39 matches found
CVE-2022-32387
CVE-2022-32387 affects Kentico prior to version 13.0.66. An attacker can trigger a Denial of Service by sending a crafted request to the GetResource handler. The provided documents confirm the vulnerability in Kentico’s GetResource processing and indicate a DoS impact, with CVSS v3.1 base score 7...
Kentico 安全漏洞
Kentico is an ASP.NET-based content management system CMS from Kentico, Inc. A security vulnerability exists in Kentico versions prior to 13.0.66, which can be exploited by an attacker to cause a denial of service via a specially crafted request to the GetResource handler...
GitHub Security Lab: [Java]: CWE-552 Add sources and sinks to detect unsafe getResource calls in Java EE applications
This bug was reported directly to GitHub Security Lab...
Directory Traversal
Tomcat is vulnerable to directory traversal. The methods getResource, getResourceAsStream, and getResourcePaths in ServletContext do not correctly validate that the paths given to them do not contain "/..". However the impact of the directory traversal is limited as "/../" is rejected. This allow...
Security Bulletin: API and CLI getResource expose secured role properties (CVE-2016-6068)
Summary IBM UrbanCode Deploy could allow an authenticated user with access to the REST endpoints to access API and CLI getResource secured role properties. Vulnerability Details CVEID: CVE-2016-6068 DESCRIPTION: IBM UrbanCode Deploy could allow an authenticated user with access to the REST...
undertow: Path traversal in ServletResourceManager class
A path traversal vulnerability was discovered in Undertow's org.wildfly.extension.undertow.deployment.ServletResourceManager.getResource method. This could lead to information disclosure of arbitrary local files...
undertow: Path traversal in ServletResourceManager class
A path traversal vulnerability was discovered in Undertow's org.wildfly.extension.undertow.deployment.ServletResourceManager.getResource method. This could lead to information disclosure of arbitrary local files...
undertow: Path traversal in ServletResourceManager class
A path traversal vulnerability was discovered in Undertow's org.wildfly.extension.undertow.deployment.ServletResourceManager.getResource method. This could lead to information disclosure of arbitrary local files...
CVE-2018-1047
A flaw was found in Wildfly 9.x. A path traversal vulnerability through the org.wildfly.extension.undertow.deployment.ServletResourceManager.getResource method could lead to information disclosure of arbitrary local files...
CVE-2016-6068
IBM UrbanCode Deploy could allow an authenticated user with access to the REST endpoints to access API and CLI getResource secured role properties...
CVE-2016-6068
IBM UrbanCode Deploy could allow an authenticated user with access to the REST endpoints to access API and CLI getResource secured role properties...
tomcat: URL Normalization issue
A directory traversal flaw was found in Tomcat's RequestUtil.java. A remote, authenticated user could use this flaw to bypass intended SecurityManager restrictions and list a parent directory via a '/..' in a pathname used by a web application in a getResource, getResourceAsStream, or...
tomcat: URL Normalization issue
A directory traversal flaw was found in Tomcat's RequestUtil.java. A remote, authenticated user could use this flaw to bypass intended SecurityManager restrictions and list a parent directory via a '/..' in a pathname used by a web application in a getResource, getResourceAsStream, or...
tomcat: URL Normalization issue
A directory traversal flaw was found in Tomcat's RequestUtil.java. A remote, authenticated user could use this flaw to bypass intended SecurityManager restrictions and list a parent directory via a '/..' in a pathname used by a web application in a getResource, getResourceAsStream, or...
The vulnerability of the Apache Tomcat application server allows attackers to circumvent authenticity verification restrictions.
The vulnerability of the RequestUtil.java function in the Apache Tomcat application server is related to deficiencies in path name validation. Exploiting this vulnerability allows a malicious actor to bypass the authenticity verification provided by the SecurityManager by using the “/..” symbol i...
CVE-2015-5174
Removed by vendor...
CVE-2015-5174
Directory traversal vulnerability in RequestUtil.java in Apache Tomcat 6.x before 6.0.45, 7.x before 7.0.65, and 8.x before 8.0.27 allows remote authenticated users to bypass intended SecurityManager restrictions and list a parent directory via a /.. slash dot dot in a pathname used by a web...
tomcat: URL Normalization issue
A directory traversal flaw was found in Tomcat's RequestUtil.java. A remote, authenticated user could use this flaw to bypass intended SecurityManager restrictions and list a parent directory via a '/..' in a pathname used by a web application in a getResource, getResourceAsStream, or...
tomcat: URL Normalization issue
A directory traversal flaw was found in Tomcat's RequestUtil.java. A remote, authenticated user could use this flaw to bypass intended SecurityManager restrictions and list a parent directory via a '/..' in a pathname used by a web application in a getResource, getResourceAsStream, or...