Lucene search
K

39 matches found

CVE
CVE
added 2022/07/18 4:3 p.m.76 views

CVE-2022-32387

CVE-2022-32387 affects Kentico prior to version 13.0.66. An attacker can trigger a Denial of Service by sending a crafted request to the GetResource handler. The provided documents confirm the vulnerability in Kentico’s GetResource processing and indicate a DoS impact, with CVSS v3.1 base score 7...

7.5CVSS7.3AI score0.00857EPSS
Exploits0References1Affected Software1
CNNVD
CNNVD
added 2022/07/18 12:0 a.m.5 views

Kentico 安全漏洞

Kentico is an ASP.NET-based content management system CMS from Kentico, Inc. A security vulnerability exists in Kentico versions prior to 13.0.66, which can be exploited by an attacker to cause a denial of service via a specially crafted request to the GetResource handler...

7.5CVSS7.3AI score0.00857EPSS
Exploits0References2
Hacker One
Hacker One
added 2022/05/09 6:43 p.m.31 views

GitHub Security Lab: [Java]: CWE-552 Add sources and sinks to detect unsafe getResource calls in Java EE applications

This bug was reported directly to GitHub Security Lab...

1.6AI score
Exploits0
Veracode
Veracode
added 2019/01/15 9:9 a.m.165 views

Directory Traversal

Tomcat is vulnerable to directory traversal. The methods getResource, getResourceAsStream, and getResourcePaths in ServletContext do not correctly validate that the paths given to them do not contain "/..". However the impact of the directory traversal is limited as "/../" is rejected. This allow...

4.3CVSS6.5AI score0.12555EPSS
Exploits0References50Affected Software82
IBM Security Bulletins
IBM Security Bulletins
added 2018/06/17 10:33 p.m.28 views

Security Bulletin: API and CLI getResource expose secured role properties (CVE-2016-6068)

Summary IBM UrbanCode Deploy could allow an authenticated user with access to the REST endpoints to access API and CLI getResource secured role properties. Vulnerability Details CVEID: CVE-2016-6068 DESCRIPTION: IBM UrbanCode Deploy could allow an authenticated user with access to the REST...

7.5CVSS0.7AI score0.01369EPSS
Exploits0Affected Software1
RedHat Linux
RedHat Linux
added 2018/04/25 7:43 p.m.4 views

undertow: Path traversal in ServletResourceManager class

A path traversal vulnerability was discovered in Undertow's org.wildfly.extension.undertow.deployment.ServletResourceManager.getResource method. This could lead to information disclosure of arbitrary local files...

5.5CVSS6.5AI score0.00489EPSS
Exploits0References4
RedHat Linux
RedHat Linux
added 2018/04/25 6:21 p.m.3 views

undertow: Path traversal in ServletResourceManager class

A path traversal vulnerability was discovered in Undertow's org.wildfly.extension.undertow.deployment.ServletResourceManager.getResource method. This could lead to information disclosure of arbitrary local files...

5.5CVSS6.5AI score0.00489EPSS
Exploits0References4
RedHat Linux
RedHat Linux
added 2018/04/25 6:21 p.m.3 views

undertow: Path traversal in ServletResourceManager class

A path traversal vulnerability was discovered in Undertow's org.wildfly.extension.undertow.deployment.ServletResourceManager.getResource method. This could lead to information disclosure of arbitrary local files...

5.5CVSS6.5AI score0.00489EPSS
Exploits0References4
NVD
NVD
added 2018/01/24 11:29 p.m.27 views

CVE-2018-1047

A flaw was found in Wildfly 9.x. A path traversal vulnerability through the org.wildfly.extension.undertow.deployment.ServletResourceManager.getResource method could lead to information disclosure of arbitrary local files...

5.5CVSS5.2AI score0.00489EPSS
Exploits0References7
NVD
NVD
added 2017/02/01 10:59 p.m.26 views

CVE-2016-6068

IBM UrbanCode Deploy could allow an authenticated user with access to the REST endpoints to access API and CLI getResource secured role properties...

