CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

1189 matches found

Prion•added 2018/03/16 8:29 p.m.•24 views

Security feature bypass

Spring Security Spring Security 4.1.x before 4.1.5, 4.2.x before 4.2.4, and 5.0.x before 5.0.1; and Spring Framework 4.3.x before 4.3.14 and 5.0.x before 5.0.3 does not consider URL path parameters when processing security constraints. By adding a URL path parameter with special encodings, an...

5CVSS5.3AI score0.00846EPSS

Exploits0References6Affected Software5

OSV•added 2018/03/16 8:29 p.m.•2 views

DEBIAN-CVE-2018-1199

5.3CVSS6.8AI score0.00846EPSS

Exploits0References1

UbuntuCve•added 2018/03/16 8:29 p.m.•33 views

CVE-2018-1199

5.3CVSS6.8AI score0.00846EPSS

Exploits0References2

OSV•added 2018/03/16 8:29 p.m.•24 views

CVE-2018-1199

5.3CVSS5.5AI score0.00846EPSS

Exploits0References6

NVD•added 2018/03/16 8:29 p.m.•21 views

CVE-2018-1199

5.3CVSS6.2AI score0.00846EPSS

Exploits0References6

CVE•added 2018/03/16 8:0 p.m.•139 views

CVE-2018-1199

CVE-2018-1199 affects Spring Security (4.1.x before 4.1.5, 4.2.x before 4.2.4, 5.0.x before 5.0.1) and Spring Framework (4.3.x before 4.3.14, 5.0.x before 5.0.3). The issue is that URL path parameters are not consistently handled when evaluating security constraints, allowing an attacker to bypas...

5.3CVSS5.3AI score0.00846EPSS

Exploits0References6Affected Software2

Cvelist•added 2018/03/16 8:0 p.m.•30 views

CVE-2018-1199

5.4AI score0.00846EPSS

Exploits0References6

Debian CVE•added 2018/03/16 8:0 p.m.•24 views

CVE-2018-1199

5.3CVSS6.6AI score0.00846EPSS

Exploits0

RedhatCVE•added 2018/02/05 11:49 a.m.•35 views

CVE-2018-1199

7.5CVSS1.3AI score0.00846EPSS

Exploits0References2

CNVD•added 2018/02/05 12:0 a.m.•2 views

Spring Security and Spring Framework Authentication Bypass Vulnerability

Spring Security is a set of Spring-based applications to provide illustrative security protection of the security framework.Spring Framework is the United States Pivotal Corporation's set of open source Java, Java EE application framework. Spring Security and Spring Framework authentication bypas...

5.3CVSS7.3AI score0.00846EPSS

Exploits0References1

Japan Vulnerability Notes•added 2018/02/02 3:28 a.m.•3 views

Spring Security and Spring Framework vulnerable to authentication bypass

Overview Spring Framework and Spring Security provided by Pivotal Software, Inc. contain an authentication bypass vulnerability. Macchinetta Framework Development Team : NTT COMWARE, NTT DATA Corporation, and NTT reported this vulnerability to IPA. JPCERT/CC coordinated with the developer under...

5.3CVSS6.9AI score0.00846EPSS

Exploits0References7

Japan Vulnerability Notes•added 2018/02/02 12:0 a.m.•50 views

JVN#15643848: Spring Security and Spring Framework vulnerable to authentication bypass

Spring Framework and Spring Security provided by Pivotal Software, Inc. contain an authentication bypass vulnerability. Impact A remote attacker can bypass authentication. As a result, the attacker gains access to the server and information may be disclosed. Solution Update the Software Update to...

5.3CVSS5.7AI score0.00846EPSS

Exploits0

Veracode•added 2018/01/31 3:11 a.m.•27 views

Security Constraint Bypass

spring-security-web and spring-web are vulnerable to security bypass with static resources. Spring uses the output of getPathInfo when mapping security constraints and requests. It is not standardized whether the path parameters should be included in the value from getPathInfo. Using this...

5.3CVSS5.6AI score0.00846EPSS

Exploits0References10Affected Software2

OSV•added 2017/11/27 10:29 a.m.•17 views

CVE-2017-4995

An issue was discovered in Pivotal Spring Security 4.2.0.RELEASE through 4.2.2.RELEASE, and Spring Security 5.0.0.M1. When configured to enable default typing, Jackson contained a deserialization vulnerability that could lead to arbitrary code execution. Jackson fixed this vulnerability by...

8.1CVSS7.7AI score0.00826EPSS

Exploits1References5

NVD•added 2017/11/27 10:29 a.m.•20 views

CVE-2017-4995

8.1CVSS8.4AI score0.00826EPSS

Exploits1References5

Prion•added 2017/11/27 10:29 a.m.•18 views

Deserialization of untrusted data

6.8CVSS8.3AI score0.00826EPSS

Exploits1References5Affected Software1

Cvelist•added 2017/11/27 10:0 a.m.•18 views

CVE-2017-4995

8.4AI score0.00826EPSS

Exploits1References5

CVE•added 2017/11/27 10:0 a.m.•77 views

CVE-2017-4995

CVE-2017-4995 describes a deserialization vulnerability in Pivotal Spring Security 4.2.0.RELEASE–4.2.2.RELEASE and Spring Security 5.0.0.M1 when Jackson default typing is enabled. If Spring Security’s Jackson support is leveraged (SecurityJackson2Modules.getModules(ClassLoader) or enableDefaultTy...

8.1CVSS8.3AI score0.00826EPSS

Exploits1References5Affected Software1

RedhatCVE•added 2017/10/06 10:19 a.m.•32 views

CVE-2017-4995

It was found that spring security uses Jackson's enableDefaultTyping polymorphic capability for object deserialization. Jackson has already addressed this issue by blacklisting well-known gadget classes. However, under a right circumstances e.g. an existence of an old JDK and vulnerable Jackson i...

8.1CVSS2.1AI score0.00826EPSS

Exploits1References2

RedHat Linux•added 2017/08/10 11:3 p.m.•117 views

Important: Red Hat Security Advisory: Red Hat JBoss Fuse/A-MQ 6.3 R4 security and bug fix update

An update is now available for Red Hat JBoss Fuse and Red Hat JBoss A-MQ. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability fro...

9.8CVSS7.1AI score0.12248EPSS

Exploits1References15

Rows per page

Query Builder

Family

Bulletin Type

Min CVSS Score

Date

Order by