Lucene search
K

2996 matches found

RedHat Linux
RedHat Linux
added 2013/10/15 6:18 p.m.8 views

commons-fileupload: Arbitrary file upload via deserialization

The DiskFileItem class in Apache Commons FileUpload, as used in Red Hat JBoss BRMS 5.3.1; JBoss Portal 4.3 CP07, 5.2.2, and 6.0.0; and Red Hat JBoss Web Server 1.0.2 allows remote attackers to write to arbitrary files via a NULL byte in a file name in a serialized instance...

7.5CVSS6.9AI score0.12768EPSS
Exploits0References4
RedHat Linux
RedHat Linux
added 2013/08/08 5:4 p.m.6 views

jakarta-commons-httpclient: missing connection hostname check against X.509 certificate name

It was found that Apache Commons HttpClient 3.x, as used in Amazon Flexible Payments Service FPS merchant Java SDK and other products, does not verify that the server hostname matches a domain name in the subject's Common Name CN or subjectAltName field of the X.509 certificate, which allows...

5.8CVSS7.2AI score0.09254EPSS
Exploits0References4
Apache Tomcat
Apache Tomcat
added 2013/05/09 12:0 a.m.40 views

Fixed in Apache Tomcat 7.0.40

Moderate: Information disclosure CVE-2013-2071 Bug 54178 described a scenario where elements of a previous request may be exposed to a current request. This was very difficult to exploit deliberately but fairly likely to happen unexpectedly if an application used AsyncListeners that threw...

6.8CVSS8.8AI score0.1399EPSS
Exploits2Affected Software1
RedHat Linux
RedHat Linux
added 2013/03/25 5:5 p.m.3 views

jakarta-commons-httpclient: missing connection hostname check against X.509 certificate name

It was found that Apache Commons HttpClient 3.x, as used in Amazon Flexible Payments Service FPS merchant Java SDK and other products, does not verify that the server hostname matches a domain name in the subject's Common Name CN or subjectAltName field of the X.509 certificate, which allows...

5.8CVSS7.2AI score0.09254EPSS
Exploits0References4
RedHat Linux
RedHat Linux
added 2013/03/25 5:4 p.m.6 views

jakarta-commons-httpclient: missing connection hostname check against X.509 certificate name

It was found that Apache Commons HttpClient 3.x, as used in Amazon Flexible Payments Service FPS merchant Java SDK and other products, does not verify that the server hostname matches a domain name in the subject's Common Name CN or subjectAltName field of the X.509 certificate, which allows...

5.8CVSS7.2AI score0.09254EPSS
Exploits0References4
OSV
OSV
added 2013/03/15 8:55 p.m.7 views

CVE-2013-0248

The default configuration of javax.servlet.context.tempdir in Apache Commons FileUpload 1.0 through 1.2.2 uses the /tmp directory for uploaded files, which allows local users to overwrite arbitrary files via an unspecified symlink attack...

6.2AI score
Exploits0References6
NVD
NVD
added 2013/03/15 8:55 p.m.24 views

CVE-2013-0248

The default configuration of javax.servlet.context.tempdir in Apache Commons FileUpload 1.0 through 1.2.2 uses the /tmp directory for uploaded files, which allows local users to overwrite arbitrary files via an unspecified symlink attack...

3.3CVSS7.5AI score0.0068EPSS
Exploits1References6
Prion
Prion
added 2013/03/15 8:55 p.m.22 views

Default configuration

The default configuration of javax.servlet.context.tempdir in Apache Commons FileUpload 1.0 through 1.2.2 uses the /tmp directory for uploaded files, which allows local users to overwrite arbitrary files via an unspecified symlink attack...

3.3CVSS6.7AI score0.0068EPSS
Exploits1References6Affected Software1
UbuntuCve
UbuntuCve
added 2013/03/15 8:55 p.m.29 views

CVE-2013-0248

The default configuration of javax.servlet.context.tempdir in Apache Commons FileUpload 1.0 through 1.2.2 uses the /tmp directory for uploaded files, which allows local users to overwrite arbitrary files via an unspecified symlink attack...

3.3CVSS7.2AI score0.0068EPSS
Exploits1References2
Cvelist
Cvelist
added 2013/03/15 1:0 a.m.25 views

CVE-2013-0248

The default configuration of javax.servlet.context.tempdir in Apache Commons FileUpload 1.0 through 1.2.2 uses the /tmp directory for uploaded files, which allows local users to overwrite arbitrary files via an unspecified symlink attack...

