9085 matches found
Design/Logic Flaw
JBoss Drools, Red Hat JBoss BRMS before 6.0.1, and Red Hat JBoss BPM Suite before 6.0.1 allows remote authenticated users to execute arbitrary Java code via a 1 MVFLEX Expression Language MVEL or 2 Drools expression...
CVE-2013-6468
JBoss Drools, Red Hat JBoss BRMS before 6.0.1, and Red Hat JBoss BPM Suite before 6.0.1 allows remote authenticated users to execute arbitrary Java code via a 1 MVFLEX Expression Language MVEL or 2 Drools expression...
Drools任意代码执行漏洞
Bugtraq ID:66659 CVE ID:CVE-2013-6468 Drools具有一个易于访问企业策略、易于调整以及易于管理的开源业务规则引擎,符合业内标准,速度快、效率高。 Drools存在一个安全漏洞,允许远程通过验证的攻击者在MVEL或者Drools表达式中提交任意Java代码,可以应用服务安全上下文执行任意代码。 0 Drools 目前厂商已经发布了升级补丁以修复漏洞,请下载使用: https://rhn.redhat.com/errata/RHSA-2014-0371.html...
Drools: Remote Java Code Execution in MVEL
JBoss Drools, Red Hat JBoss BRMS before 6.0.1, and Red Hat JBoss BPM Suite before 6.0.1 allows remote authenticated users to execute arbitrary Java code via a 1 MVFLEX Expression Language MVEL or 2 Drools expression...
Drools: Remote Java Code Execution in MVEL
JBoss Drools, Red Hat JBoss BRMS before 6.0.1, and Red Hat JBoss BPM Suite before 6.0.1 allows remote authenticated users to execute arbitrary Java code via a 1 MVFLEX Expression Language MVEL or 2 Drools expression...
Updated file packages fix security vulnerabilities
The BEGIN regular expression in the awk script detector in magic/Magdir/commands in file before 5.15 uses multiple wildcards with unlimited repetitions, which allows context-dependent attackers to cause a denial of service CPU consumption via a crafted ASCII file that triggers a large amount of...
MGASA-2014-0142 Updated file packages fix security vulnerabilities
The BEGIN regular expression in the awk script detector in magic/Magdir/commands in file before 5.15 uses multiple wildcards with unlimited repetitions, which allows context-dependent attackers to cause a denial of service CPU consumption via a crafted ASCII file that triggers a large amount of...
Kaspersky Internet Security常规表达式模式处理拒绝服务漏洞
Kaspersky Internet Security是卡巴斯基互联网安全套装。 Kaspersky Internet Security 14.0.0.4651及其他版本处理常规表达式模式时出现错误,可被恶意利用耗尽CPU资源,导致拒绝服务。 0 Kaspersky Labs Kaspersky Internet Security 14.0.0.4651 目前厂商还没有提供补丁或者升级程序: http://www.kaspersky.com/...
Design/Logic Flaw
The BEGIN regular expression in the awk script detector in magic/Magdir/commands in file before 5.15 uses multiple wildcards with unlimited repetitions, which allows context-dependent attackers to cause a denial of service CPU consumption via a crafted ASCII file that triggers a large amount of...
Amazon Linux AMI : ruby19 (ALAS-2014-290)
Algorithmic complexity vulnerability in Gem::Version::ANCHOREDVERSIONPATTERN in lib/rubygems/version.rb in RubyGems before 1.8.23.2, 1.8.24 through 1.8.26, 2.0.x before 2.0.10, and 2.1.x before 2.1.5, as used in Ruby 1.9.0 through 2.0.0p247, allows remote attackers to cause a denial of service CP...
Medium: ruby19
Issue Overview: Algorithmic complexity vulnerability in Gem::Version::ANCHOREDVERSIONPATTERN in lib/rubygems/version.rb in RubyGems before 1.8.23.2, 1.8.24 through 1.8.26, 2.0.x before 2.0.10, and 2.1.x before 2.1.5, as used in Ruby 1.9.0 through 2.0.0p247, allows remote attackers to cause a deni...
rubygems: version regex algorithmic complexity vulnerability
A denial of service vulnerability exists in the RubyGems versions 2.0.7 or older, such that when RubyGems validates versioning it performs a wrong regular expression causing resource consumption due to algorithmic complexity...
Camel: remote code execution via header field manipulation
Apache Camel before 2.9.7, 2.10.0 before 2.10.7, 2.11.0 before 2.11.2, and 2.12.0 allows remote attackers to execute arbitrary simple language expressions by including "$simple" in a CamelFileName message header to a 1 FILE or 2 FTP producer...
CVE-2013-7176
config/filter.d/postfix.conf in the postfix filter in Fail2ban before 0.8.11 allows remote attackers to trigger the blocking of an arbitrary IP address via a crafted e-mail address that matches an improperly designed regular expression...
CVE-2013-7177
config/filter.d/cyrus-imap.conf in the cyrus-imap filter in Fail2ban before 0.8.11 allows remote attackers to trigger the blocking of an arbitrary IP address via a crafted e-mail address that matches an improperly designed regular expression...
Design/Logic Flaw
config/filter.d/cyrus-imap.conf in the cyrus-imap filter in Fail2ban before 0.8.11 allows remote attackers to trigger the blocking of an arbitrary IP address via a crafted e-mail address that matches an improperly designed regular expression...
CVE-2013-7176
config/filter.d/postfix.conf in the postfix filter in Fail2ban before 0.8.11 allows remote attackers to trigger the blocking of an arbitrary IP address via a crafted e-mail address that matches an improperly designed regular expression...
CVE-2013-7177
config/filter.d/cyrus-imap.conf in the cyrus-imap filter in Fail2ban before 0.8.11 allows remote attackers to trigger the blocking of an arbitrary IP address via a crafted e-mail address that matches an improperly designed regular expression...
Design/Logic Flaw
config/filter.d/postfix.conf in the postfix filter in Fail2ban before 0.8.11 allows remote attackers to trigger the blocking of an arbitrary IP address via a crafted e-mail address that matches an improperly designed regular expression...
CVE-2013-7177
Summary of CVE-2013-7177 : Fail2ban (vulnerable up to 0.8.10) contains a faulty cyrus-imap failregex in its config filter (config/filter.d/cyrus-imap.conf). The improper design allows remote attackers to trigger the banning of an arbitrary IP via a crafted email address, due to regex weaknesses i...