Lucene search
+L

71 matches found

RedHat Linux
RedHat Linux
added 2018/09/24 10:6 p.m.3 views

keycloak: SAML request parser replaces special strings with system properties

It was found that while parsing the SAML messages the StaxParserUtil class of Picketlink replaces special strings for obtaining attribute values with system property. This could allow an attacker to determine values of system properties at the attacked system by formatting the SAML request ID fie...

6.5CVSS6.6AI score0.02457EPSS
Exploits0References4
RedHat Linux
RedHat Linux
added 2017/11/14 8:30 p.m.6 views

keycloak: SAML request parser replaces special strings with system properties

It was found that while parsing the SAML messages the StaxParserUtil class of Picketlink replaces special strings for obtaining attribute values with system property. This could allow an attacker to determine values of system properties at the attacked system by formatting the SAML request ID fie...

6.5CVSS6.6AI score0.02457EPSS
Exploits0References4
RedHat Linux
RedHat Linux
added 2017/11/14 8:23 p.m.3 views

keycloak: SAML request parser replaces special strings with system properties

It was found that while parsing the SAML messages the StaxParserUtil class of Picketlink replaces special strings for obtaining attribute values with system property. This could allow an attacker to determine values of system properties at the attacked system by formatting the SAML request ID fie...

6.5CVSS6.6AI score0.02457EPSS
Exploits0References4
RedHat Linux
RedHat Linux
added 2017/09/26 6:51 p.m.3 views

keycloak: SAML request parser replaces special strings with system properties

It was found that while parsing the SAML messages the StaxParserUtil class of Picketlink replaces special strings for obtaining attribute values with system property. This could allow an attacker to determine values of system properties at the attacked system by formatting the SAML request ID fie...

6.5CVSS6.6AI score0.02457EPSS
Exploits0References4
RedHat Linux
RedHat Linux
added 2017/09/26 6:39 p.m.4 views

keycloak: SAML request parser replaces special strings with system properties

It was found that while parsing the SAML messages the StaxParserUtil class of Picketlink replaces special strings for obtaining attribute values with system property. This could allow an attacker to determine values of system properties at the attacked system by formatting the SAML request ID fie...

6.5CVSS6.6AI score0.02457EPSS
Exploits0References4
RedHat Linux
RedHat Linux
added 2017/09/26 5:58 p.m.4 views

keycloak: SAML request parser replaces special strings with system properties

It was found that while parsing the SAML messages the StaxParserUtil class of Picketlink replaces special strings for obtaining attribute values with system property. This could allow an attacker to determine values of system properties at the attacked system by formatting the SAML request ID fie...

6.5CVSS6.6AI score0.02457EPSS
Exploits0References4
RedhatCVE
RedhatCVE
added 2017/05/18 8:19 a.m.25 views

CVE-2017-7503

It was found that the Red Hat JBoss EAP 7.0.5 implementation of javax.xml.transform.TransformerFactory is vulnerable to XXE. An attacker could use this flaw to launch DoS or SSRF attacks, or read files from the server where EAP is deployed. Mitigation This issue affects processing of XML content...

9.8CVSS2.3AI score0.02007EPSS
Exploits0References1
Fedora
Fedora
added 2016/05/10 11:53 a.m.60 views

[SECURITY] Fedora 24 Update: jackson-dataformat-xml-2.6.3-3.fc24

Data format extension for Jackson http://jackson.codehaus.org to offer alternative support for serializing POJOs as XML and deserializing XML as POJOs. Support implemented on top of Stax API javax.xml.stream, by implementing core Jackson Streaming API types like JsonGenerator, JsonParser and...

9.8CVSS1.5AI score0.0278EPSS
Exploits0
CNVD
CNVD
added 2016/01/01 12:0 a.m.3 views

Arbitrary File Read Vulnerability in Xfire Java Web Services Engine

XFire is a new generation of Java Web services engine . Xfire Java Web Service Engine has an arbitrary file read vulnerability, which uses STAX to parse XML during invoke resulting in XML entity injection, which can be exploited by an attacker to read arbitrary files...

6.9AI score
Exploits0References1
OpenVAS
OpenVAS
added 2015/09/08 12:0 a.m.35 views

Amazon Linux: Security Advisory (ALAS-2014-430)

The remote host is missing an update for the SPDX-FileCopyrightText: 2015 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

6.8CVSS5.3AI score0.04102EPSS
Exploits0References2
Tenable Nessus
Tenable Nessus
added 2014/10/27 12:0 a.m.43 views

Mandriva Linux Security Advisory : java-1.7.0-openjdk (MDVSA-2014:209)

Multiple vulnerabilities has been discovered and corrected in java-1.7.0-openjdk : Multiple flaws were discovered in the Libraries, 2D, and Hotspot components in OpenJDK. An untrusted Java application or applet could use these flaws to bypass certain Java sandbox restrictions CVE-2014-6506,...

