Directory traversal

The Grails Resource Plugin often has to exchange URIs for resources with other internal components. Those other components will decode any URI passed to them. To protect against directory traversal the Grails Resource Plugin did the following: normalized the URI, checked the normalized URI did no...

CVE-2014-3626

The Grails Resource Plugin often has to exchange URIs for resources with other internal components. Those other components will decode any URI passed to them. To protect against directory traversal the Grails Resource Plugin did the following: normalized the URI, checked the normalized URI did no...

CVE-2014-3626

The Grails Resource Plugin often has to exchange URIs for resources with other internal components. Those other components will decode any URI passed to them. To protect against directory traversal the Grails Resource Plugin did the following: normalized the URI, checked the normalized URI did no...

CVE-2016-4015

The Enqueue Server in SAP NetWeaver JAVA AS 7.1 through 7.4 allows remote attackers to cause a denial of service process crash via a crafted request, aka SAP Security Note 2258784...

CVE-2016-4014

The CVE-2016-4014 entry concerns an XXE/XEE vulnerability in the SAP NetWeaver AS JAVA UDDI component (SAP NetWeaver JAVA AS 7.4). The root cause is XML External Entity processing allowing a crafted DTD to cause denial of service by making the server hang when processing requests to uddi/api/repl...

CVE-2016-3980

CVE-2016-3980 : In SAP NetWeaver AS JAVA (7.2–7.4), the Java Startup Framework (jstart) is vulnerable to a remote denial-of-service via a crafted HTTP request. The issue originates from the startup framework component in SAP NetWeaver AS JAVA 7.4 (and likely 7.2–7.4 variants) and is documented as...