7.5CVSS7.4AI score0.01369EPSS
Exploits0References2
Cvelist
Cvelist
added 2017/02/01 10:0 p.m.25 views

CVE-2016-6068

IBM UrbanCode Deploy could allow an authenticated user with access to the REST endpoints to access API and CLI getResource secured role properties...

7.5AI score0.01369EPSS
Exploits0References2
RedHat Linux
RedHat Linux
added 2016/10/10 8:38 p.m.8 views

tomcat: URL Normalization issue

A directory traversal flaw was found in Tomcat's RequestUtil.java. A remote, authenticated user could use this flaw to bypass intended SecurityManager restrictions and list a parent directory via a '/..' in a pathname used by a web application in a getResource, getResourceAsStream, or...

4.3CVSS6.6AI score0.12555EPSS
Exploits0References5
RedHat Linux
RedHat Linux
added 2016/07/18 7:41 p.m.8 views

tomcat: URL Normalization issue

A directory traversal flaw was found in Tomcat's RequestUtil.java. A remote, authenticated user could use this flaw to bypass intended SecurityManager restrictions and list a parent directory via a '/..' in a pathname used by a web application in a getResource, getResourceAsStream, or...

4.3CVSS6.6AI score0.12555EPSS
Exploits0References5
RedHat Linux
RedHat Linux
added 2016/07/18 7:6 p.m.8 views

tomcat: URL Normalization issue

A directory traversal flaw was found in Tomcat's RequestUtil.java. A remote, authenticated user could use this flaw to bypass intended SecurityManager restrictions and list a parent directory via a '/..' in a pathname used by a web application in a getResource, getResourceAsStream, or...

4.3CVSS6.6AI score0.12555EPSS
Exploits0References5
BDU FSTEC
BDU FSTEC
added 2016/03/11 12:0 a.m.7 views

The vulnerability of the Apache Tomcat application server allows attackers to circumvent authenticity verification restrictions.

The vulnerability of the RequestUtil.java function in the Apache Tomcat application server is related to deficiencies in path name validation. Exploiting this vulnerability allows a malicious actor to bypass the authenticity verification provided by the SecurityManager by using the “/..” symbol i...

4CVSS6.6AI score0.12555EPSS
Exploits0References11Affected Software1
Debian CVE
Debian CVE
added 2016/02/25 1:0 a.m.35 views

CVE-2015-5174

Removed by vendor...

4.3CVSS6.9AI score0.12555EPSS
Exploits0
UbuntuCve
UbuntuCve
added 2016/02/24 12:0 a.m.40 views

CVE-2015-5174

Directory traversal vulnerability in RequestUtil.java in Apache Tomcat 6.x before 6.0.45, 7.x before 7.0.65, and 8.x before 8.0.27 allows remote authenticated users to bypass intended SecurityManager restrictions and list a parent directory via a /.. slash dot dot in a pathname used by a web...

4.3CVSS6.8AI score0.12555EPSS
Exploits0References3
RedHat Linux
RedHat Linux
added 2015/12/16 6:19 p.m.4 views

tomcat: URL Normalization issue

A directory traversal flaw was found in Tomcat's RequestUtil.java. A remote, authenticated user could use this flaw to bypass intended SecurityManager restrictions and list a parent directory via a '/..' in a pathname used by a web application in a getResource, getResourceAsStream, or...

4.3CVSS6.6AI score0.12555EPSS
Exploits0References5
RedHat Linux
RedHat Linux
added 2015/12/16 6:19 p.m.8 views

tomcat: URL Normalization issue

A directory traversal flaw was found in Tomcat's RequestUtil.java. A remote, authenticated user could use this flaw to bypass intended SecurityManager restrictions and list a parent directory via a '/..' in a pathname used by a web application in a getResource, getResourceAsStream, or...

4.3CVSS6.6AI score0.12555EPSS
Exploits0References5
Rows per page
Query Builder