6.8CVSS7.2AI score0.04102EPSS
Exploits0References11
Tenable Nessus
Tenable Nessus
added 2014/10/20 12:0 a.m.43 views

Amazon Linux AMI : java-1.8.0-openjdk (ALAS-2014-432)

It was discovered that the Libraries component in OpenJDK failed to properly handle ZIP archives that contain entries with a NUL byte used in the file names. An untrusted Java application or applet could use this flaw to bypass Java sandbox restrictions. CVE-2014-6562 Multiple flaws were discover...

9.3CVSS7.3AI score0.04783EPSS
Exploits0References13
RedHat Linux
RedHat Linux
added 2014/10/16 11:12 p.m.7 views

OpenJDK: StAX parser parameter entity XXE (JAXP, 8039533)

It was discovered that the StAX XML parser in the JAXP component in OpenJDK performed expansion of external parameter entities even when external entity substitution was disabled. A remote attacker could use this flaw to perform XML eXternal Entity XXE attack against applications using the StAX...

5CVSS7.4AI score0.04102EPSS
Exploits0References5
RedHat Linux
RedHat Linux
added 2014/10/16 11:2 p.m.7 views

OpenJDK: StAX parser parameter entity XXE (JAXP, 8039533)

It was discovered that the StAX XML parser in the JAXP component in OpenJDK performed expansion of external parameter entities even when external entity substitution was disabled. A remote attacker could use this flaw to perform XML eXternal Entity XXE attack against applications using the StAX...

5CVSS7.4AI score0.04102EPSS
Exploits0References5
Cent OS
Cent OS
added 2014/10/15 11:48 a.m.76 views

java security update

CentOS Errata and Security Advisory CESA-2014:1634 Updated java-1.6.0-openjdk packages that fix multiple security issues and one bug are now available for Red Hat Enterprise Linux 5, 6, and 7. Red Hat Product Security has rated this update as having Important security impact. Common Vulnerability...

6.8CVSS6.7AI score0.04102EPSS
Exploits0References7
RedHat Linux
RedHat Linux
added 2014/10/15 3:3 a.m.8 views

OpenJDK: StAX parser parameter entity XXE (JAXP, 8039533)

It was discovered that the StAX XML parser in the JAXP component in OpenJDK performed expansion of external parameter entities even when external entity substitution was disabled. A remote attacker could use this flaw to perform XML eXternal Entity XXE attack against applications using the StAX...

5CVSS7.4AI score0.04102EPSS
Exploits0References5
RedHat Linux
RedHat Linux
added 2014/10/15 2:9 a.m.7 views

OpenJDK: StAX parser parameter entity XXE (JAXP, 8039533)

It was discovered that the StAX XML parser in the JAXP component in OpenJDK performed expansion of external parameter entities even when external entity substitution was disabled. A remote attacker could use this flaw to perform XML eXternal Entity XXE attack against applications using the StAX...

5CVSS7.4AI score0.04102EPSS
Exploits0References5
RedHat Linux
RedHat Linux
added 2014/10/15 1:26 a.m.6 views

OpenJDK: StAX parser parameter entity XXE (JAXP, 8039533)

It was discovered that the StAX XML parser in the JAXP component in OpenJDK performed expansion of external parameter entities even when external entity substitution was disabled. A remote attacker could use this flaw to perform XML eXternal Entity XXE attack against applications using the StAX...

5CVSS7.4AI score0.04102EPSS
Exploits0References5
OpenVAS
OpenVAS
added 2014/10/15 12:0 a.m.269 views

RedHat Update for java-1.7.0-openjdk RHSA-2014:1620-01

The remote host is missing an update for the SPDX-FileCopyrightText: 2014 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

6.8CVSS5.2AI score0.04102EPSS
Exploits0References2
RedHat Linux
RedHat Linux
added 2014/10/14 8:47 p.m.6 views

OpenJDK: StAX parser parameter entity XXE (JAXP, 8039533)

It was discovered that the StAX XML parser in the JAXP component in OpenJDK performed expansion of external parameter entities even when external entity substitution was disabled. A remote attacker could use this flaw to perform XML eXternal Entity XXE attack against applications using the StAX...

5CVSS7.4AI score0.04102EPSS
Exploits0References5
Rows per page
Query Builder