Lucene search
K

92 matches found

NCSC
NCSC
added 2023/07/27 12:0 a.m.6 views

Vulnerability fixed in Apache Jackrabbit

Apache Foundation has fixed a vulnerability in Jackrabbit. A malicious party could exploit the vulnerability to execute arbitrary execute code with permissions from the application using of Jackrabbit. Because Jackrabbit is executed with the privileges of the application, it cannot be ruled out...

9.8CVSS7.3AI score0.02657EPSS
Exploits0
Veracode
Veracode
added 2023/07/26 7:59 a.m.22 views

Remote Code Execution (RCE)

org.apache.jackrabbit:jackrabbit-standalone, jackrabbit-standalone-components and jackrabbit-webapp are vulnerable to Remote Code Execution RCE. Use of the component commons-beanutils, which contains a class that can be used for remote code execution over RMI, allows an attacker to upload and...

9.8CVSS8.6AI score0.02657EPSS
Exploits0References7Affected Software3
OSV
OSV
added 2023/07/25 3:30 p.m.4 views

GHSA-Q8CM-3V62-JJ79 Remote code execution in Apache Jackrabbit

Java object deserialization issue in Jackrabbit webapp/standalone on all platforms allows attacker to remotely execute code via RMIVersions up to including 2.20.10 stable branch and 2.21.17 unstable branch use the component "commons-beanutils", which contains a class that can be used for remote...

9.8CVSS7.7AI score0.02657EPSS
Exploits0References6
Github Security Blog
Github Security Blog
added 2023/07/25 3:30 p.m.37 views

Remote code execution in Apache Jackrabbit

Java object deserialization issue in Jackrabbit webapp/standalone on all platforms allows attacker to remotely execute code via RMIVersions up to including 2.20.10 stable branch and 2.21.17 unstable branch use the component "commons-beanutils", which contains a class that can be used for remote...

9.8CVSS10AI score0.02657EPSS
Exploits0References6Affected Software3
Cvelist
Cvelist
added 2023/07/25 2:2 p.m.48 views

CVE-2023-37895 Apache Jackrabbit RMI access can lead to RCE

Java object deserialization issue in Jackrabbit webapp/standalone on all platforms allows attacker to remotely execute code via RMIVersions up to including 2.20.10 stable branch and 2.21.17 unstable branch use the component "commons-beanutils", which contains a class that can be used for remote...

10AI score0.02657EPSS
Exploits0References4
CNNVD
CNNVD
added 2023/07/25 12:0 a.m.5 views

Apache Jackrabbit 代码问题漏洞

Apache Jackrabbit is a content repository from Apache USA. A code execution vulnerability exists in Apache Jackrabbit Webapp/Standalone, which stems from the component commons-beanutils failing to properly filter special elements of constructed snippets. An attacker could exploit the vulnerabilit...

9.8CVSS8.1AI score0.02657EPSS
Exploits0References5
Positive Technologies
Positive Technologies
added 2023/06/30 12:0 a.m.2 views

PT-2023-5558

Name of the Vulnerable Software and Affected Versions: Apache Jackrabbit versions 2.20.10 and earlier stable branch Apache Jackrabbit versions 2.21.17 and earlier unstable branch Description: A Java object deserialization issue in Apache Jackrabbit webapp/standalone on all platforms allows an...

10CVSS10AI score0.02657EPSS
Exploits0References29
CNVD
CNVD
added 2023/05/30 12:0 a.m.33 views

Apache Sling Input Validation Error Vulnerability

Apache Sling is the United States Apache Apache Foundation of a Java platform for open source Web framework. Designed to comply with JSR-170 content repository such as Apache Jackrabbit to create content-centric applications. An input validation error vulnerability exists in Apache Sling Commons...

7.5CVSS6.7AI score0.02187EPSS
Exploits0Affected Software1
CNVD
CNVD
added 2023/02/17 12:0 a.m.29 views

Apache Sling JNDI Injection Vulnerability

Apache Sling is the United States Apache Apache Foundation of a Java platform for open source Web framework. Designed to meet the JSR-170 content repository such as Apache Jackrabbit to create content-centric applications. Apache Sling JCR Base versions prior to 3.1.12 JNDI injection vulnerabilit...

7.5CVSS7.5AI score0.0116EPSS
Exploits0References1
Github Security Blog
Github Security Blog
added 2022/05/17 3:48 a.m.28 views

Apache Jackrabbit Authentication Hijacking Vulnerability

Cross-site request forgery CSRF vulnerability in the CSRF content-type check in Jackrabbit-Webdav in Apache Jackrabbit 2.4.x before 2.4.6, 2.6.x before 2.6.6, 2.8.x before 2.8.3, 2.10.x before 2.10.4, 2.12.x before 2.12.4, and 2.13.x before 2.13.3 allows remote attackers to hijack the...

