ai.foremast.metrics:foremast-spring-boot-15x-starter (>=0.1.8 <=0.1.12), ai.snips:play-mongo-bson_2.12 (>=0.5 <=0.5.1) +6217 more potentially affected by CVE-2019-14439 via com.fasterxml.jackson.core:jackson-databind (>=2.8.0 <=2.8.11.3)

com.fasterxml.jackson.core:jackson-databind MAVEN version =2.8.0, =0.1.8, =0.5, =2.3.0, =1.5.6, =4.2.1, =4.4.1, =1.0.0.RELEASE, =0.4, =0.4, =0.4, =0.4, =0.4, =0.4, =0.4, =0.4, =0.9 and more Source cves: CVE-2019-14439 Source advisory: OSV:GHSA-GWP4-HFV6-P7HW...

Oracle Primavera Gateway Multiple Vulnerabilities (Jul 2019 CPU)

According to its self-reported version number, the Oracle Primavera Gateway installation running on the remote web server is 15.x prior to 15.2.16, 16.x prior to 16.2.9, 17.x prior to 17.12.4, or 18.x prior to 18.8.6. It is, therefore, affected by multiple vulnerabilities: - An unspecified...

Spring RCE exploit I can’t explain

I’ve just found some variant of Struts exploit that surprised me by obfuscation technique: GET...

CVE-2019-3802

This affects Spring Data JPA in versions up to and including 2.1.6, 2.0.14 and 1.11.20. ExampleMatcher using ExampleMatcher.StringMatcher.STARTING, ExampleMatcher.StringMatcher.ENDING or ExampleMatcher.StringMatcher.CONTAINING could return more results than anticipated when a maliciously crafted...

Security Bulletin: Multiple vulnerabilities in Spring Framework affect IBM InfoSphere Information Server

Summary Multiple vulnerabilities in Spring Framework were addressed by IBM InfoSphere Information Server. Vulnerability Details CVEID: CVE-2015-5211 DESCRIPTION: Pivotal Spring Framework could allow a remote attacker to download arbitrary files, caused by a reflected file download attack. By usin...

Debian DLA-1848-1 : libspring-security-2.0-java security update

Spring Security support plain text passwords using PlaintextPasswordEncoder. If an application using an affected version of Spring Security is leveraging PlaintextPasswordEncoder and a user has a null encoded password, a malicious user or attacker can authenticate using a password of 'null'. For...

Security Bulletin: IBM QRadar SIEM is vulnerable to a publicly disclosed vulnerability in Spring Framework (CVE-2018-15756)

Summary Open source Spring Framework as used in IBM QRadar SIEM is vulnerable to a denial of service Vulnerability Details CVEID: CVE-2018-15756 Description: Pivotal Spring Framework is vulnerable to a denial of service, caused by improper handling of range request by the...

[SECURITY] [DLA 1848-1] libspring-security-2.0-java security update

Package : libspring-security-2.0-java Version : 2.0.7.RELEASE-3+deb8u2 CVE ID : CVE-2019-11272 Spring Security support plain text passwords using PlaintextPasswordEncoder. If an application using an affected version of Spring Security is leveraging PlaintextPasswordEncoder and a user has a null...

aero.champ:cargojson (=1.0), ai.active:webhook-sdk (>=1.0.0 <=1.0.4) +30531 more potentially affected by CVE-2019-12384 via com.fasterxml.jackson.core:jackson-databind (>=2.9.0 <=2.9.9)

com.fasterxml.jackson.core:jackson-databind MAVEN version =2.9.0, =1.0.0, =4.4.0.0, =0.0.1, =0.0.6, =0.0.1, =local, =0.0.6, =0.0.1, =0.0.1, =0.0.6, =0.0.1, =0.1.2, =0.1.7 - ai.genauth:genauth-java-sdk =3.1.11 - ai.grakn.kgms:client =1.4.3 and more Source cves: CVE-2019-12384 Source advisory:...

