190 matches found
CVE-2017-8039
An issue was discovered in Pivotal Spring Web Flow through 2.4.5. Applications that do not change the value of the MvcViewFactoryCreator useSpringBinding property which is disabled by default i.e., set to 'false' can be vulnerable to malicious EL expressions in view states that process form...
[SECURITY] Fedora 26 Update: jackson-databind-2.7.6-5.fc26
General data-binding functionality for Jackson: works on core streaming API...
[SECURITY] Fedora 27 Update: jackson-databind-2.7.6-5.fc27
General data-binding functionality for Jackson: works on core streaming API...
Data Binding Expression Vulnerability
spring-webflow is vulnerable to a data binding expression vulnerability. The vulnerability is caused when the MvcViewFactoryCreator useSpringBinding property is set to false by default. Therefore, applications which use the default settings are vulnerable to malicious EL expressions in view state...
Data Binding Expression Vulnerability in Spring Web Flow
This CVE addresses a second path to exploiting the same vulnerability as the one described under CVE-2017-4971 . Applications that do not change the value of the MvcViewFactoryCreator useSpringBinding property which is disabled by default i.e. set to “false” can be vulnerable to malicious EL...
[SECURITY] Fedora 26 Update: jackson-databind-2.7.6-3.fc26
General data-binding functionality for Jackson: works on core streaming API...
[SECURITY] Fedora 25 Update: jackson-databind-2.7.6-3.fc25
General data-binding functionality for Jackson: works on core streaming API...
[SECURITY] Fedora 24 Update: jackson-databind-2.6.3-3.fc24
General data-binding functionality for Jackson: works on core streaming API...
CVE-2017-4971
An issue was discovered in Pivotal Spring Web Flow through 2.4.4. Applications that do not change the value of the MvcViewFactoryCreator useSpringBinding property which is disabled by default i.e., set to 'false' can be vulnerable to malicious EL expressions in view states that process form...
CVE-2017-4971
An issue was discovered in Pivotal Spring Web Flow through 2.4.4. Applications that do not change the value of the MvcViewFactoryCreator useSpringBinding property which is disabled by default i.e., set to 'false' can be vulnerable to malicious EL expressions in view states that process form...
Pivotal Spring Web Flow Security Bypass Vulnerability(CVE-2017-4971)
Author: iswin@ThreatHunter A. Vulnerability description This vulnerability is in year 6 at the beginning has just been submittedtransfer Gate, the official and there is no detailed information, by the official Description and a patch of the contrast, we can roughly infer should be the Spring Web...
CVE-2017-4971: Spring WebFlow remote code execution vulnerability analysis-vulnerability warning-the black bar safety net
Spring severe of these vulnerabilities have traditionally not too much, before the more serious that problem is Spring's JavaBean automatic binding function, the result can be control class, which can lead to the use of certain characteristics of the execution of arbitrary code, but that...
Pivotal Spring Web Flow Remote Code Execution Vulnerability
Pivotal Spring Web Flow is a web application from Pivotal Software, Inc. that provides navigation for check-in, loan application or shopping cart checkout. A remote code execution vulnerability exists in Pivotal Spring Web Flow versions 2.4.0 through 2.4.4. The vulnerability is caused due to a...
Data Binding Expression Vulnerability
Spring Web Flow is vulnerable to a data binding expression vulnerability. The vulnerability is possible because the MvcViewFactoryCreator useSpringBinding property is set to false by default. Therefore, the applications which use the default settings are vulnerable to malicious EL expressions in...
[SECURITY] Fedora 20 Update: castor-1.3.3-1.fc20
Castor is an open source data binding framework for Java. It's basically the shortest path between Java objects, XML documents and SQL tables. Castor provides Java to XML binding, Java to SQL persistence, and more...
[SECURITY] Fedora 21 Update: castor-1.3.3-1.fc21
Castor is an open source data binding framework for Java. It's basically the shortest path between Java objects, XML documents and SQL tables. Castor provides Java to XML binding, Java to SQL persistence, and more...
Internet Explorer Data Binding Memory Corruption
No description provided by source. $Id: ms08078xmlcorruption.rb 10394 2010-09-20 08:06:27Z jduck $ This file is part of the Metasploit Framework and may be subject to redistribution and commercial restrictions. Please see the Metasploit Framework web site for more information on licensing and ter...
CVE-2012-1833
VMware SpringSource Grails before 1.3.8, and 2.x before 2.0.2, does not properly restrict data binding, which might allow remote attackers to bypass intended access restrictions and modify arbitrary object properties via a crafted request parameter to an application...
Design/Logic Flaw
VMware SpringSource Grails before 1.3.8, and 2.x before 2.0.2, does not properly restrict data binding, which might allow remote attackers to bypass intended access restrictions and modify arbitrary object properties via a crafted request parameter to an application...
CVE-2012-1833
The CVE-2012-1833 entry affects VMware SpringSource Grails before 1.3.8 and Grails 2.x before 2.0.2. The root cause is improper data binding restrictions, which could allow remote attackers to bypass access controls and modify arbitrary object properties through a crafted request parameter. No ex...