8.8CVSS7.2AI score0.02293EPSS
Exploits0References9Affected Software1
Github Security Blog
Github Security Blog
added 2022/05/14 2:49 a.m.30 views

Improper Input Validation in Apache Jackrabbit

XML external entity XXE vulnerability in Apache Jackrabbit before 2.0.6, 2.2.x before 2.2.14, 2.4.x before 2.4.6, 2.6.x before 2.6.6, 2.8.x before 2.8.1, and 2.10.x before 2.10.1 allows remote attackers to read arbitrary files and send requests to intranet servers via a crafted WebDAV request...

6.4CVSS6.3AI score0.51488EPSS
Exploits6References15Affected Software1
OSV
OSV
added 2022/05/14 2:49 a.m.3 views

GHSA-9284-J4C9-779Q Improper Input Validation in Apache Jackrabbit

XML external entity XXE vulnerability in Apache Jackrabbit before 2.0.6, 2.2.x before 2.2.14, 2.4.x before 2.4.6, 2.6.x before 2.6.6, 2.8.x before 2.8.1, and 2.10.x before 2.10.1 allows remote attackers to read arbitrary files and send requests to intranet servers via a crafted WebDAV request...

6.4CVSS6AI score0.51488EPSS
Exploits6References15
OSV
OSV
added 2022/05/02 3:12 a.m.17 views

GHSA-6FXV-38XC-H866 Apache Jackrabbit contains Cross-site Scripting

Multiple cross-site scripting XSS vulnerabilities in Apache Jackrabbit before 1.5.2 allow remote attackers to inject arbitrary web script or HTML via the q parameter to 1 search.jsp or 2 swr.jsp...

4.3CVSS5.5AI score0.21633EPSS
Exploits2References9
Github Security Blog
Github Security Blog
added 2022/05/02 3:12 a.m.31 views

Apache Jackrabbit contains Cross-site Scripting

Multiple cross-site scripting XSS vulnerabilities in Apache Jackrabbit before 1.5.2 allow remote attackers to inject arbitrary web script or HTML via the q parameter to 1 search.jsp or 2 swr.jsp...

4.3CVSS4.3AI score0.21633EPSS
Exploits2References10Affected Software1
OpenVAS
OpenVAS
added 2022/01/28 12:0 a.m.13 views

Mageia: Security Advisory (MGASA-2015-0242)

The remote host is missing an update for the SPDX-FileCopyrightText: 2022 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

6.4CVSS6.5AI score0.51488EPSS
Exploits6References5
Github Security Blog
Github Security Blog
added 2021/12/10 5:20 p.m.34 views

Improper Removal of Sensitive Information Before Storage or Transfer in Apache Jackrabbit Oak

The optional initial password change and password expiration features present in Apache Jackrabbit Oak 1.2.0 to 1.22.0 are prone to a sensitive information disclosure vulnerability. The code mandates the changed password to be passed as an additional attribute to the credentials object but does n...

7.5CVSS7.2AI score0.04511EPSS
Exploits0References14Affected Software1
OSV
OSV
added 2021/12/10 5:20 p.m.1 views

GHSA-3H68-WVV6-8R5H Improper Removal of Sensitive Information Before Storage or Transfer in Apache Jackrabbit Oak

The optional initial password change and password expiration features present in Apache Jackrabbit Oak 1.2.0 to 1.22.0 are prone to a sensitive information disclosure vulnerability. The code mandates the changed password to be passed as an additional attribute to the credentials object but does n...

7.5CVSS5.9AI score0.04511EPSS
Exploits0References13
NVD
NVD
added 2020/01/28 5:15 p.m.44 views

CVE-2020-1940

The optional initial password change and password expiration features present in Apache Jackrabbit Oak 1.2.0 to 1.22.0 are prone to a sensitive information disclosure vulnerability. The code mandates the changed password to be passed as an additional attribute to the credentials object but does n...

7.5CVSS7.6AI score0.04511EPSS
Exploits0References12
OSV
OSV
added 2020/01/28 5:15 p.m.17 views

CVE-2020-1940

The optional initial password change and password expiration features present in Apache Jackrabbit Oak 1.2.0 to 1.22.0 are prone to a sensitive information disclosure vulnerability. The code mandates the changed password to be passed as an additional attribute to the credentials object but does n...

7.5CVSS6.9AI score
Exploits0References12
Prion
Prion
added 2020/01/28 5:15 p.m.14 views

Information disclosure

The optional initial password change and password expiration features present in Apache Jackrabbit Oak 1.2.0 to 1.22.0 are prone to a sensitive information disclosure vulnerability. The code mandates the changed password to be passed as an additional attribute to the credentials object but does n...

5CVSS7.6AI score0.04511EPSS
Exploits0References12Affected Software1
Rows per page
Query Builder