2020/01/02 11:15 p.m.51 views

CVE-2016-1000027

Pivotal Spring Framework through 5.3.16 suffers from a potential remote code execution RCE issue if used for Java deserialization of untrusted data. Depending on how the library is implemented within a product, this issue may or not occur, and authentication may be required. NOTE: the vendor's...

9.8CVSS7.2AI score0.32257EPSS
Exploits4References2
Cvelist
Cvelist
added 2020/01/02 12:0 a.m.35 views

CVE-2016-1000027

Pivotal Spring Framework through 5.3.16 suffers from a potential remote code execution RCE issue if used for Java deserialization of untrusted data. Depending on how the library is implemented within a product, this issue may or not occur, and authentication may be required. NOTE: the vendor's...

9.9AI score0.32257EPSS
Exploits4References9
Debian CVE
Debian CVE
added 2020/01/02 12:0 a.m.172 views

CVE-2016-1000027

Pivotal Spring Framework through 5.3.16 suffers from a potential remote code execution RCE issue if used for Java deserialization of untrusted data. Depending on how the library is implemented within a product, this issue may or not occur, and authentication may be required. NOTE: the vendor's...

9.8CVSS8.7AI score0.32257EPSS
Exploits4
IBM Security Bulletins
IBM Security Bulletins
added 2019/06/28 3:35 p.m.31 views

Security Bulletin: Vulnerability affects Watson Explorer Foundational Components (CVE-2018-15756)

Summary Security vulnerability affects IBM Watson Explorer Foundational Components. Vulnerability Details CVEID: CVE-2018-15756 DESCRIPTION: Pivotal Spring Framework is vulnerable to a denial of service, caused by improper handling of range request by the ResourceHttpRequestHandler. By adding a...

7.5CVSS0.8AI score0.09513EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2019/05/03 8:50 p.m.28 views

Security Bulletin: Vulnerability in Pivotal Spring Framework affects IBM TRIRIGA Application Platform (CVE-2018-15786)

Summary Pivotal Spring Framework, used by IBM TRIRIGA Application Platform, is vulnerable to a denial of service, caused by improper handling of range request by the ResourceHttpRequestHandler. Vulnerability Details CVEID: CVE-2018-15756 DESCRIPTION: Pivotal Spring Framework is vulnerable to a...

7.5CVSS0.8AI score0.09513EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2019/04/24 4:50 p.m.28 views

Security Bulletin: Security vulnerability in Pivotal Spring Framework affects IBM Rational License Key Server Administration & Reporting Tool

Summary A Security vulnerability in Spring Framework, from Pivotal, used by IBM Rational License Key Server Administration & Reporting Tool has been published. Required remediation has been addressed by IBM Rational License Key Server Administration & Reporting Tool team. Vulnerability Details...

7.5CVSS0.9AI score0.09513EPSS
Exploits0Affected Software1
CNVD
CNVD
added 2019/04/17 12:0 a.m.4 views

Pivotal Software Spring Cloud Config Path Traversal Vulnerability

Pivotal Software Spring Cloud Config is a configuration management solution for distributed systems from Pivotal Software. The product mainly provides server and client support for external configuration in distributed systems. A path traversal vulnerability exists in Pivotal Software Spring Clou...

6.5CVSS7.6AI score0.85295EPSS
Exploits6References1
IBM Security Bulletins
IBM Security Bulletins
added 2019/03/07 3:30 p.m.27 views

Security Bulletin: IBM Security Guardium is affected by Using Components with Known Vulnerabilities vulnerabilities

Summary IBM Security Guardium has addressed the following vulnerabilities. Vulnerability Details CVEID: CVE-2016-5007 DESCRIPTION: Pivotal Spring Security and Spring Framework could provide weaker than expected security, caused by the difference in the strictness of the pattern matching mechanism...

9.6CVSS0.9AI score0.02837EPSS
Exploits1Affected Software1
Check Point Advisories
Check Point Advisories
added 2019/02/19 12:0 a.m.12 views

Pivotal Spring Framework spring-messaging Module STOMP Remote Code Execution (CVE-2018-1270)

A remote code execution vulnerability has been reported in Pivotal Spring Framework. The vulnerability is due to improper handling of user-supplied input to a STOMP broker in the spring-messaging module. A remote, unauthenticated attacker could exploit this vulnerability by sending maliciously...

7.5CVSS2.6AI score0.77245EPSS
Exploits5
IBM Security Bulletins
IBM Security Bulletins
added 2019/01/22 4:30 p.m.23 views

Security Bulletin: Vulnerabilities in OpenSource Spring Source/Pivotal Spring Framework affect IBM Tivoli Netcool Configuration Manager (ITNCM) (CVE-2013-7315, CVE-2013-4152, CVE-2014-0054)

Summary There are a number of potential security vulnerabilities in OpenSource Spring Source/Pivotal Spring Framework, that is used by IBM Tivoli Netcool Configuration Manager ITNCM. Vulnerability Details CVEID: CVE-2013-7315 DESCRIPTION: Pivotal Spring Framework could allow a remote attacker to...

6.8CVSS1.1AI score0.91354EPSS
Exploits2Affected Software1
Tenable Nessus
Tenable Nessus
added 2018/10/22 12:0 a.m.9 views

Pivotal Spring Framework Cookie Detection

Binary data 700371.prm...

7.3AI score
Exploits0References1
Github Security Blog
Github Security Blog
added 2018/10/18 6:6 p.m.39 views

Moderate severity vulnerability that affects com.rabbitmq:amqp-client and org.springframework.amqp:spring-amqp

Pivotal Spring AMQP, 1.x versions prior to 1.7.10 and 2.x versions prior to 2.0.6, expose a man-in-the-middle vulnerability due to lack of hostname validation. A malicious user that has the ability to intercept traffic would be able to view data in transit...

5.9CVSS3.1AI score0.01268EPSS
Exploits0References3Affected Software2
OSV
OSV
added 2018/10/18 6:6 p.m.19 views

GHSA-W4G2-9HJ6-5472 Moderate severity vulnerability that affects com.rabbitmq:amqp-client and org.springframework.amqp:spring-amqp

Pivotal Spring AMQP, 1.x versions prior to 1.7.10 and 2.x versions prior to 2.0.6, expose a man-in-the-middle vulnerability due to lack of hostname validation. A malicious user that has the ability to intercept traffic would be able to view data in transit...

5.9CVSS5.3AI score0.01268EPSS
Exploits0References3
Rows per page
Query Builder