Lucene search
K

190 matches found

Cvelist
Cvelist
added 2017/11/27 10:0 a.m.38 views

CVE-2017-8039

An issue was discovered in Pivotal Spring Web Flow through 2.4.5. Applications that do not change the value of the MvcViewFactoryCreator useSpringBinding property which is disabled by default i.e., set to 'false' can be vulnerable to malicious EL expressions in view states that process form...

5.6AI score0.00963EPSS
Exploits0References2
Fedora
Fedora
added 2017/11/15 8:23 p.m.61 views

[SECURITY] Fedora 26 Update: jackson-databind-2.7.6-5.fc26

General data-binding functionality for Jackson: works on core streaming API...

9.8CVSS2.2AI score0.37925EPSS
Exploits7
Fedora
Fedora
added 2017/11/15 5:58 p.m.43 views

[SECURITY] Fedora 27 Update: jackson-databind-2.7.6-5.fc27

General data-binding functionality for Jackson: works on core streaming API...

9.8CVSS2.2AI score0.37925EPSS
Exploits7
Veracode
Veracode
added 2017/09/18 4:54 a.m.18 views

Data Binding Expression Vulnerability

spring-webflow is vulnerable to a data binding expression vulnerability. The vulnerability is caused when the MvcViewFactoryCreator useSpringBinding property is set to false by default. Therefore, applications which use the default settings are vulnerable to malicious EL expressions in view state...

5.9CVSS6.5AI score0.00963EPSS
Exploits0References3Affected Software1
Spring Security Advisories
Spring Security Advisories
added 2017/09/15 12:0 a.m.6 views

Data Binding Expression Vulnerability in Spring Web Flow

This CVE addresses a second path to exploiting the same vulnerability as the one described under CVE-2017-4971 . Applications that do not change the value of the MvcViewFactoryCreator useSpringBinding property which is disabled by default i.e. set to “false” can be vulnerable to malicious EL...

5.9CVSS6.6AI score0.15858EPSS
Exploits1References4
Fedora
Fedora
added 2017/08/12 6:26 p.m.54 views

[SECURITY] Fedora 26 Update: jackson-databind-2.7.6-3.fc26

General data-binding functionality for Jackson: works on core streaming API...

9.8CVSS2.2AI score0.37925EPSS
Exploits7
Fedora
Fedora
added 2017/08/11 11:54 p.m.66 views

[SECURITY] Fedora 25 Update: jackson-databind-2.7.6-3.fc25

General data-binding functionality for Jackson: works on core streaming API...

9.8CVSS2.2AI score0.37925EPSS
Exploits7
Fedora
Fedora
added 2017/07/31 7:19 p.m.57 views

[SECURITY] Fedora 24 Update: jackson-databind-2.6.3-3.fc24

General data-binding functionality for Jackson: works on core streaming API...

9.8CVSS2.2AI score0.37925EPSS
Exploits7
NVD
NVD
added 2017/06/13 6:29 a.m.28 views

CVE-2017-4971

An issue was discovered in Pivotal Spring Web Flow through 2.4.4. Applications that do not change the value of the MvcViewFactoryCreator useSpringBinding property which is disabled by default i.e., set to 'false' can be vulnerable to malicious EL expressions in view states that process form...

5.9CVSS5.8AI score0.15858EPSS
Exploits1References3
Cvelist
Cvelist
added 2017/06/13 6:0 a.m.40 views

CVE-2017-4971

An issue was discovered in Pivotal Spring Web Flow through 2.4.4. Applications that do not change the value of the MvcViewFactoryCreator useSpringBinding property which is disabled by default i.e., set to 'false' can be vulnerable to malicious EL expressions in view states that process form...

5.5AI score0.15858EPSS
Exploits1References3
seebug.org
seebug.org
added 2017/06/12 12:0 a.m.122 views

Pivotal Spring Web Flow Security Bypass Vulnerability(CVE-2017-4971)

Author: iswin@ThreatHunter A. Vulnerability description This vulnerability is in year 6 at the beginning has just been submittedtransfer Gate, the official and there is no detailed information, by the official Description and a patch of the contrast, we can roughly infer should be the Spring Web...

