CVE-2019-10086

In Apache Commons Beanutils 1.9.2, a special BeanIntrospector class was added which allows suppressing the ability for an attacker to access the classloader via the class property available on all Java objects. We, however were not using this by default characteristic of the PropertyUtilsBean...

CVE-2019-10086

In Apache Commons Beanutils 1.9.2, a special BeanIntrospector class was added which allows suppressing the ability for an attacker to access the classloader via the class property available on all Java objects. We, however were not using this by default characteristic of the PropertyUtilsBean...

CVE-2019-10086

CVE-2019-10086 affects Apache Commons BeanUtils 1.9.2, where a BeanIntrospector addition could suppress access to the classloader via the class property on Java objects. The issue stems from not applying the suppression by default in PropertyUtilsBean, enabling potential risk across affected depl...

Authorization Bypass

commons-beanutils2 is vulnerable to authorization bypass. The vulnerability exists as the class property of Java objects are able to get access to the classloader by default...

struts2: ClassLoader manipulation via request parameters

ParametersInterceptor in Apache Struts before 2.3.20 does not properly restrict access to the getClass method, which allows remote attackers to "manipulate" the ClassLoader and execute arbitrary code via a crafted request. NOTE: this vulnerability exists because of an incomplete fix for...

Important: Red Hat Security Advisory: Red Hat Fuse 7.3 security update

A minor version update from 7.2 to 7.3 is now available for Red Hat Fuse. The purpose of this text-only errata is to inform you about the security issues fixed in this release. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring...

CVE-2018-17605

An issue was discovered in the Asset Pipeline plugin before 3.0.4 for Grails. An attacker can perform directory traversal via a crafted request when a servlet-based application is executed in Jetty, because there is a classloader vulnerability that can allow a reverse file traversal route in...

Directory traversal

An issue was discovered in the Asset Pipeline plugin before 3.0.4 for Grails. An attacker can perform directory traversal via a crafted request when a servlet-based application is executed in Jetty, because there is a classloader vulnerability that can allow a reverse file traversal route in...

CVE-2018-17605

CVE-2018-17605 affects the Asset Pipeline plugin for Grails (versions before 3.0.4). A directory traversal flaw exists when a servlet-based application runs in Jetty, due to a classloader vulnerability that enables a reverse file traversal path via AssetPipelineFilter.groovy or AssetPipelineFilte...

CVE-2018-17605

An issue was discovered in the Asset Pipeline plugin before 3.0.4 for Grails. An attacker can perform directory traversal via a crafted request when a servlet-based application is executed in Jetty, because there is a classloader vulnerability that can allow a reverse file traversal route in...

Apache Struts 2.x < 2.3.20 Multiple ClassLoader Manipulation Vulnerabilities (S2-021)

The version of Apache Struts running on the remote host is 2.x prior to to 2.3.20. It, therefore, is affected by multiple class loader vulnerabilities: - A class loader vulnerability exists in ParametersInterceptor due to improper access restriction to the getClass method. A remote, unauthenticat...

Security Bulletin: ClassLoader manipulation with Apache Struts in WebSphere Application Server affecting Rational Business Developer (CVE-2014-0114)

Summary WebSphere Application Server Test Environment WAS TE from IBM Rational Application Developer for WebSphere Software is shipped with Rational Business Developer. The WAS TE is affected by a classloader manipulation vulnerability in Apache Struts. Information about the security vulnerabilit...

Security Bulletin: ClassLoader manipulation with Apache Struts in Rational Application Developer affecting Rational Business Developer (CVE-2014-0114)

Summary The Struts tool of IBM Rational Application Developer is shipped as a component of Rational Business Developer. The Struts tool is affected by a classloader manipulation vulnerability in Apache Struts. Information about the security vulnerability affecting Rational Application Developer h...

Security Bulletin: Classloader Manipulation Vulnerability in IBM WebSphere Application Server (CVE-2014-0114) Does Not Affect IBM Security Key Lifecycle Manager

Summary There is a classloader manipulation vulnerability in the Apache Struts 1 that is used by IBM WebSphere Application Server. IBM Security Key Lifecycle Manager is not affected by this vulnerability. Affected Products and Versions None Remediation/Fixes IBM WebSphere Application Server has...

Security Bulletin: ClassLoader manipulation with Apache Struts affecting Tivoli Integrated Portal (CVE-2014-0114)

Summary There is a ClassLoader manipulation vulnerability in Apache Struts that is used by Tivoli Integrated Portal TIP & embedded Websphere Application Server eWAS Vulnerability Details CVEID: CVE-2014-0114 DESCRIPTION: Apache Struts 1.X could allow a remote attacker to execute arbitrary code on...

Security Bulletin:ClassLoader manipulation with Apache Struts affecting IBM Tivoli Netcool/OMNIbus_GUI (CVE-2014-0114)

Summary There is a ClassLoader manipulation vulnerability in Apache Struts that is used by IBM Tivoli Netcool/OMNIbusGUI Vulnerability Details CVEID: CVE-2014-0114 DESCRIPTION: Apache Struts 1.X could allow a remote attacker to execute arbitrary code on the system, caused by the failure to restri...

Security Bulletin: TADDM - Struts V1 ClassLoader manipulation vulnerability (CVE-2014-0114).

Summary TADDM is vulnerable to Open Source Apache Struts V1 ClassLoader manipulation that allow a remote attacker to execute arbitrary code on the system, caused by the failure to restrict the setting of Class Loader attributes. Vulnerability Details CVE-ID: CVE-2014-0114 Description: Apache Stru...

Security Bulletin: A security vulnerability has been identified in Tivoli Integrated Portal (TIP) & embedded Websphere Application Server (eWAS) shipped with Tivoli Netcool/Impact (CVE-2014-0114)

Summary Tivoli Integrated Portal TIP & embedded Websphere Application Server eWAS are shipped as a component of Tivoli Netcool/Impact. Information about a security vulnerability affecting Tivoli Integrated Portal TIP & embedded Websphere Application Server eWAS has been published in a security...

Security Bulletin:A security vulnerability has been identified in Tivoli Integrated Portal (TIP) & embedded Websphere Application Server (eWAS) shipped with Tivoli Business Service Manager (CVE-2014-0114)

Summary Tivoli Integrated Portal TIP & embedded Websphere Application Server eWAS is shipped as a component of Tivoli Business Service Manager. Information about a security vulnerability affecting Tivoli Integrated Portal TIP & embedded Websphere Application Server eWAS has been published in a...

Security Bulletin: Open Source Apache Struts V1 ClassLoader manipulation vulnerability (CVE-2014-0114) in IBM Content Analytics with Enterprise Search and IBM OmniFind Enterprise Edition

Summary An Open Source Apache Struts V1 ClassLoader manipulation vulnerability affects the web application server that is used by the administration console in IBM Content Analytics with Enterprise Search now named IBM Watson Content Analytics and IBM OmniFind Enterprise Edition. Vulnerability...