170 matches found
CVE-2019-16943
A Polymorphic Typing issue was discovered in FasterXML jackson-databind 2.0.0 through 2.9.10. When Default Typing is enabled either globally or for a specific property for an externally exposed JSON endpoint and the service has the p6spy 3.8.6 jar in the classpath, and an attacker can find an RMI...
CVE-2019-16943
A Polymorphic Typing issue was discovered in FasterXML jackson-databind 2.0.0 through 2.9.10. When Default Typing is enabled either globally or for a specific property for an externally exposed JSON endpoint and the service has the p6spy 3.8.6 jar in the classpath, and an attacker can find an RMI...
CVE-2018-8033
In Apache OFBiz 16.11.01 to 16.11.04, the OFBiz HTTP engine org.apache.ofbiz.service.engine.HttpEngine.java handles requests for HTTP services via the /webtools/control/httpService endpoint. Both POST and GET requests to the httpService endpoint may contain three parameters: serviceName,...
PT-2018-18396 · Apache · Apache Ofbiz
Name of the Vulnerable Software and Affected Versions: Apache OFBiz versions 16.11.01 through 16.11.04 Description: The issue concerns the OFBiz HTTP engine, specifically the handling of requests for HTTP services via the "/webtools/control/httpService" endpoint. Both POST and GET requests to thi...
Unspecified Vulnerability in Oracle Hospitality Labor Management Component
Oracle Hospitality Applications is a suite of business applications, servers and storage solutions for hospitality management from Oracle Corporation. The solution provides human resources cost management, provide customer service throughout the journey tracking management to improve customer...
PT-2017-19317 · Osnexus · Quantastor
Name of the Vulnerable Software and Affected Versions: OSNEXUS QuantaStor versions prior to 4.3.1 Description: The issue allows an attacker to inject arbitrary HTML or JavaScript code as a parameter in a REST call, potentially leading to a cross-site scripting XSS attack. When an invalid REST cal...
CXF: HTML content posted to SOAP endpoint could cause OOM errors
A denial of service flaw was found in the way Apache CXF created error messages for certain POST requests. A remote attacker could send a specially crafted request which, when processed by an application using Apache CXF, could consume an excessive amount of memory on the system, possibly...
RHEL 5 : JBoss EAP (RHSA-2013:1784)
An update for Red Hat JBoss Enterprise Application Platform 6.2.0, which fixes two security issues, several bugs, and adds various enhancements, is now available from the Red Hat Customer Portal. The Red Hat Security Response Team has rated this update as having low security impact. Common...
Sun Java JRE Multiple Vulnerabilities (254569 / 254611 / 254608 ..) (Unix)
The version of Sun Java Runtime Environment JRE installed on the remote host is earlier than 6 Update 13 / 5.0 Update 18 / 1.4.220 / 1.3.125. Such versions are potentially affected by the following security issues : - A denial of service vulnerability affects the JRE LDAP implementation. 254569. ...
JBoss EAP unprivileged local xml file access
The request handler in JBossWS in JBoss Enterprise Application Platform aka JBoss EAP or JBEAP 4.2 before 4.2.0.CP06 and 4.3 before 4.3.0.CP04 does not properly validate the resource path during a request for a WSDL file with a custom web-service endpoint, which allows remote attackers to read...