4.3CVSS6.8AI score0.15858EPSS
Exploits1
myhack58
myhack58
added 2017/06/12 12:0 a.m.169 views

CVE-2017-4971: Spring WebFlow remote code execution vulnerability analysis-vulnerability warning-the black bar safety net

Spring severe of these vulnerabilities have traditionally not too much, before the more serious that problem is Spring's JavaBean automatic binding function, the result can be control class, which can lead to the use of certain characteristics of the execution of arbitrary code, but that...

0.1AI score0.15858EPSS
Exploits1
CNVD
CNVD
added 2017/06/08 12:0 a.m.3 views

Pivotal Spring Web Flow Remote Code Execution Vulnerability

Pivotal Spring Web Flow is a web application from Pivotal Software, Inc. that provides navigation for check-in, loan application or shopping cart checkout. A remote code execution vulnerability exists in Pivotal Spring Web Flow versions 2.4.0 through 2.4.4. The vulnerability is caused due to a...

5.9CVSS8.5AI score0.15858EPSS
Exploits1References1
Veracode
Veracode
added 2017/06/06 3:27 a.m.26 views

Data Binding Expression Vulnerability

Spring Web Flow is vulnerable to a data binding expression vulnerability. The vulnerability is possible because the MvcViewFactoryCreator useSpringBinding property is set to false by default. Therefore, the applications which use the default settings are vulnerable to malicious EL expressions in...

5.9CVSS5.6AI score0.15858EPSS
Exploits1References5Affected Software1
Fedora
Fedora
added 2014/12/15 4:35 a.m.25 views

[SECURITY] Fedora 20 Update: castor-1.3.3-1.fc20

Castor is an open source data binding framework for Java. It's basically the shortest path between Java objects, XML documents and SQL tables. Castor provides Java to XML binding, Java to SQL persistence, and more...

4.3CVSS2.7AI score0.07794EPSS
Exploits3
Fedora
Fedora
added 2014/12/15 4:35 a.m.21 views

[SECURITY] Fedora 21 Update: castor-1.3.3-1.fc21

Castor is an open source data binding framework for Java. It's basically the shortest path between Java objects, XML documents and SQL tables. Castor provides Java to XML binding, Java to SQL persistence, and more...

4.3CVSS2.7AI score0.07794EPSS
Exploits3
seebug.org
seebug.org
added 2014/07/01 12:0 a.m.16 views

Internet Explorer Data Binding Memory Corruption

No description provided by source. $Id: ms08078xmlcorruption.rb 10394 2010-09-20 08:06:27Z jduck $ This file is part of the Metasploit Framework and may be subject to redistribution and commercial restrictions. Please see the Metasploit Framework web site for more information on licensing and ter...

7.1AI score
Exploits0
NVD
NVD
added 2012/09/28 9:55 p.m.21 views

CVE-2012-1833

VMware SpringSource Grails before 1.3.8, and 2.x before 2.0.2, does not properly restrict data binding, which might allow remote attackers to bypass intended access restrictions and modify arbitrary object properties via a crafted request parameter to an application...

5CVSS6.8AI score0.01427EPSS
Exploits1References3
Prion
Prion
added 2012/09/28 9:55 p.m.15 views

Design/Logic Flaw

VMware SpringSource Grails before 1.3.8, and 2.x before 2.0.2, does not properly restrict data binding, which might allow remote attackers to bypass intended access restrictions and modify arbitrary object properties via a crafted request parameter to an application...

5CVSS7.3AI score0.01427EPSS
Exploits1References3Affected Software1
CVE
CVE
added 2012/09/28 9:0 p.m.46 views

CVE-2012-1833

The CVE-2012-1833 entry affects VMware SpringSource Grails before 1.3.8 and Grails 2.x before 2.0.2. The root cause is improper data binding restrictions, which could allow remote attackers to bypass access controls and modify arbitrary object properties through a crafted request parameter. No ex...

5CVSS7AI score0.01427EPSS
Exploits1References3Affected Software1
Rows per page
Query Builder