jackson-databind: server-side request forgery (SSRF) in axis2-jaxws class

FasterXML jackson-databind 2.x before 2.9.7 might allow remote attackers to conduct server-side request forgery SSRF attacks by leveraging failure to block the axis2-jaxws class from polymorphic deserialization...

UBUNTU-CVE-2019-0227

A Server Side Request Forgery SSRF vulnerability affected the Apache Axis 1.4 distribution that was last released in 2006. Security and bug commits commits continue in the projects Axis 1.x Subversion repository, legacy users are encouraged to build from source. The successor to Axis 1.x is Axis2...

CVE-2018-17169

An XML external entity XXE vulnerability in PrinterOn version 4.1.4 and lower allows remote authenticated users to read arbitrary files or conduct server-side request forgery SSRF attacks via a crafted DTD in an XML request...

jackson-databind: server-side request forgery (SSRF) in axis2-jaxws class

FasterXML jackson-databind 2.x before 2.9.7 might allow remote attackers to conduct server-side request forgery SSRF attacks by leveraging failure to block the axis2-jaxws class from polymorphic deserialization...

CVE-2019-4203

IBM API Connect 5.0.0.0 and 5.0.8.6 Developer Portal can be exploited by app developers to download arbitrary files from the host OS and potentially carry out SSRF attacks. IBM X-Force ID: 159124...

CVE-2019-10686

An SSRF vulnerability was found in an API from Ctrip Apollo through 1.4.0-SNAPSHOT. An attacker may use it to do an intranet port scan or raise a GET request via /system-info/health because the %23 substring is mishandled...

Moodle server-side request forgery vulnerability (CNVD-2019-35807)

Moodle is a free, open-source e-learning software platform, also known as a course management system, learning management system or virtual learning environment. A server-side request forgery vulnerability exists in Moodle versions prior to 3.1.15, which can be exploited by attackers to bypass...

Atlassian Confluence Server and Atlassian Data Center Server-Side Request Forgery Vulnerabilities

Atlassian Confluence Server and Atlassian Data Center are both products of Atlassian Australia.Atlassian Confluence Server is a professional enterprise knowledge management and collaboration software that can also be used to build enterprise WiKi. Atlassian Data Center is a data center system. A...

UBUNTU-CVE-2019-6970

Moodle 3.5.x before 3.5.4 allows SSRF...

CVE-2018-13103

OX App Suite 7.8.4 and earlier allows SSRF...

DEBIAN-CVE-2017-3164

Server Side Request Forgery in Apache Solr, versions 1.3 until 7.6 inclusive. Since the "shards" parameter does not have a corresponding whitelist mechanism, a remote attacker with access to the server could make Solr perform an HTTP GET request to any reachable URL...

UBUNTU-CVE-2017-3164

Server Side Request Forgery in Apache Solr, versions 1.3 until 7.6 inclusive. Since the "shards" parameter does not have a corresponding whitelist mechanism, a remote attacker with access to the server could make Solr perform an HTTP GET request to any reachable URL...

Ikiwiki Server-Side Request Forgery Vulnerability

Ikiwiki is an open source wiki application. A server-side request forgery vulnerability exists in Ikiwiki, which can be exploited by remote attackers to disclose information or cause a denial of service...

CloudBees Jenkins Mattermost Notification Plugin Server Request Forgery Vulnerability

CloudBees Jenkins Hudson Labs is the United States CloudBees company's set of Java-based development of continuous integration tools. The product is mainly used to monitor the continuous software version release/testing projects and some timed tasks . Mattermost Notification Plugin is used in one...

CVE-2019-8982

com/wavemaker/studio/StudioService.java in WaveMaker Studio 6.6 mishandles the studioService.download?method=getContent&inUrl= value, leading to disclosure of local files and SSRF...

PT-2019-11323 · Jenkins · Jenkins Mattermost Notification Plugin +1

Name of the Vulnerable Software and Affected Versions: Jenkins Mattermost Notification Plugin versions 2.6.2 and earlier Description: A server-side request forgery issue exists that allows attackers with Overall/Read permission to have the system connect to an attacker-specified server and room a...

PT-2019-11324 · Jenkins · Jenkins Octopusdeploy Plugin +1

Name of the Vulnerable Software and Affected Versions: Jenkins OctopusDeploy Plugin versions 1.8.1 and earlier Description: A server-side request forgery issue exists that allows attackers with Overall/Read permission to have the server connect to an attacker-specified URL and obtain the HTTP...

PT-2019-11325 · Jenkins · Jenkins Jms Messaging Plugin +1

Name of the Vulnerable Software and Affected Versions: Jenkins JMS Messaging Plugin versions 1.1.1 and earlier Description: A server-side request forgery issue exists that allows attackers with Overall/Read permission to have Jenkins connect to a JMS endpoint. This is due to vulnerabilities in th...

Atlassian JIRA Server-Side Request Forgery Vulnerability

Atlassian JIRA is a defect tracking management system from Atlassian Australia. The system is used to track and manage all types of issues and defects in the workplace. A server-side request forgery vulnerability exists in the VerifyPopServerConnection resource in Atlassian JIRA, which can be...

CVE-2019-1679

A vulnerability in the web interface of Cisco TelePresence Conductor, Cisco Expressway Series, and Cisco TelePresence Video Communication Server VCS Software could allow an authenticated, remote attacker to trigger an HTTP request from an affected server to an arbitrary host. This type of attack ...