7.4AI score0.0068EPSS
Exploits1References6
Debian CVE
Debian CVE
added 2013/03/15 1:0 a.m.37 views

CVE-2013-0248

The default configuration of javax.servlet.context.tempdir in Apache Commons FileUpload 1.0 through 1.2.2 uses the /tmp directory for uploaded files, which allows local users to overwrite arbitrary files via an unspecified symlink attack...

3.3CVSS8.4AI score0.0068EPSS
Exploits1
Positive Technologies
Positive Technologies
added 2013/03/15 12:0 a.m.7 views

PT-2013-2187 · Apache +1 · Apache Commons Fileupload +1

Name of the Vulnerable Software and Affected Versions: Apache Commons FileUpload versions 1.0 through 1.2.2 Description: The default configuration of javax.servlet.context.tempdir in Apache Commons FileUpload uses the /tmp directory for uploaded files, which allows local users to overwrite...

7.5CVSS7.3AI score0.83175EPSS
Exploits9References18
seebug.org
seebug.org
added 2013/03/10 12:0 a.m.45 views

Apache Commons FileUpload不安全临时文件创建漏洞(CVE-2013-0248)

BUGTRAQ ID: 58326 CVECAN ID: CVE-2013-0248 Apache Commons FileUpload软件包可以向小服务程序和Web应用添加高性能的文件上传功能。 Apache Commons FileUpload v1.0 - 1.2.2在上传文件过程中,会将上传的文件临时存在磁盘上,默认的位于系统的tmp目录内。因为临时文件具有可预测的文件名,并存储在可公开写入的位置,这就易于受到TOCTOU攻击。成功攻击需要攻击者对tmp目录具有写访问权限。将存储位置设在不能公开写入的位置,可以防止此攻击。 0 Apache Group Commons...

3.3CVSS0.0068EPSS
Exploits1
GithubExploit
GithubExploit
added 2013/02/26 8:0 a.m.6 views

commons-configuration

| | math | | 1.2 | |...

7AI score
Exploits0
RedHat Linux
RedHat Linux
added 2013/02/19 8:40 p.m.7 views

jakarta-commons-httpclient: missing connection hostname check against X.509 certificate name

It was found that Apache Commons HttpClient 3.x, as used in Amazon Flexible Payments Service FPS merchant Java SDK and other products, does not verify that the server hostname matches a domain name in the subject's Common Name CN or subjectAltName field of the X.509 certificate, which allows...

5.8CVSS7.2AI score0.09254EPSS
Exploits0References4
Tenable Nessus
Tenable Nessus
added 2012/12/20 12:0 a.m.49 views

Fedora 16 : tomcat-7.0.33-1.fc16 (2012-20151)

Updated to 7.0.33 - Resolves: rhbz 873620 need chkconfig for update-alternatives - Resolves: rhbz 883676,883691,883704,873707 fix several security issues - Resolves: rhbz 883806 refix logdir ownership - Resolves: rhbz 820119 Remove bundled apache-commons-dbcp Note that Tenable Network Security...

5CVSS6AI score0.12098EPSS
Exploits5References13
OSV
OSV
added 2012/11/04 10:55 p.m.6 views

DEBIAN-CVE-2012-5783

Apache Commons HttpClient 3.x, as used in Amazon Flexible Payments Service FPS merchant Java SDK and other products, does not verify that the server hostname matches a domain name in the subject's Common Name CN or subjectAltName field of the X.509 certificate, which allows man-in-the-middle...

5.8CVSS9.1AI score0.09254EPSS
Exploits0References1
NVD
NVD
added 2012/11/04 10:55 p.m.23 views

CVE-2012-5783

Apache Commons HttpClient 3.x, as used in Amazon Flexible Payments Service FPS merchant Java SDK and other products, does not verify that the server hostname matches a domain name in the subject's Common Name CN or subjectAltName field of the X.509 certificate, which allows man-in-the-middle...

5.8CVSS6.3AI score0.09254EPSS
Exploits0References18
Prion
Prion
added 2012/11/04 10:55 p.m.25 views

Code injection

Apache Commons HttpClient 3.x, as used in Amazon Flexible Payments Service FPS merchant Java SDK and other products, does not verify that the server hostname matches a domain name in the subject's Common Name CN or subjectAltName field of the X.509 certificate, which allows man-in-the-middle...

5.8CVSS6.6AI score0.09254EPSS
Exploits0References18Affected Software2
Cvelist
Cvelist
added 2012/11/04 10:0 p.m.25 views

CVE-2012-5783

Apache Commons HttpClient 3.x, as used in Amazon Flexible Payments Service FPS merchant Java SDK and other products, does not verify that the server hostname matches a domain name in the subject's Common Name CN or subjectAltName field of the X.509 certificate, which allows man-in-the-middle...

6.7AI score0.09254EPSS
Exploits0References18
Rows per page
Query Builder