3 matches found
Workbench: Insufficient authorization constraints
It was discovered that the default authorization constrains applied on servelets deployed in the KIE Workbench application were insufficient. A remote, authenticated user without sufficient privileges could use this flaw to upload or download arbitrary files, perform privileged actions that...
Xalan-Java: insufficient constraints in secure processing feature
It was found that the secure processing feature of Xalan-Java had insufficient restrictions defined for certain properties and features. A remote attacker able to provide Extensible Stylesheet Language Transformations XSLT content to be processed by an application using Xalan-Java could use this...
Xalan-Java: insufficient constraints in secure processing feature
It was found that the secure processing feature of Xalan-Java had insufficient restrictions defined for certain properties and features. A remote attacker able to provide Extensible Stylesheet Language Transformations XSLT content to be processed by an application using Xalan-Java could use this...