19 matches found
K000135353: Apache Commons Collection serialized object injection vulnerability CVE-2017-15708
Security Advisory Description In Apache Synapse, by default no authentication is required for Java Remote Method Invocation RMI. So Apache Synapse 3.0.1 or all previous releases 3.0.0, 2.1.0, 2.0.0, 1.2, 1.1.2, 1.1.1 allows remote code execution attacks that can be performed by injecting speciall...
Security Bulletin: Multiple vulnerabilities in Apache Commons Collections affect IBM InfoSphere Information Server
Summary Multiple vulnerabilities in Apache Commons Collections used by IBM InfoSphere Information Server were addressed. Vulnerability Details CVEID:CVE-2015-4852 DESCRIPTION: The WLS Security component in Oracle WebLogic Server 10.3.6.0, 12.1.2.0, 12.1.3.0, and 12.2.1.0 allows remote attackers t...
Improper Input Validation in Apache Axis2
Apache Axis2 before 1.5.2, as used in IBM WebSphere Application Server WAS 7.0 through 7.0.0.12, IBM Feature Pack for Web Services 6.1.0.9 through 6.1.0.32, IBM Feature Pack for Web 2.0 1.0.1.0, Apache Synapse, Apache ODE, Apache Tuscany, Apache Geronimo, and other products, does not properly...
GHSA-23VV-V25H-QWQW Improper Input Validation in Apache Axis2
Apache Axis2 before 1.5.2, as used in IBM WebSphere Application Server WAS 7.0 through 7.0.0.12, IBM Feature Pack for Web Services 6.1.0.9 through 6.1.0.32, IBM Feature Pack for Web 2.0 1.0.1.0, Apache Synapse, Apache ODE, Apache Tuscany, Apache Geronimo, and other products, does not properly...
Apache Synapse 输入验证错误漏洞
Apache Synapse is a lightweight ESB Enterprise Service Bus from the Apache Foundation USA. A security vulnerability existed prior to Synapse version 1.28.0, which stemmed from the fact that requests to user-provided domains were not limited to external IP addresses when Synapse used transitional...
Remote Code Execution in Apache Synapse
In Apache Synapse, by default no authentication is required for Java Remote Method Invocation RMI. So Apache Synapse 3.0.1 or all previous releases 3.0.0, 2.1.0, 2.0.0, 1.2, 1.1.2, 1.1.1 allows remote code execution attacks that can be performed by injecting specially crafted serialized objects...
GHSA-P694-23Q3-RVRC Remote Code Execution in Apache Synapse
In Apache Synapse, by default no authentication is required for Java Remote Method Invocation RMI. So Apache Synapse 3.0.1 or all previous releases 3.0.0, 2.1.0, 2.0.0, 1.2, 1.1.2, 1.1.1 allows remote code execution attacks that can be performed by injecting specially crafted serialized objects...
Apache Synapse < 3.0.1 Remote Code Execution Vulnerability
All Apache Synapse releases previous to 3.0.1 installed on the remote host are affected by a Remote Code Execution vulnerability. This can be performed by injecting specially crafted serialized objects. And the presence of Apache Commons Collections 3.2.1 commons-collections-3.2.1.jar or previous...
Apache Synapse JAR Detection
Binary data synapsejardetection.nbin...
Security Bulletin: IBM Jazz for Service Management (JazzSM) is affected with multiple vulnerabilities (CVE-2015-4852, CVE-2015-6420, CVE-2017-15708)
Summary Jazz for Service Management is affected with multiple vulnerabilities CVE-2015-4852, CVE-2015-6420, CVE-2017-15708 Vulnerability Details CVEID: CVE-2017-15708 DESCRIPTION: In Apache Synapse, by default no authentication is required for Java Remote Method Invocation RMI. So Apache Synapse...
Apache Synapse远程命令执行漏洞(CVE-2017-15708)
0X00 介绍 Apache Synapse是一种轻量级的高性能企业服务总线(ESB)。Apache Synapse由快速和异步的中介引擎提供支持,为XML、Web服务和REST提供了卓越的支持。 0X01 分析 我们知道,完成反序列化漏洞需要存在两个条件: 存在反序列化对象数据传输 有缺陷的第三方lib库,例如Apache Commons Collections 在FoxGlove Security安全团队的@breenmachine的博文中,总结了非常全面可能使用反序列化的地方: 在HTTP请求中 RMI,RMI在传输过程中一定会使用序列化和反序列化...
CVE-2017-15708
In Apache Synapse, by default no authentication is required for Java Remote Method Invocation RMI. So Apache Synapse 3.0.1 or all previous releases 3.0.0, 2.1.0, 2.0.0, 1.2, 1.1.2, 1.1.1 allows remote code execution attacks that can be performed by injecting specially crafted serialized objects...
Remote code execution
In Apache Synapse, by default no authentication is required for Java Remote Method Invocation RMI. So Apache Synapse 3.0.1 or all previous releases 3.0.0, 2.1.0, 2.0.0, 1.2, 1.1.2, 1.1.1 allows remote code execution attacks that can be performed by injecting specially crafted serialized objects...
CVE-2017-15708
In Apache Synapse, by default no authentication is required for Java Remote Method Invocation RMI. So Apache Synapse 3.0.1 or all previous releases 3.0.0, 2.1.0, 2.0.0, 1.2, 1.1.2, 1.1.1 allows remote code execution attacks that can be performed by injecting specially crafted serialized objects...
CVE-2017-15708
CVE-2017-15708 affects Apache Synapse: by default no authentication for Java RMI, enabling remote code execution through specially crafted serialized objects when Commons Collections 3.2.1 or earlier are present. IBM and related bulletins reiterate the issue and note that upgrading to Synapse 3.0...
CVE-2017-15708
In Apache Synapse, by default no authentication is required for Java Remote Method Invocation RMI. So Apache Synapse 3.0.1 or all previous releases 3.0.0, 2.1.0, 2.0.0, 1.2, 1.1.2, 1.1.1 allows remote code execution attacks that can be performed by injecting specially crafted serialized objects...
Remote Code Execution (RCE)
Apache Synapse uses a vulnerable version of commons-collections. This allows attackers to exploit the use of the vulnerable library to perform remote code execution RCE attacks...
Apache Synapse Remote Code Execution Vulnerability
Apache Synapse is a simple, high-quality open source alternative that provides a way to implement SOA by exposing existing applications without having to rewrite any code. A remote code execution vulnerability exists in Apache Synapse, which is caused by the serializability of classes in the Apac...
CVE-2010-1632
Apache Axis2 before 1.5.2, as used in IBM WebSphere Application Server WAS 7.0 through 7.0.0.12, IBM Feature Pack for Web Services 6.1.0.9 through 6.1.0.32, IBM Feature Pack for Web 2.0 1.0.1.0, Apache Synapse, Apache ODE, Apache Tuscany, Apache Geronimo, and other products, does not properly...