215 matches found
CVE-2019-20635
codeBeamer before 9.5.0-RC3 does not properly restrict the ability to execute custom Java code and access the Java class loader via computed fields...
CVE-2019-20635
codeBeamer before 9.5.0-RC3 does not properly restrict the ability to execute custom Java code and access the Java class loader via computed fields...
apache-commons-beanutils: does not suppresses the class property in PropertyUtilsBean by default
A flaw was found in the Apache Commons BeanUtils, where the class property in PropertyUtilsBean is not suppressed by default. This flaw allows an attacker to access the classloader...
apache-commons-beanutils: does not suppresses the class property in PropertyUtilsBean by default
A flaw was found in the Apache Commons BeanUtils, where the class property in PropertyUtilsBean is not suppressed by default. This flaw allows an attacker to access the classloader...
Security Bulletin: Vulnerability in Apache Commons BeanUtils Affects IBM Sterling B2B Integrator (CVE-2014-0114)
Summary Apache Commons BeanUtils with Struts 1 does not suppress the class property, which allows remote attackers to "manipulate" the ClassLoader and execute arbitrary code via the class parameter. Vulnerability Details CVEID: CVE-2014-0114 DESCRIPTION: Apache Struts could allow a remote attacke...
Security Bulletin: ClassLoader manipulation with Apache Struts affecting Rational Application Developer (CVE-2014-0114)
Summary There is a ClassLoader manipulation vulnerability in Apache Struts that is bundled by IBM Rational Application Developer for WebSphere Software. Vulnerability Details | Subscribe to My Notifications to be notified of important product support alerts like this. Follow this link for more...
CVE-2019-12017
A remote code execution vulnerability exists in MapR CLDB code, specifically in the JSON framework that is used in the CLDB code that handles login and ticket issuance. An attacker can use the 'class' property of the JSON request sent to the CLDB to influence the JSON library's decision on which...
Code injection
In version 2.0.3 Apache Santuario XML Security for Java, a caching mechanism was introduced to speed up creating new XML documents using a static pool of DocumentBuilders. However, if some untrusted code can register a malicious implementation with the thread context class loader first, then this...
CVE-2019-12400
In version 2.0.3 Apache Santuario XML Security for Java, a caching mechanism was introduced to speed up creating new XML documents using a static pool of DocumentBuilders. However, if some untrusted code can register a malicious implementation with the thread context class loader first, then this...
Security update for java-11-openjdk (important)
openSUSE Security Update: Security update for java-11-openjdk Announcement ID: openSUSE-SU-2019:0161-1 Rating: important References: 1120431 1122293 1122299 Cross-References: CVE-2018-11212 CVE-2019-2422 CVE-2019-2426 Affected Products: openSUSE Leap 15.0 An update that fixes three vulnerabilitie...
Information Disclosure
IcedTea-Web plug-in is vulnerable to information disclosure. The application incorrectly uses the same class loader instance for applets with the same value of the codebase attribute even if they originated from different domains. An attacker is able to create a malicious applet to exploit the...
1: Class Loader manipulation via request parameters
Apache Commons BeanUtils, as distributed in lib/commons-beanutils-1.8.0.jar in Apache Struts 1.x through 1.3.10 and in other products requiring commons-beanutils through 1.9.2, does not suppress the class property, which allows remote attackers to "manipulate" the ClassLoader and execute arbitrar...
Apache Struts 2.x < 2.3.16.2 Multiple Vulnerabilities (S2-020)
The version of Apache Struts running on the remote host is 2.x prior to 2.3.16.2. It, therefore, is affected by multiple vulnerabilities: - A denial of service vulnerability exists in MultipartStrea.java in Apache Commons FileUpload due to failure to handle exceptional conditions. A remote,...
Security Bulletin: Rational Insight - Apache Struts used by WebSphere Application Server 6.1 and 7 (CVE-2014-0114)
Summary There is a classloader manipulation vulnerability in the Apache Struts that is used by the IBM WebSphere Application Server 6.1 and 7.0. Vulnerability Details | Subscribe to My Notifications to be notified of important product support alerts like this. Follow this link for more informatio...
Security Bulletin: Class loader manipulation vulnerability in IBM WebSphere Application Server that shipped with WebSphere Enterprise Service Bus Registry Edition (CVE-2014-0114)
Summary A class loader manipulation vulnerability exists in the Apache Struts 1, which is used by IBM WebSphere Application Server and is provided with WebSphere Enterprise Service Bus Registry Edition Vulnerability Details This security vulnerability is fixed with available interim fixes and are...
Hijacking Autoloader
symfony/class-loader is susceptible to the hijacking of the autoloader. The vulnerability exists because it does not prevent the ability to access the loader instance, resulting in the auto-outputting or revealing unwanted information...
OpenJDK: insufficient classloader consistency checks in ClassLoaderWithRepository (JMX, 8157739)
A flaw was found in the way the JMX component of OpenJDK handled classloaders. An untrusted Java application or applet could use this flaw to bypass certain Java sandbox restrictions...
Oracle Java SE Hotspot JSR 292 Method Handles RCE
The version of Oracle Java SE or Java for Business installed on the remote host is affected by an arbitrary code execution vulnerability in the Hotspot subcomponent due to an unsafe implementation of the Reflection API, which improperly processes JSR 292 method handles due to a lack of enforcemen...
jre7-openjdk-headless: sandbox escape
It was discovered that the security fix for CVE-2013-5838 was incomplete and still allowed remote attackers to escape the Java security sandbox mechanism. The root problem is that the Reflection API does not properly guarantee type safety when Method Handle objects were invoked across two differe...
jdk7-openjdk: sandbox escape
It was discovered that the security fix for CVE-2013-5838 was incomplete and still allowed remote attackers to escape the Java security sandbox mechanism. The root problem is that the Reflection API does not properly guarantee type safety when Method Handle objects were invoked across two differe...