ROS-20250827-03

A vulnerability in the resolveFile method of the Apache Commons VFS Virtual File System unified API for accessing different file systems is due to errors in the relative path handling of the directory when processing the relative path of the directory. Virtual File System method is related to...

Linux Distros Unpatched Vulnerability : CVE-2025-46392

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Uncontrolled Resource Consumption vulnerability in Apache Commons Configuration 1.x. There are a number of issues in Apache Commons Configuration 1.x that allow...

Linux Distros Unpatched Vulnerability : CVE-2025-30474

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Exposure of Sensitive Information to an Unauthorized Actor vulnerability in Apache Commons VFS. The FtpFileObject class can throw an exception when a file is no...

Security Bulletin: IBM Watson Discovery Cartridge affected by vulnerability in tomcat-embed-core-9.0.104.jar

Summary IBM Watson Discovery Cartridge contains a vulnerable version of tomcat-embed-core-9.0.104.jar Vulnerability Details CVEID:CVE-2025-49125 DESCRIPTION: Authentication Bypass Using an Alternate Path or Channel vulnerability in Apache Tomcat. When using PreResources or PostResources mounted...

Apache Commons OGNL Arbitrary Code Execution Vulnerability

Apache Commons OGNL is a Java library from the American Apache Apache Foundation. A security vulnerability exists in Apache Commons OGNL Ognl.getValue, which originates from incorrectly filtering input parameters, and can be exploited by a remote attacker to submit a special request, which can be...

Linux Distros Unpatched Vulnerability : CVE-2019-12402

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - The file name encoding algorithm used internally in Apache Commons Compress 1.15 to 1.18 can get into an infinite loop when faced with specially crafted inputs...

Security Bulletin: SPSS Collaboration and Deployment Services is affected by vulnerability in Apache Commons ( CVE-2025-48734).

Summary SPSS Collaboration and Deployment Services is affected by vulnerability in Apache Commons CVE-2025-48734. This has been addressed in the remediation section. Vulnerability Details CVEID:CVE-2025-48734 DESCRIPTION: Improper Access Control vulnerability in Apache Commons. A special...

OESA-2025-2061 apache-commons-lang security update

The standard Java libraries fail to provide enough methods for manipulation of its core classes. Apache Commons Lang provides these extra methods. Security Fixes: A vulnerability classified as problematic has been found in Apache Commons Lang up to 2.6/3.17.x.CWE is classifying the issue as...

Security Bulletin: IBM App Connect for Healthcare is vulnerable to multiple vulnerabilities due to Apache Commons Lang & FileUpload ( CVE-2025-48924 & CVE-2025-48976 )

Summary IBM App Connect for Healthcare is vulnerable to multiple vulnerabilities due to Apache Commons Lang & Apache Commons FileUpload. Vulnerability Details CVEID:CVE-2025-48924 DESCRIPTION: Uncontrolled Recursion vulnerability in Apache Commons Lang. This issue affects Apache Commons Lang:...

Oracle Linux 10 : tomcat (ELSA-2025-14179)

The remote Oracle Linux 10 host has packages installed that are affected by multiple vulnerabilities as referenced in the ELSA-2025-14179 advisory. - tomcat: Apache Tomcat DoS in multipart upload CVE-2025-48988 - tomcat: Apache Tomcat: Security constraint bypass for pre/post-resources...

Apache Commons OGNL Security Bypass Vulnerability (Aug 2025)

The Apache Commons OGNL library is prone to a security bypass vulnerability. SPDX-FileCopyrightText: 2025 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE =...

apache-commons-fileupload: Apache Commons FileUpload DoS via part headers

A denial-of-service DoS vulnerability has been discovered in the Apache Commons FileUpload library. The flaw stems from insufficient limits placed on multipart headers during file uploads. A remote attacker could exploit this by sending a specially crafted request with an excessively large number...

apache-commons-fileupload: Apache Commons FileUpload DoS via part headers

A denial-of-service DoS vulnerability has been discovered in the Apache Commons FileUpload library. The flaw stems from insufficient limits placed on multipart headers during file uploads. A remote attacker could exploit this by sending a specially crafted request with an excessively large number...

Important: Red Hat Security Advisory: tomcat security update

An update for tomcat is now available for Red Hat Enterprise Linux 9. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from th...

apache-commons-fileupload: Apache Commons FileUpload DoS via part headers

A denial-of-service DoS vulnerability has been discovered in the Apache Commons FileUpload library. The flaw stems from insufficient limits placed on multipart headers during file uploads. A remote attacker could exploit this by sending a specially crafted request with an excessively large number...

apache-commons-fileupload: Apache Commons FileUpload DoS via part headers

A denial-of-service DoS vulnerability has been discovered in the Apache Commons FileUpload library. The flaw stems from insufficient limits placed on multipart headers during file uploads. A remote attacker could exploit this by sending a specially crafted request with an excessively large number...

apache-commons-fileupload: Apache Commons FileUpload DoS via part headers

A denial-of-service DoS vulnerability has been discovered in the Apache Commons FileUpload library. The flaw stems from insufficient limits placed on multipart headers during file uploads. A remote attacker could exploit this by sending a specially crafted request with an excessively large number...

apache-commons-fileupload: Apache Commons FileUpload DoS via part headers

A denial-of-service DoS vulnerability has been discovered in the Apache Commons FileUpload library. The flaw stems from insufficient limits placed on multipart headers during file uploads. A remote attacker could exploit this by sending a specially crafted request with an excessively large number...

apache-commons-fileupload: Apache Commons FileUpload DoS via part headers

A denial-of-service DoS vulnerability has been discovered in the Apache Commons FileUpload library. The flaw stems from insufficient limits placed on multipart headers during file uploads. A remote attacker could exploit this by sending a specially crafted request with an excessively large number...

Linux Distros Unpatched Vulnerability : CVE-2018-1324

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - A specially crafted ZIP archive can be used to cause an infinite loop inside of Apache Commons Compress' extra field parser used by the ZipFile and...