Lucene search
+L

12 matches found

EUVD
EUVD
added 2025/10/03 8:7 p.m.20 views

EUVD-2022-3690

Malicious code in bioql PyPI...

7.5CVSS7.6AI score0.02202EPSS
Exploits0References6
EUVD
EUVD
added 2025/10/03 8:7 p.m.27 views

EUVD-2022-5322

Malicious code in bioql PyPI...

7.5CVSS7.7AI score0.06827EPSS
Exploits0References20
Github Security Blog
Github Security Blog
added 2022/05/14 1:23 a.m.28 views

Apache Solr Kerberos delegation token functionality flaws

Apache Solr's Kerberos plugin can be configured to use delegation tokens, which allows an application to reuse the authentication of an end-user or another application. There are two issues with this functionality when using SecurityAwareZkACLProvider type of ACL provider e.g. SaslZkACLProvider...

7.5CVSS3.7AI score0.02202EPSS
Exploits0References4Affected Software1
OSV
OSV
added 2022/05/14 1:23 a.m.11 views

GHSA-F553-J2GV-G5R9 Apache Solr Kerberos delegation token functionality flaws

Apache Solr's Kerberos plugin can be configured to use delegation tokens, which allows an application to reuse the authentication of an end-user or another application. There are two issues with this functionality when using SecurityAwareZkACLProvider type of ACL provider e.g. SaslZkACLProvider...

7.5CVSS5.9AI score0.02202EPSS
Exploits0References3
OSV
OSV
added 2022/05/13 1:9 a.m.2 views

GHSA-V936-X3J5-C76J Session Fixation in Apache CXF

Apache CXF's STSClient before 3.1.11 and 3.0.13 uses a flawed way of caching tokens that are associated with delegation tokens, which means that an attacker could craft a token which would return an identifer corresponding to a cached token for another user...

7.5CVSS7.1AI score0.06827EPSS
Exploits0References14
Github Security Blog
Github Security Blog
added 2022/05/13 1:9 a.m.36 views

Session Fixation in Apache CXF

Apache CXF's STSClient before 3.1.11 and 3.0.13 uses a flawed way of caching tokens that are associated with delegation tokens, which means that an attacker could craft a token which would return an identifer corresponding to a cached token for another user...

7.5CVSS7.4AI score0.06827EPSS
Exploits0References14Affected Software1
RedHat Linux
RedHat Linux
added 2018/05/22 4:52 p.m.5 views

cxf: CXF's STSClient uses a flawed way of caching tokens that are associated with delegation tokens

It was found that the token cacher in Apache cxf uses a flawed way of caching tokens that are associated with the delegation token received from Security Token Service STS. This vulnerability could allow an attacker to craft a token which could return an identifier corresponding to a cached token...

7.5CVSS7.2AI score0.06827EPSS
Exploits0References5
CNVD
CNVD
added 2017/09/21 12:0 a.m.35 views

Apache Solr Kerberos Plugin Remote Elevation of Privilege Vulnerability

Apache Solr is the United States Apache Apache Software Foundation of a search server based on Lucene a full-text search engine architecture, which supports the level of search , vertical search , highlighting search results , a variety of output formats , etc. Kerberos plugin is one of the netwo...

7.5CVSS7.7AI score0.02202EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2017/09/20 11:50 a.m.24 views

CVE-2017-9803

Apache Solr's Kerberos plugin can be configured to use delegation tokens, which allows an application to reuse the authentication of an end-user or another application. There are two issues with this functionality when using SecurityAwareZkACLProvider type of ACL provider e.g. SaslZkACLProvider...

8.1CVSS3.8AI score0.02202EPSS
Exploits0References1
OSV
OSV
added 2017/09/18 9:29 p.m.19 views

CVE-2017-9803

Apache Solr's Kerberos plugin can be configured to use delegation tokens, which allows an application to reuse the authentication of an end-user or another application. There are two issues with this functionality when using SecurityAwareZkACLProvider type of ACL provider e.g. SaslZkACLProvider...

7.5CVSS7.2AI score
Exploits0References2
Cvelist
Cvelist
added 2017/09/18 9:0 p.m.22 views

CVE-2017-9803

Apache Solr's Kerberos plugin can be configured to use delegation tokens, which allows an application to reuse the authentication of an end-user or another application. There are two issues with this functionality when using SecurityAwareZkACLProvider type of ACL provider e.g. SaslZkACLProvider...

7.8AI score0.02202EPSS
Exploits0References2
RedHat Linux
RedHat Linux
added 2017/08/10 11:3 p.m.7 views

cxf: CXF's STSClient uses a flawed way of caching tokens that are associated with delegation tokens

It was found that the token cacher in Apache cxf uses a flawed way of caching tokens that are associated with the delegation token received from Security Token Service STS. This vulnerability could allow an attacker to craft a token which could return an identifier corresponding to a cached token...

7.5CVSS7.2AI score0.06827EPSS
Exploits0References5
Rows per page
Query Builder