Lucene search
K

46 matches found

Cvelist
Cvelist
added 2016/09/29 10:0 a.m.27 views

CVE-2016-5062

The web server in Aternity before 9.0.1 does not require authentication for getMBeansFromURL loading of Java MBeans, which allows remote attackers to execute arbitrary Java code by registering MBeans...

10AI score0.03898EPSS
Exploits0References2
CVE
CVE
added 2016/09/29 10:0 a.m.79 views

CVE-2016-5061

CVE-2016-5061 affects the Aternity webserver (pre-9.0.1). The issue is a cross-site scripting (XSS) vulnerability in the web UI pages (HTTPAgent, MacAgent, getExternalURL, retrieveTrustedUrl) that allows remote attackers to inject arbitrary script/HTML. The NVD entries classify it as CVSSv2/4.3 (...

6.1CVSS6.3AI score0.01233EPSS
Exploits0References2Affected Software1
Cvelist
Cvelist
added 2016/09/29 10:0 a.m.31 views

CVE-2016-5061

Multiple cross-site scripting XSS vulnerabilities in the web server in Aternity before 9.0.1 allow remote attackers to inject arbitrary web script or HTML via the 1 HTTPAgent, 2 MacAgent, 3 getExternalURL, or 4 retrieveTrustedUrl page...

6.3AI score0.01233EPSS
Exploits0References2
CVE
CVE
added 2016/09/29 10:0 a.m.53 views

CVE-2016-5062

CVE-2016-5062 affects the Aternity web server prior to version 9.0.1, where getMBeansFromURL allows loading of Java MBeans without authentication. This enables a remote attacker to register attacker-controlled MBeans and execute arbitrary Java code on the server. Impact is remote code execution w...

9.8CVSS9.9AI score0.03898EPSS
Exploits0References2Affected Software1
CNVD
CNVD
added 2016/09/29 12:0 a.m.6 views

Aternity Remote Code Execution Vulnerability

Aternity webserver is a web server from the American company Aternity. A remote code execution vulnerability exists in Aternity 9 and prior versions of the web server, which stems from the program failing to require authentication for getMBeansFromURL to download Java Mbeans. A remote attacker ca...

9.8CVSS8.6AI score0.03898EPSS
Exploits0References1
CERT
CERT
added 2016/09/28 12:0 a.m.31 views

Aternity version 9 vulnerable to cross-site scripting and remote code execution

Overview The Aternity webserver, version 9 and prior, is reportedly vulnerable to cross-site scripting XSS on several web pages, and remote code execution via inclusion of untrusted functionality by default due to improper authentication before execution. Description CWE-80: Improper Neutralizati...

9.8CVSS8.1AI score0.03898EPSS
Exploits0References2
Rows per page
Query Builder