Spring Cloud Config 2.1.x - Path Traversal (Metasploit)

This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'Spring Cloud Config Server Directory Traversal', 'Description' = %q This module exploits an unauthenticated directory traversal vulnerability whi...

Spring Cloud Config 2.1.x - Path Traversal (Metasploit)

Spring Cloud Config 2.1.x - Path Traversal Metasploit This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'Spring Cloud Config Server Directory Traversal', 'Description' = %q This module exploits an...

Exploit for Code Injection in Pivotal_Software Spring_Data_Commons

CVE-2018-1273 Spring Data Commons RCE 远程命令执行漏洞 usage !...

Security Bulletin: Security vulnerability in Pivotal Spring Framework affects IBM Rational License Key Server Administration & Reporting Tool

Summary A Security vulnerability in Spring Framework, from Pivotal, used by IBM Rational License Key Server Administration & Reporting Tool has been published. Required remediation has been addressed by IBM Rational License Key Server Administration & Reporting Tool team. Vulnerability Details...

Spring Cloud Config directory traversal vulnerability, CVE-2019-3799）early warning-vulnerability warning-the black bar safety net

Recently, the Spring official team in the latest security update, disclose a SpringCloud Config directory traversal vulnerability, CVE-2019-3799 on. Vulnerability official rated as High, belong to high-risk vulnerabilities. The vulnerability in essence is allows an application program through the...

Spring Cloud Config Server Directory Traversal

This module exploits an unauthenticated directory traversal vulnerability which exists in Spring Cloud Config versions 2.1.x prior to 2.1.2, versions 2.0.x prior to 2.0.4, and versions 1.4.x prior to 1.4.6. Spring Cloud Config listens by default on port 8888. This module requires Metasploit:...

Oracle WebLogic Server high-risk security vulnerability alerts-a vulnerability alert-the black bar safety net

2019 04 May 17, 360CERT detection to the Oracle in 4 December 17 release of the security Bulletin. The security Bulletin disclosed the WebLogic Server there are multiple high-risk vulnerabilities that affect multiple WebLogic components. 360CERT it is determined that the security updates for...

Oracle WebLogic Server Multiple Vulnerabilities (Apr 2019 CPU)

The version of Oracle WebLogic Server installed on the remote host is affected by multiple vulnerabilities: - An unspecified vulnerability in the Spring Framework allows a low privileged, remote attacker with network access via HTTP to compromise and takeover the Oracle Communications Unified...

Oracle Enterprise Manager Cloud Control (Apr 2019 CPU)

The version of Oracle Enterprise Manager Cloud Control installed on the remote host is affected by multiple vulnerabilities in Enterprise Manager Base Platform component: - Networking component of Enterprise Manager Base Platform Spring Framework is easily exploited and may allow an...

Directory Traversal

spring-cloud-config-server is vulnerable to directory traversal. It is possible because an attacker can serve arbitrary configuration files to the sever through a malicious URL feed into spring-cloud-config-server module...

Pivotal Software Spring Cloud Config Path Traversal Vulnerability

Pivotal Software Spring Cloud Config is a configuration management solution for distributed systems from Pivotal Software. The product mainly provides server and client support for external configuration in distributed systems. A path traversal vulnerability exists in Pivotal Software Spring Clou...

GHSA-V2R2-7QM7-JJ6V Spring Security uses insufficiently random values

Spring Security versions 4.2.x prior to 4.2.12, 5.0.x prior to 5.0.12, and 5.1.x prior to 5.1.5 contain an insecure randomness vulnerability when using SecureRandomFactoryBeansetSeed to configure a SecureRandom instance. In order to be impacted, an honest application must provide a seed and make...

ch.rasc:wamp2spring-security (=1.0.0), com.antelopesystem.authframework:auth-framework (=0.0.2) +177 more potentially affected by CVE-2019-3795 via org.springframework.security:spring-security-core (>=5.0.0.RELEASE <=5.0.11.RELEASE)

org.springframework.security:spring-security-core MAVEN version =5.0.0.RELEASE, =2.21.8, =2017.11.28, =2018.1.20 - com.netflix.genie:genie-app =4.0.0-rc.2 - com.netflix.genie:genie-security =4.0.0-rc.2 - de.codecentric:spring-boot-admin-sample-consul =2.0.5 -...

ai.foremast.metrics:foremast-spring-boot-k8s-metrics-starter (>=0.1.2 <=0.1.6), ai.hyacinth.framework:core-service-gateway-server (=0.5.0) +1506 more potentially affected by CVE-2019-3795 via org.springframework.security:spring-security-core (>=5.1.0.RELEASE <=5.1.4.RELEASE)

org.springframework.security:spring-security-core MAVEN version =5.1.0.RELEASE, =0.1.2, =1.2.1.aghost-fix.20201109, =1.2.1.aghost-fix.20201109, =1.2.1.aghost-fix.20201109, =1.2.1.aghost-fix.20201109, =1.2.1.aghost-fix.20201109, =1.2.1.aghost-fix.20201109, =1.2.1.aghost-fix.20201109,...

Spring Security uses insufficiently random values

Spring Security versions 4.2.x prior to 4.2.12, 5.0.x prior to 5.0.12, and 5.1.x prior to 5.1.5 contain an insecure randomness vulnerability when using SecureRandomFactoryBeansetSeed to configure a SecureRandom instance. In order to be impacted, an honest application must provide a seed and make...

au.org.consumerdatastandards:client-cli (>=1.1.1 <=1.12.0), com.ahome-it:ahome-tooling-server-core (>=1.1.19-RELEASE <=1.1.27-RELEASE) +243 more potentially affected by CVE-2019-3795 via org.springframework.security:spring-security-core (>=4.2.0.RELEASE <=4.2.11.RELEASE)

org.springframework.security:spring-security-core MAVEN version =4.2.0.RELEASE, =1.1.1, =1.1.19-RELEASE, =1.1.23-RELEASE, =1.1.19-RELEASE, =1.1.19-RELEASE, =1.1.23-RELEASE, =2.21.8, =2.0.0-beta1, =2.0.0-beta1, =2.0.0-beta1, =2.0.0-beta1, =2.0.0-beta1, =2.0.0-beta2 and more Source cves:...

Spring Boot Actuator Command Execution Vulnerability

Actuators are one of the four main features proposed in Spring Boot to simplify Spring development. A command execution vulnerability exists in Spring Boot Actuator, which can be exploited by an attacker to execute arbitrary commands by constructing a malicious request...

Spring Boot Actuator Module Command Execution Vulnerability

Spring Boot Acuatorr can help you monitor and manage your Spring Boot applications, such as health checks, auditing, statistics and HTTP tracing. A command execution vulnerability exists in the Spring Boot Actuator module. The vulnerability is realized by using JNDI through Spring Boot Actuator's...

Security fix for the ALT Linux 10 package samba version 4.10.2-alt1

April 11, 2019 Evgeny Sinelnikov 4.10.2-alt1 - Update to spring security release - Security fixes: + CVE-2019-3870 World writable files in Samba AD DC private/ dir + CVE-2019-3880 Save registry file outside share as unprivileged user...

CVE-2019-3795

Spring Security versions 4.2.x prior to 4.2.12, 5.0.x prior to 5.0.12, and 5.1.x prior to 5.1.5 contain an insecure randomness vulnerability when using SecureRandomFactoryBeansetSeed to configure a SecureRandom instance. In order to be impacted, an honest application must provide a seed and make...