11 matches found
EUVD-2018-0798
Malware in sbrugna...
CVE-2018-20000
Apereo Bedework bw-webdav before 4.0.3 allows XXE attacks, as demonstrated by an invite-reply document that reads a local file, related to webdav/servlet/common/MethodBase.java and webdav/servlet/common/PostRequestPars.java...
GHSA-5P52-J8PW-J7X5 Improper Restriction of XML External Entity Reference in bedework:bw-webdav
Apereo Bedework bw-webdav before 4.0.3 allows XXE attacks, as demonstrated by an invite-reply document that reads a local file, related to webdav/servlet/common/MethodBase.java and webdav/servlet/common/PostRequestPars.java...
org.bedework.bwwebcl:bw-calendar-client-appcommon (=3.12.0), org.bedework.bwwebcl:bw-calendar-client-ear (=3.12.0) +33 more potentially affected by CVE-2018-20000 via org.bedework:bw-webdav (>=4.0.1 <=4.0.2)
org.bedework:bw-webdav MAVEN version =4.0.1, =4.0.2 is affected by a known vulnerability. The following packages have a transitive dependency on org.bedework:bw-webdav and may be impacted: - org.bedework.bwwebcl:bw-calendar-client-appcommon =3.12.0 - org.bedework.bwwebcl:bw-calendar-client-ear...
Improper Restriction of XML External Entity Reference in bedework:bw-webdav
Apereo Bedework bw-webdav before 4.0.3 allows XXE attacks, as demonstrated by an invite-reply document that reads a local file, related to webdav/servlet/common/MethodBase.java and webdav/servlet/common/PostRequestPars.java...
Design/Logic Flaw
Apereo Bedework bw-webdav before 4.0.3 allows XXE attacks, as demonstrated by an invite-reply document that reads a local file, related to webdav/servlet/common/MethodBase.java and webdav/servlet/common/PostRequestPars.java...
CVE-2018-20000
Apereo Bedework bw-webdav before 4.0.3 allows XXE attacks, as demonstrated by an invite-reply document that reads a local file, related to webdav/servlet/common/MethodBase.java and webdav/servlet/common/PostRequestPars.java...
CVE-2018-20000
Apereo Bedework bw-webdav before 4.0.3 allows XXE attacks, as demonstrated by an invite-reply document that reads a local file, related to webdav/servlet/common/MethodBase.java and webdav/servlet/common/PostRequestPars.java...
CVE-2018-20000
Apereo Bedework bw-webdav contains an XML External Entity (XXE) vulnerability (CVE-2018-20000) in versions before 4.0.3. The issue arises in the XML parsing code paths used by a webdav servlet (notably MethodBase.java and PostRequestPars.java), allowing an attacker to read local files via special...
CVE-2018-20000
Apereo Bedework bw-webdav before 4.0.3 allows XXE attacks, as demonstrated by an invite-reply document that reads a local file, related to webdav/servlet/common/MethodBase.java and webdav/servlet/common/PostRequestPars.java...
Apereo Bedework bw-webdav XML External Entity Injection Vulnerability
Apereo Bedework bw-webdav is a general purpose webdav server. It is primarily used to interact with the backend to access resources. A security vulnerability exists in Apereo Bedework bw-webdav versions prior to 4.0.3. An attacker can exploit this vulnerability to perform an XML external entity...