Privilege Escalation

An attack technique against the W3C XML Encryption Standard when block ciphers were used in CBC mode could allow a remote attacker to conduct chosen-ciphertext attacks, leading to the recovery of the entire plain text of a particular cryptogram. CVE-2011-1096 JBoss Web Services leaked side-channe...

The Spring Framework tags EL expressions to perform vulnerability analysis CVE-2 0 1 1-2 7 3 0-a vulnerability warning-the black bar safety net

0x00 Preface This vulnerability has been out for a long time, the previous simple analysis, but due to time constraints, no in-depth study of principles, the online on this vulnerability analysis is also not too much recently due to work reasons, in-depth analysis about the vulnerability of the...

Important: Red Hat Security Advisory: Red Hat JBoss Portal 5.2.2 security update

Red Hat JBoss Portal 5.2.2 roll up patch 1, which fixes multiple security issues and various bugs, is now available from the Red Hat Customer Portal. The Red Hat Security Response Team has rated this update as having important security impact. Common Vulnerability Scoring System CVSS base scores,...

Important: Red Hat Security Advisory: JBoss Enterprise Application Platform 5.2.0 update

JBoss Enterprise Application Platform 5.2.0, which fixes multiple security issues, various bugs, and adds several enhancements, is now available from the Red Hat Customer Portal. The Red Hat Security Response Team has rated this update as having important security impact. Common Vulnerability...

CVE-2011-2730

CVE-2011-2730 concerns VMware SpringSource Spring Framework (versions 2.5.6.SEC03, 2.5.7.SR023, and 3.x prior to 3.0.6) where EL-enabled containers evaluate EL expressions in several Spring tags twice, enabling an attacker to obtain sensitive information from attributes such as name, path, argume...

Debian Security Advisory DSA 2504-1 (libspring-2.5-java)

The remote host is missing an update to libspring-2.5-java announced via advisory DSA 2504-1. OpenVAS Vulnerability Test $Id: deb25041.nasl 6612 2017-07-07 12:08:03Z cfischer $ Description: Auto-generated from advisory DSA 2504-1 libspring-2.5-java Authors: Thomas Reinke Copyright: Copyright c 20...

[SECURITY] [DSA 2504-1] libspring-2.5-java security update

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 - ------------------------------------------------------------------------- Debian Security Advisory DSA-2504-1 [email protected] http://www.debian.org/security/ Florian Weimer June 28, 2012 http://www.debian.org/security/faq -...

Debian DSA-2504-1 : libspring-2.5-java - information disclosure

It was discovered that the Spring Framework contains an information disclosure vulnerability in the processing of certain Expression Language EL patterns, allowing attackers to access sensitive information using HTTP requests. NOTE: This update adds a springJspExpressionSupport context parameter...

[SECURITY] [DSA 2504-1] libspring-2.5-java security update

------------------------------------------------------------------------- Debian Security Advisory DSA-2504-1 [email protected] http://www.debian.org/security/ Florian Weimer June 28, 2012 http://www.debian.org/security/faq -...

CVE-2011-2730: Spring Framework Information Disclosure

CVE-2011-2730: Spring Framework Information Disclosure Severity: Variable depending on application. Likely to be low to moderate, may be important. Version affected: 3.0.0 to 3.0.5 2.5.0 to 2.5.6.SEC02 community releases 2.5.0 to 2.5.7.SR01 subscription customers Earlier, unsupported versions may...

Spring Framework表达式语言JSP属性处理信息泄露漏洞(cve-2011-2730)

Bugtraq ID: 49543 CVE ID：CVE-2011-2730 Spring Framework是一个开源的Java／Java EE全功能栈（full-stack）的应用程序框架， 以Apache许可证形式发布，也有.NET平台上的移植版本。 在JSP 2.0之前，表达式语言不被支持。要在基于早期JSP规范的WEB应用程序中使用EL，一些Spring MVC标签提供对Servlet/JSP容易的EL独立支持。默认启用对EL求值。当使用支持EL的容器时，EL中的属性会被求值两次，一次容器另一次为tab。这可导致不可期的敏感信息泄露。 0 SpringSource Spring...