ai.foremast.metrics:foremast-spring-boot-15x-starter (>=0.1.8 <=0.1.12), ai.snips:play-mongo-bson_2.12 (>=0.5 <=0.5.1) +6217 more potentially affected by CVE-2019-12384 via com.fasterxml.jackson.core:jackson-databind (>=2.8.0 <=2.8.11.3)

com.fasterxml.jackson.core:jackson-databind MAVEN version =2.8.0, =0.1.8, =0.5, =2.3.0, =1.5.6, =4.2.1, =4.4.1, =1.0.0.RELEASE, =0.4, =0.4, =0.4, =0.4, =0.4, =0.4, =0.4, =0.4, =0.9 and more Source cves: CVE-2019-12384 Source advisory: OSV:GHSA-MPH4-VHRX-MV67...

Security Bulletin: Remote code execution vulnerability (CVE-2019-11269) affects IBM Spectrum Symphony 7.2.1 and 7.2.0.2

Summary A remote code execution vulnerability exists in the Spring Security OAuth version used by IBM Spectrum Symphony 7.2.1 and 7.2.0.2. Interim fixes that provide instructions on upgrading the Spring Security OAuth package to version 2.0.18 which resolves this vulnerability are available on IB...

CVE-2019-9186

In several JetBrains IntelliJ IDEA versions, a Spring Boot run configuration with the default setting allowed remote attackers to execute code when the configuration is running, because a JMX server listens on all interfaces instead of listening on only the localhost interface. This issue has bee...

CVE-2019-9186

In several JetBrains IntelliJ IDEA versions, a Spring Boot run configuration with the default setting allowed remote attackers to execute code when the configuration is running, because a JMX server listens on all interfaces instead of listening on only the localhost interface. This issue has bee...

Default configuration

In several JetBrains IntelliJ IDEA versions, a Spring Boot run configuration with the default setting allowed remote attackers to execute code when the configuration is running, because a JMX server listens on all interfaces instead of listening on only the localhost interface. This issue has bee...

CVE-2019-9186

In several JetBrains IntelliJ IDEA versions, a Spring Boot run configuration with the default setting allowed remote attackers to execute code when the configuration is running, because a JMX server listens on all interfaces instead of listening on only the localhost interface. This issue has bee...

UBUNTU-CVE-2019-9186

In several JetBrains IntelliJ IDEA versions, a Spring Boot run configuration with the default setting allowed remote attackers to execute code when the configuration is running, because a JMX server listens on all interfaces instead of listening on only the localhost interface. This issue has bee...

CVE-2019-9186

In several JetBrains IntelliJ IDEA versions, a Spring Boot run configuration with the default setting allowed remote attackers to execute code when the configuration is running, because a JMX server listens on all interfaces instead of listening on only the localhost interface. This issue has bee...

CVE-2019-9186

In JetBrains IntelliJ IDEA, the Spring Boot run configuration could allow remote code execution because a JMX server listened on all network interfaces instead of only localhost. Affected versions were fixed in 2019.1, 2018.3.4, 2018.2.8, 2018.1.8, and 2017.3.7. The CVE is CVE-2019-9186. Public d...

Exploit for Path Traversal in Pivotal_Software Spring_Framework

Web-Security-Learning 在学习Web安全的过程中整合的一些资料。 该repo会不断更新，最近更新日期为：2017/11/2。 同步更新于： chybeta: Web-Security-Learning 带目录 11月2日更新： + 新收录文章： + SQL注入 + sqlmap自带的tamper你了解多少？ + XSS + 前端防御从入门到弃坑--CSP变迁 + ssrf + SSRF:CVE-2017-9993 FFmpeg + AVI + HLS + CSRF + CSRF 花式绕过Referer技巧 + 各大SRC中的CSRF技巧 + java-Web +...

Security Bulletin: Vulnerability affects Watson Explorer Foundational Components (CVE-2018-15756)

Summary Security vulnerability affects IBM Watson Explorer Foundational Components. Vulnerability Details CVEID: CVE-2018-15756 DESCRIPTION: Pivotal Spring Framework is vulnerable to a denial of service, caused by improper handling of range request by the ResourceHttpRequestHandler. By adding a...