91 matches found
PT-2021-7578 · Sap · Sap Netweaver As Java
Name of the Vulnerable Software and Affected Versions: SAP NetWeaver AS for Java version 7.50 Description: The issue is related to improper access control in SAP NetWeaver AS for Java, allowing an unauthenticated attacker to attach to an open interface and utilize an open naming and directory API...
DEBIAN-CVE-2020-36188
FasterXML jackson-databind 2.x before 2.9.10.8 mishandles the interaction between serialization gadgets and typing, related to com.newrelic.agent.deps.ch.qos.logback.core.db.JNDIConnectionSource...
OpenJDK: Credentials sent over unencrypted LDAP connection (JNDI, 8237990)
Vulnerability in the Java SE, Java SE Embedded product of Oracle Java SE component: JNDI. Supported versions that are affected are Java SE: 7u271, 8u261, 11.0.8 and 15; Java SE Embedded: 8u261. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple...
DEBIAN-CVE-2020-14781
Vulnerability in the Java SE, Java SE Embedded product of Oracle Java SE component: JNDI. Supported versions that are affected are Java SE: 7u271, 8u261, 11.0.8 and 15; Java SE Embedded: 8u261. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple...
The vulnerability of the oadd.org.apache.xalan.lib.sql.JNDIConnectionPool component in the Jackson-databind library of the FasterXML project allows a hacker to execute arbitrary code.
The vulnerability of the oadd.org.apache.xalan.lib.sql.JNDIConnectionPool component in the Jackson-databind library of the FasterXML project is related to deficiencies in the deserialization mechanism. Exploiting this vulnerability allows a malicious actor to execute arbitrary code remotely...
jackson-databind: Lacks certain xbean-reflect/JNDI blocking
A flaw was found in FasterXML jackson-databind in versions 2.0.0 through 2.9.10.2. A "gadget" exploit is possible due to a lack of a Java object being blocking from being deserialized. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availabili...
SpringBootVulExploit
This repository contains a collection of Spring Boot vulnerability exploitation tools and techniques. The tools are designed to exploit various vulnerabilities in Spring Boot applications, including remote code execution RCE, privilege escalation, and data exfiltration. The repository includes...
jackson-databind: Serialization gadgets in classes of the commons-configuration package
A flaw was discovered in jackson-databind, where it would permit polymorphic deserialization of a malicious object using commons-configuration 1 and 2 JNDI classes. An attacker could use this flaw to execute arbitrary code...
UBUNTU-CVE-2019-14892
A flaw was discovered in jackson-databind in versions before 2.9.10, 2.8.11.5 and 2.6.7.3, where it would permit polymorphic deserialization of a malicious object using commons-configuration 1 and 2 JNDI classes. An attacker could use this flaw to execute arbitrary code...
jackson-databind: Serialization gadgets in classes of the commons-configuration package
A flaw was discovered in jackson-databind, where it would permit polymorphic deserialization of a malicious object using commons-configuration 1 and 2 JNDI classes. An attacker could use this flaw to execute arbitrary code...
jackson-databind: Serialization gadgets in classes of the commons-configuration package
A flaw was discovered in jackson-databind, where it would permit polymorphic deserialization of a malicious object using commons-configuration 1 and 2 JNDI classes. An attacker could use this flaw to execute arbitrary code...
DEBIAN-CVE-2019-17531
A Polymorphic Typing issue was discovered in FasterXML jackson-databind 2.0.0 through 2.9.10. When Default Typing is enabled either globally or for a specific property for an externally exposed JSON endpoint and the service has the apache-log4j-extra version 1.2.x jar in the classpath, and an...
The vulnerability of Java SE, Java SE Embedded, and JRockit software platforms lies in their lack of access control mechanisms, allowing attackers to gain full control over the application.
The vulnerability of the JNDI component in Java SE, Java SE Embedded, and Jrockit programs is related to deficiencies in access control. Exploiting this vulnerability can allow an attacker, operating remotely, to gain full control over the application...
USN-3824-1: OpenJDK 7 vulnerabilities
It was discovered that the Security component of OpenJDK did not properly ensure that manifest elements were signed before use. An attacker could possibly use this to specially construct an untrusted Java application or applet that could escape sandbox restrictions. CVE-2018-3136 Artem Smotrakov...
Ubuntu 14.04 LTS : OpenJDK 7 vulnerabilities (USN-3824-1)
The remote Ubuntu 14.04 LTS host has packages installed that are affected by multiple vulnerabilities as referenced in the USN-3824-1 advisory. It was discovered that the Security component of OpenJDK did not properly ensure that manifest elements were signed before use. An attacker could possibl...
USN-3804-1: OpenJDK vulnerabilities
It was discovered that the Security component of OpenJDK did not properly ensure that manifest elements were signed before use. An attacker could possibly use this to specially construct an untrusted Java application or applet that could escape sandbox restrictions. CVE-2018-3136 Artem Smotrakov...
UBUNTU-CVE-2018-3149
Vulnerability in the Java SE, Java SE Embedded, JRockit component of Oracle Java SE subcomponent: JNDI. Supported versions that are affected are Java SE: 6u201, 7u191, 8u182 and 11; Java SE Embedded: 8u181; JRockit: R28.3.19. Difficult to exploit vulnerability allows unauthenticated attacker with...
OpenJDK: unbounded memory allocation in BasicAttributes deserialization (JNDI, 8191142)
Vulnerability in the Java SE, Java SE Embedded, JRockit component of Oracle Java SE subcomponent: JNDI. Supported versions that are affected are Java SE: 6u171, 7u161, 8u152 and 9.0.1; Java SE Embedded: 8u151; JRockit: R28.3.16. Easily exploitable vulnerability allows unauthenticated attacker wit...
Unspecified Vulnerability in Oracle Java SE, Java SE Embedded and Jrockit (CNVD-2018-02243)
Oracle Java SE, Java SE Embedded, and JRockit are products of Oracle Corporation. Java SE Java Platform Standard Edition is used to develop and deploy Java applications for desktops, servers, and embedded devices and real-time environments; Java SE Embedded is a Java platform for developing...
Jndi injection and Spring RCE vulnerability analysis-vulnerability warning-the black bar safety net
Foreword Because before has been traveling, and haven't done the research, eleven during the re-focus of the 2 0 1 6 BlackHat the above subject, wherein jndi injection caught my attention, this paper mainly divided into the following 3 sections, the understanding of jndi, analysis jndi injection...