15 matches found
Spring Cloud Config Server - Local File Inclusion
Spring Cloud Config Server versions 2.1.x prior to 2.1.2, 2.0.x prior to 2.0.4, 1.4.x prior to 1.4.6, and older unsupported versions are vulnerable to local file inclusion because they allow applications to serve arbitrary configuration files. An attacker can send a request using a specially...
ai.hyacinth.framework:core-service-config-server (=0.5.0), org.apereo.cas:cas-server-support-configuration-cloud-amqp (>=6.0.1 <=6.1.0-RC2) +12 more potentially affected by CVE-2019-3799 via org.springframework.cloud:spring-cloud-config-server (>=2.1.0.RELEASE <=2.1.1.RELEASE)
org.springframework.cloud:spring-cloud-config-server MAVEN version =2.1.0.RELEASE, =6.0.1, =6.0.1, =6.0.1, =Einstein.RELEASE, =2.1.0.RELEA...
cn.home1:oss-configserver (>=1.0.6.OSS <=1.0.7.OSS), cn.home1:spring-cloud-config-monitor (>=0.0.1 <=1.0.1.U1) +166 more potentially affected by CVE-2019-3799 via org.springframework.cloud:spring-cloud-config-server (>=1.1.0.RELEASE <=1.4.5.RELEASE)
org.springframework.cloud:spring-cloud-config-server MAVEN version =1.1.0.RELEASE, =1.0.6.OSS, =0.0.1, =0.0.1, =1.1.0-RELEASE, =1.0.0, =1.0.0, =1.5.0-Beta, =0.8.3, =0.8.3, =0.8.3, =0.8.3, =0.10.0 and more Source cves: CVE-2019-3799 Source advisory: OSV:GHSA-4X49-W62V-76Q7...
CVE-2019-3799
Spring Cloud Config, versions 2.1.x prior to 2.1.2, versions 2.0.x prior to 2.0.4, and versions 1.4.x prior to 1.4.6, and older unsupported versions allow applications to serve arbitrary configuration files through the spring-cloud-config-server module. A malicious user, or attacker, can send a...
CVE-2019-3799
Spring Cloud Config, versions 2.1.x prior to 2.1.2, versions 2.0.x prior to 2.0.4, and versions 1.4.x prior to 1.4.6, and older unsupported versions allow applications to serve arbitrary configuration files through the spring-cloud-config-server module. A malicious user, or attacker, can send a...
CVE-2019-3799
Spring Cloud Config, versions 2.1.x prior to 2.1.2, versions 2.0.x prior to 2.0.4, and versions 1.4.x prior to 1.4.6, and older unsupported versions allow applications to serve arbitrary configuration files through the spring-cloud-config-server module. A malicious user, or attacker, can send a...
CVE-2019-3799 Directory Traversal with spring-cloud-config-server
Spring Cloud Config, versions 2.1.x prior to 2.1.2, versions 2.0.x prior to 2.0.4, and versions 1.4.x prior to 1.4.6, and older unsupported versions allow applications to serve arbitrary configuration files through the spring-cloud-config-server module. A malicious user, or attacker, can send a...
CVE-2019-3799
The CVE-2019-3799 entries describe a Local File Inclusion/Directory Traversal vulnerability in Spring Cloud Config Server. Affected versions are Spring Cloud Config Server 2.1.x before 2.1.2, 2.0.x before 2.0.4, and 1.4.x before 1.4.6, plus older unsupported releases. An unauthenticated attacker ...
Spring Cloud Config 2.1.x - Path Traversal Exploit
Exploit for java platform in category web applications This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'Spring Cloud Config Server Directory Traversal', 'Description' = %q This module exploits a...
Spring Cloud Config 2.1.x Path Traversal
This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'Spring Cloud Config Server Directory Traversal', 'Description' = %q This module exploits an unauthenticated directory traversal vulnerability whi...
Spring Cloud Config 2.1.x - Path Traversal (Metasploit)
This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'Spring Cloud Config Server Directory Traversal', 'Description' = %q This module exploits an unauthenticated directory traversal vulnerability whi...
Spring Cloud Config 2.1.x - Path Traversal (Metasploit)
Spring Cloud Config 2.1.x - Path Traversal Metasploit This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'Spring Cloud Config Server Directory Traversal', 'Description' = %q This module exploits an...
CVE-2019-3799
creationtimestamp| type| source ---|---|--- 2019-04-26 14:45:34+00:00| seen| https://github.com/rapid7/metasploit-framework/blob/master/modules/auxiliary/scanner/http/springcloudtraversal.rb 2023-11-02 13:56:07+00:00| published-proof-of-concept| https://t.me/CNArsenal/1418 2023-11-02...
Spring Cloud Config directory traversal vulnerability, CVE-2019-3799)early warning-vulnerability warning-the black bar safety net
Recently, the Spring official team in the latest security update, disclose a SpringCloud Config directory traversal vulnerability, CVE-2019-3799 on. Vulnerability official rated as High, belong to high-risk vulnerabilities. The vulnerability in essence is allows an application program through the...
Spring Cloud Config Server Directory Traversal
This module exploits an unauthenticated directory traversal vulnerability which exists in Spring Cloud Config versions 2.1.x prior to 2.1.2, versions 2.0.x prior to 2.0.4, and versions 1.4.x prior to 1.4.6. Spring Cloud Config listens by default on port 8888. This module requires Metasploit:...