ai.ylyue:yue-library-base (>=Finchley.SR2.SR1 <=Finchley.SR4.1), ai.ylyue:yue-library-base-crypto (>=Finchley.SR4 <=Finchley.SR4.1) +2320 more potentially affected by CVE-2018-11039 via org.springframework:spring-web (>=5.0.0.RELEASE <=5.0.6.RELEASE)

org.springframework:spring-web MAVEN version =5.0.0.RELEASE, =Finchley.SR2.SR1, =Finchley.SR4, =Finchley.SR2.SR1, =Finchley.SR2.SR1, =Finchley.SR4, =0.0.1, =0.0.2, =2.0.3.RELEASE, =2.0.3.RELEASE, =2.0.2.RELEASE, =1.0.3.RELEASE, =1.3.0.RELEASE, =0.0.1, =0.0.2 - ca.uhn.hapi.fhir:hapi-fhir-cli-api...

Security Bulletin: IBM Security Guardium is affected by a Using Components with Known Vulnerabilities vulnerability

Summary IBM Security Guardium has addressed the following vulnerabilities. Vulnerability Details CVEID: CVE-2017-8039 DESCRIPTION: Pivotal Spring Web Flow could provide weaker than expected security, caused by an error related to applications that do not change the value of the...

Cross-Site Tracing (XST)

spring-web is vulnerable to cross-site tracing XST attacks. The vulnerability exists as HiddenHttpMethodFilter allows web applications to change existing HTTP request method to any HTTP method, causing applications with existing cross-site scripting XSS vulnerability to be vulnerable to XST...

Multiple TIBCO Products Spring web flows Component Information Disclosure Vulnerability

TIBCO JasperReports Server and so on are the products of the United States TIBCO Software Corporation.TIBCO JasperReports Server is a report generation and editing tools for the server version , TIBCO JasperReports Server Community Edition is its community edition. Spring web flows is one of the...

CVE-2018-5430 TIBCO JasperReports Server Information Disclosure Vulnerability

The Spring web flows of TIBCO Software Inc.'s TIBCO JasperReports Server, TIBCO JasperReports Server Community Edition, TIBCO JasperReports Server for ActiveMatrix BPM, TIBCO Jaspersoft for AWS with Multi-Tenancy, and TIBCO Jaspersoft Reporting and Analytics for AWS contain a vulnerability which...

PT-2018-3861 · Tibco +1 · Tibco Jasperreports Server +5

Name of the Vulnerable Software and Affected Versions: TIBCO JasperReports Server versions up to and including 6.4.2 TIBCO JasperReports Server Community Edition versions up to and including 6.4.2 TIBCO JasperReports Server for ActiveMatrix BPM versions up to and including 6.4.2 TIBCO Jaspersoft...

Spring Web Flow SPEL Command Injection (CVE-2017-4971) - Ver2

A command injection vulnerability exists in Spring Web. Successful exploitation of this vulnerability could allow a remote attacker to execute arbitrary commands on the affected system...

Security Constraint Bypass

spring-security-web and spring-web are vulnerable to security bypass with static resources. Spring uses the output of getPathInfo when mapping security constraints and requests. It is not standardized whether the path parameters should be included in the value from getPathInfo. Using this...

Design/Logic Flaw

An issue was discovered in Pivotal Spring Web Flow through 2.4.5. Applications that do not change the value of the MvcViewFactoryCreator useSpringBinding property which is disabled by default i.e., set to 'false' can be vulnerable to malicious EL expressions in view states that process form...

CVE-2017-8039

An issue was discovered in Pivotal Spring Web Flow through 2.4.5. Applications that do not change the value of the MvcViewFactoryCreator useSpringBinding property which is disabled by default i.e., set to 'false' can be vulnerable to malicious EL expressions in view states that process form...

CVE-2017-8039

An issue was discovered in Pivotal Spring Web Flow through 2.4.5. Applications that do not change the value of the MvcViewFactoryCreator useSpringBinding property which is disabled by default i.e., set to 'false' can be vulnerable to malicious EL expressions in view states that process form...

CVE-2017-8039

Pivotal Spring Web Flow up to version 2.4.5 is affected when applications do not change MvcViewFactoryCreator.useSpringBinding (default false); this can allow malicious EL expressions in view states that process form submissions lacking explicit data binding property mappings. The issue stems fro...

CVE-2017-8039

An issue was discovered in Pivotal Spring Web Flow through 2.4.5. Applications that do not change the value of the MvcViewFactoryCreator useSpringBinding property which is disabled by default i.e., set to 'false' can be vulnerable to malicious EL expressions in view states that process form...

Pivotal Spring Web Flow Incomplete Fixes Security Bypass Vulnerability

Pivotal Spring Web Flow is a web application from Pivotal Software, Inc. that provides navigation for check-in, loan application or shopping cart checkout. An incomplete fix for a security bypass vulnerability exists in Pivotal Spring Web Flow. An attacker could use this issue to bypass security...

CVE-2017-8039

An issue was discovered in Pivotal Spring Web Flow through 2.4.5. Applications that do not change the value of the MvcViewFactoryCreator useSpringBinding property which is disabled by default i.e., set to 'false' can be vulnerable to malicious EL expressions in view states that process form...

CVE-2017-4971

An issue was discovered in Pivotal Spring Web Flow through 2.4.4. Applications that do not change the value of the MvcViewFactoryCreator useSpringBinding property which is disabled by default i.e., set to 'false' can be vulnerable to malicious EL expressions in view states that process form...

Design/Logic Flaw

An issue was discovered in Pivotal Spring Web Flow through 2.4.4. Applications that do not change the value of the MvcViewFactoryCreator useSpringBinding property which is disabled by default i.e., set to 'false' can be vulnerable to malicious EL expressions in view states that process form...

CVE-2017-4971

An issue was discovered in Pivotal Spring Web Flow through 2.4.4. Applications that do not change the value of the MvcViewFactoryCreator useSpringBinding property which is disabled by default i.e., set to 'false' can be vulnerable to malicious EL expressions in view states that process form...

CVE-2017-4971

An issue was discovered in Pivotal Spring Web Flow through 2.4.4. Applications that do not change the value of the MvcViewFactoryCreator useSpringBinding property which is disabled by default i.e., set to 'false' can be vulnerable to malicious EL expressions in view states that process form...

CVE-2017-4971

CVE-2017-4971 affects Pivotal Spring Web Flow up to 2.4.4/2.4.5. The issue arises when MvcViewFactoryCreator.useSpringBinding is left at its default false, allowing malicious EL expressions in view states during form submissions to be processed without explicit data binding mappings. This is tied...