CVE-2017-7661

Apache CXF Fediz ships with a number of container-specific plugins to enable WS-Federation for applications. A CSRF Cross Style Request Forgery style vulnerability has been found in the Spring 2, Spring 3, Jetty 8 and Jetty 9 plugins in Apache CXF Fediz prior to 1.4.0, 1.3.2 and 1.2.4...

Cross site request forgery (csrf)

Apache CXF Fediz ships with a number of container-specific plugins to enable WS-Federation for applications. A CSRF Cross Style Request Forgery style vulnerability has been found in the Spring 2, Spring 3, Jetty 8 and Jetty 9 plugins in Apache CXF Fediz prior to 1.4.0, 1.3.2 and 1.2.4...

CVE-2017-7661

Apache CXF Fediz ships with a number of container-specific plugins to enable WS-Federation for applications. A CSRF Cross Style Request Forgery style vulnerability has been found in the Spring 2, Spring 3, Jetty 8 and Jetty 9 plugins in Apache CXF Fediz prior to 1.4.0, 1.3.2 and 1.2.4...

CVE-2017-7661

Apache CXF Fediz ships with a number of container-specific plugins to enable WS-Federation for applications. A CSRF Cross Style Request Forgery style vulnerability has been found in the Spring 2, Spring 3, Jetty 8 and Jetty 9 plugins in Apache CXF Fediz prior to 1.4.0, 1.3.2 and 1.2.4...

CVE-2017-7661

CVE-2017-7661 affects Apache CXF Fediz container-specific WS-Federation plugins (Spring 2, Spring 3, Jetty 8, Jetty 9) in CXF Fediz prior to versions 1.4.0, 1.3.2, and 1.2.4. The issue is described as a CSRF‑style vulnerability. The connected documents confirm the affected plugins and versions bu...

CVE-2016-2173

org.springframework.core.serializer.DefaultDeserializer in Spring AMQP before 1.5.5 allows remote attackers to execute arbitrary code...

Code injection

org.springframework.core.serializer.DefaultDeserializer in Spring AMQP before 1.5.5 allows remote attackers to execute arbitrary code...

CVE-2016-2173

org.springframework.core.serializer.DefaultDeserializer in Spring AMQP before 1.5.5 allows remote attackers to execute arbitrary code...

CVE-2016-2173

CVE-2016-2173 (Spring AMQP) affects the Spring AMQP component, where org.springframework.core.serializer.DefaultDeserializer can be abused to achieve remote code execution. The vulnerability is present in Spring AMQP versions prior to 1.5.5. Exploitation involves deserialization of untrusted data...

CVE-2016-2173

org.springframework.core.serializer.DefaultDeserializer in Spring AMQP before 1.5.5 allows remote attackers to execute arbitrary code...

Harvest: Login bypass on travel.██████████ aka "Harvest Spring Summit 2017"

Introduction I stumbled upon http://travel.████. It looks like the portal for Harvest Spring Summit 2017 travel planning and announcement. I was able to gain access to this portal and view the travel itineraries of some of the summit's participants. A note on scope I realize this domain is not...

AMF3 Java implementations deserialization Vulnerability

Details reference: https://codewhitesec.blogspot.kr/2017/04/amf.html Some Java implementations of AMF3 deserializers derive class instances from java. io. Externalizable rather than the AMF3 specification's recommendation of a flash. utils. IExternalizable. A remote attacker with the ability to...

Pivotal Spring Flex Remote Code Execution Vulnerability

Pivotal Spring Flex is an integrated BlazeDS client for teleprocessing and messaging from Pivotal Software, USA. A remote code execution vulnerability exists in Pivotal Spring Flex. An attacker can exploit the vulnerability to execute arbitrary code in the context of an affected application,...

Action Message Format (AMF3) Java implementations are vulnerable to insecure deserialization and XML external entities references

Overview Several Java implementations of AMF3 are vulnerable to insecure deserialization and XML external entities references. Description Several Java implementations of Action Message Format AMF3 are vulnerable to one or more of the following implementation errors:CWE-502: Deserialization of...

Security fix for the ALT Linux 7 package samba version 4.5.7-alt1.M70P.1

March 23, 2017 Evgeny Sinelnikov 4.5.7-alt1.M70P.1 - Update to spring security release - Fixed build --without docs closes: 33118 - Security fixes: + CVE-2017-2619 Symlink race allows access outside share definition...

Security fix for the ALT Linux 8 package samba version 4.6.1-alt1

March 23, 2017 Evgeny Sinelnikov 4.6.1-alt1 - Update to spring security release - Fixed build --without docs closes: 33118 - Security fixes: + CVE-2017-2619 Symlink race allows access outside share definition...

Security fix for the ALT Linux 7 package samba-DC version 4.5.7-alt1.M70P.1

March 23, 2017 Evgeny Sinelnikov 4.5.7-alt1.M70P.1 - Update to spring security release - Fixed build --without docs closes: 33118 - Security fixes: + CVE-2017-2619 Symlink race allows access outside share definition...

Microsoft Dynamics CRM 2013 Service Pack 1 and CRM Online Spring '14

Microsoft Dynamics CRM 2013 Service Pack 1 and CRM Online Spring '14 INTRODUCTION Microsoft Dynamics CRM 2013 Service Pack 1 SP1 is available. This article describes the updates and changes that are included in this service pack. For Microsoft Dynamics CRM Online, this release is referred to as C...

Unverifiable Symmetric Encryption

spring-cloud-config has a flaw which allows malicious manipulation of symmetric encryptions. The vulnerability exists because its default symmetric encryption does not use a Message Authentication Code MAC to verify the authenticity of encrypted message...

[SECURITY] Fedora 25 Update: springframework-security-3.2.10-1.fc25

Spring Security is a Java/Java EE framework that provides advanced authentication, authorization and other comprehensive security features for enterprise applications. In addition to having a comprehensive list of security functionality, Spring Security is very configurable and employs the Spring...