Important: Red Hat Security Advisory: Red Hat support for Spring Boot 2.1.15 security and bug fix update

An update is now available for Red Hat support for Spring Boot. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from the CVE...

MySQL Enterprise Monitor 4.x < 4.0.10 / 8.x < 8.0.15 DoS (Jul 2019 CPU)

A denial of service DoS vulnerability exists in MySQL Enterprise Monitor due the use of a vulnerable Spring Framework version. Spring Framework, version 5.1, versions 5.0.x prior to 5.0.10, versions 4.3.x prior to 4.3.20, and older unsupported versions on the 4.2.x branch provide support for rang...

MySQL Enterprise Monitor 3.4.x < 3.4.10 / 4.x < 4.0.7 / 8.x < 8.0.3 Multiple Vulnerabilities (Oct 2018 CPU)

According to its self-reported version, the MySQL Enterprise Monitor running on the remote host is affected by the following vulnerabilities in its subcomponents: - Apache Struts versions 2.3 to 2.3.34 and 2.5 to 2.5.16 suffer from possible Remote Code Execution when alwaysSelectFullNamespace is...

springframework: DoS Attack via Range Requests

Spring Framework, version 5.1, versions 5.0.x prior to 5.0.10, versions 4.3.x prior to 4.3.20, and older unsupported versions on the 4.2.x branch provide support for range requests when serving static resources through the ResourceHttpRequestHandler, or starting in 5.0 when an annotated controlle...

Remote Code Execution (RCE)

Spring Integration Core is vulnerable to remote code execution RCE. It accepts all unregistered classes on demand when Kryo is configured using default options, allowing a malicious class to be deserialized...

ysoserial

This is a proof-of-concept tool for generating payloads that exploit unsafe Java object deserialization. The tool, called ysoserial, is a collection of utilities and property-oriented programming "gadget chains" discovered in common Java libraries that can, under the right conditions, exploit Jav...

SpringBootVulExploit

This repository contains a collection of Spring Boot vulnerability exploitation tools and techniques. The tools are designed to exploit various vulnerabilities in Spring Boot applications, including remote code execution RCE, privilege escalation, and data exfiltration. The repository includes...

Unauthorized Access Vulnerability in SpringBlade of Shanghai Bred Network Technology

SpringBlade is a SpringCloud distributed microservices architecture upgraded and optimized from a commercial-grade project. Shanghai Bred Network Technology SpringBlade has an unauthorized access vulnerability that can be exploited by attackers to obtain sensitive information...

Security Bulletin: Multiple vulnerabilities in Open Source used in IBM Cloud Pak System

Summary Multiple vulnerabilities identified in Open Source used in IBM Cloud Pak System. IBM Cloud Pak System addressed vulnerabilities. Vulnerability Details CVEID: CVE-2018-11771 DESCRIPTION: Apache Commons Compress is vulnerable to a denial of service, caused by the failure to return the corre...

Engel & Völkers Technology GmbH: Information disclosure via Spring Boot Actuators on gonext-stage.engelvoelkers.com

Summary: The Spring Boot Actuators are exposing critical information on gonext-stage.engelvoelkers.com such as the last 100 HTTP requests made to the server including cookies, paths, etc and the environment configuration. The endpoints are the following: - /trace - /env - /mappings - /configprops...

Security Bulletin: IBM Data Risk Manager is affected by multiple vulnerabilities

Summary IBM Data Risk Manager has addressed the following vulnerabilities: Vulnerability Details CVEID: CVE-2019-10172 DESCRIPTION: Jackson-mapper-asl could allow a remote attacker to obtain sensitive information, caused by an XML external entity XXE error when processing XML data. By sending a...

Directory Traversal in Spring Cloud Config Server

This module exploits an unauthenticated directory traversal vulnerability which exists in Spring Cloud Config versions 2.2.x prior to 2.2.3 and 2.1.x prior to 2.1.9, and older unsupported versions. Spring Cloud Config listens by default on port 8888. This module requires Metasploit:...

CVE-2020-11989

A flaw was found in Apache Shiro in versions prior to 1.5.3. When using Apache Shiro with Spring dynamic controllers, a specially crafted request may cause an authentication bypass. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability...

DEBIAN-CVE-2020-11989

Apache Shiro before 1.5.3, when using Apache Shiro with Spring dynamic controllers, a specially crafted request may cause an authentication bypass...

CVE-2020-11989

Apache Shiro before 1.5.3, when using Apache Shiro with Spring dynamic controllers, a specially crafted request may cause an authentication bypass...

CVE-2020-11989

Apache Shiro before 1.5.3, when using Apache Shiro with Spring dynamic controllers, a specially crafted request may cause an authentication bypass...

CVE-2020-11989

Apache Shiro before 1.5.3, when using Apache Shiro with Spring dynamic controllers, a specially crafted request may cause an authentication bypass...

Authentication flaw

Apache Shiro before 1.5.3, when using Apache Shiro with Spring dynamic controllers, a specially crafted request may cause an authentication bypass...

UBUNTU-CVE-2020-11989

Apache Shiro before 1.5.3, when using Apache Shiro with Spring dynamic controllers, a specially crafted request may cause an authentication bypass...

CVE-2020-11989

Apache Shiro before 1.5.3, when using Apache Shiro with Spring dynamic controllers, a specially crafted request may cause an authentication bypass...