Lucene search
+L

12 matches found

EUVD
EUVD
added 2025/10/03 8:7 p.m.20 views

EUVD-2022-3690

Malicious code in bioql PyPI...

7.5CVSS7.6AI score0.02202EPSS
Exploits0References6
EUVD
EUVD
added 2025/10/03 8:7 p.m.27 views

EUVD-2022-5322

Malicious code in bioql PyPI...

7.5CVSS7.7AI score0.06827EPSS
Exploits0References20
Github Security Blog
Github Security Blog
added 2022/05/14 1:23 a.m.29 views

Apache Solr Kerberos delegation token functionality flaws

Apache Solr's Kerberos plugin can be configured to use delegation tokens, which allows an application to reuse the authentication of an end-user or another application. There are two issues with this functionality when using SecurityAwareZkACLProvider type of ACL provider e.g. SaslZkACLProvider...

7.5CVSS3.7AI score0.02202EPSS
Exploits0References4Affected Software1
OSV
OSV
added 2022/05/14 1:23 a.m.25 views

GHSA-F553-J2GV-G5R9 Apache Solr Kerberos delegation token functionality flaws

Apache Solr's Kerberos plugin can be configured to use delegation tokens, which allows an application to reuse the authentication of an end-user or another application. There are two issues with this functionality when using SecurityAwareZkACLProvider type of ACL provider e.g. SaslZkACLProvider...

7.5CVSS5.9AI score0.02202EPSS
Exploits0References3
Github Security Blog
Github Security Blog
added 2022/05/13 1:9 a.m.37 views

Session Fixation in Apache CXF

Apache CXF's STSClient before 3.1.11 and 3.0.13 uses a flawed way of caching tokens that are associated with delegation tokens, which means that an attacker could craft a token which would return an identifer corresponding to a cached token for another user...

7.5CVSS7.4AI score0.06827EPSS
Exploits0References14Affected Software1
OSV
OSV
added 2022/05/13 1:9 a.m.3 views

GHSA-V936-X3J5-C76J Session Fixation in Apache CXF

Apache CXF's STSClient before 3.1.11 and 3.0.13 uses a flawed way of caching tokens that are associated with delegation tokens, which means that an attacker could craft a token which would return an identifer corresponding to a cached token for another user...

7.5CVSS7.1AI score0.06827EPSS
Exploits0References14
RedHat Linux
RedHat Linux
added 2018/05/22 4:52 p.m.5 views

cxf: CXF's STSClient uses a flawed way of caching tokens that are associated with delegation tokens

It was found that the token cacher in Apache cxf uses a flawed way of caching tokens that are associated with the delegation token received from Security Token Service STS. This vulnerability could allow an attacker to craft a token which could return an identifier corresponding to a cached token...

7.5CVSS7.2AI score0.06827EPSS
Exploits0References5
CNVD
CNVD
added 2017/09/21 12:0 a.m.35 views

Apache Solr Kerberos Plugin Remote Elevation of Privilege Vulnerability

Apache Solr is the United States Apache Apache Software Foundation of a search server based on Lucene a full-text search engine architecture, which supports the level of search , vertical search , highlighting search results , a variety of output formats , etc. Kerberos plugin is one of the netwo...

7.5CVSS7.7AI score0.02202EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2017/09/20 11:50 a.m.25 views

CVE-2017-9803

Apache Solr's Kerberos plugin can be configured to use delegation tokens, which allows an application to reuse the authentication of an end-user or another application. There are two issues with this functionality when using SecurityAwareZkACLProvider type of ACL provider e.g. SaslZkACLProvider...

8.1CVSS3.8AI score0.02202EPSS
Exploits0References1
OSV
OSV
added 2017/09/18 9:29 p.m.20 views

CVE-2017-9803

Apache Solr's Kerberos plugin can be configured to use delegation tokens, which allows an application to reuse the authentication of an end-user or another application. There are two issues with this functionality when using SecurityAwareZkACLProvider type of ACL provider e.g. SaslZkACLProvider...

7.5CVSS7.2AI score
Exploits0References2
Cvelist
Cvelist
added 2017/09/18 9:0 p.m.23 views

CVE-2017-9803

Apache Solr's Kerberos plugin can be configured to use delegation tokens, which allows an application to reuse the authentication of an end-user or another application. There are two issues with this functionality when using SecurityAwareZkACLProvider type of ACL provider e.g. SaslZkACLProvider...

7.8AI score0.02202EPSS
Exploits0References2
RedHat Linux
RedHat Linux
added 2017/08/10 11:3 p.m.7 views

cxf: CXF's STSClient uses a flawed way of caching tokens that are associated with delegation tokens

It was found that the token cacher in Apache cxf uses a flawed way of caching tokens that are associated with the delegation token received from Security Token Service STS. This vulnerability could allow an attacker to craft a token which could return an identifier corresponding to a cached token...

7.5CVSS7.2AI score0.06827EPSS
Exploits0References5
Rows per page
Query Builder