IBM WebSphere Application Server Elevation of Privilege Vulnerability (CNVD-2021-71530)

IBM WebSphere Application Server WAS is an application server developed and distributed by IBM in compliance with open standards, such as Java EE, XML and Web Services. IBM WebSphere Application Server versions 7.0, 8.0, 8.5, 9.0 An elevation of privilege vulnerability exists. A remote attacker...

Apache Struts forced OGNL evaluation

Added: 02/03/2021 Background Apache Struts is an open-source web application framework for developing Java EE web applications. It uses and extends the Java Servlet API to encourage developers to adopt a model-view-controller MVC architecture. Struts uses Object-Graph Navigation Language OGNL to...

Fedora: Security Advisory for eclipse-webtools (FEDORA-2020-cf8ef2f333)

The remote host is missing an update for the Copyright C 2020 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This program is free software; you can...

[SECURITY] Fedora 32 Update: eclipse-webtools-3.18.0-4.fc32

Eclipse Webtools. This contains sub-packages for different sub-projects of Eclipse Webtools project, including Server Tools, SourceEditing Tools, Webservices Tools, Java EE Tools, JSF Tools, and Dali JPA Tools...

Apache TomEE Authorization Issues Vulnerability

Apache TomEE is the United States Apache Software Apache Software Foundation of a lightweight Java EE application server . An authorization issue vulnerability exists in Apache TomEE. An attacker can exploit the vulnerability by sending a specially crafted request using the 'useJMX=true' paramete...

Oracle Mojarra JSF / Eclipse Mojarra JSF 2.2 / 2.3 Cross Site Scripting

SEC Consult Vulnerability Lab Security Advisory ======================================================================= title: Reflected Cross-Site Scripting XSS product: Oracle Mojarra JSF included in Java EE 7 Eclipse Mojarra JSF vulnerable version: 2.2 & 2.3 fixed version:...

Apache Struts undefined namespace vulnerability

Added: 09/05/2018 BID: 105125 Background Apache Struts is an open-source web application framework for developing Java EE web applications. It uses and extends the Java Servlet API to encourage developers to adopt a model-view-controller MVC architecture. Problem A remote attacker can execute...

RHEL 7 : JBoss EAP (RHSA-2016:1839)

Updated packages that provide Red Hat JBoss Enterprise Application Platform 7.0.2, fix several bugs, and add various enhancements are now available for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scori...

RHEL 7 : JBoss EAP (RHSA-2016:2641)

Updated packages that provides Red Hat JBoss Enterprise Application Platform 7.0.3, fixes several bugs, and adds various enhancements are now available for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability...

Syhunt Community Hybrid Scanner v6.2

Syhunt Community is a hybrid static and dynamic web application security scanner. Syhunt is able to scan any kind of application source code for potential security vulnerabilities, pinpointing the exact lines of the code that need to be patched. Or you can simply enter a start URL and get detaile...

Apache Tomcat Patches Important Security Vulnerabilities

The Apache Software Foundation ASF has released security updates to address several vulnerabilities in its Tomcat application server, one of which could allow a remote attacker to obtain sensitive information. Apache Tomcat is an open source web server and servlet system, which uses several Java ...

Apache Struts 2 Struts 1 plugin Showcase OGNL code execution

Added: 06/06/2018 CVE: CVE-2017-9791 BID: 99484 Background Apache Struts is an open-source web application framework for developing Java EE web applications. The Struts 1 plugin allows developers to use Struts 1 Actions and ActionForms in Struts 2 applications. The Showcase application is an...

Apache Struts 2 Struts 1 plugin Showcase OGNL code execution

Added: 06/06/2018 CVE: CVE-2017-9791 BID: 99484 Background Apache Struts is an open-source web application framework for developing Java EE web applications. The Struts 1 plugin allows developers to use Struts 1 Actions and ActionForms in Struts 2 applications. The Showcase application is an...

Oracle WebLogic HTTP Detection

Oracle formerly BEA WebLogic, a Java EE application server, is running on the remote web server. C Tenable Network Security, Inc. include"compat.inc"; if description scriptid109553; scriptversion"1.4"; scriptcvsdate"Date: 2019/11/22"; scriptnameenglish:"Oracle WebLogic HTTP Detection";...

Oracle WebLogic SNMP Detection (TCP)

Oracle WebLogic, a Java EE application server, was detected on the remote host. TRUSTED...

Oracle WebLogic SNMP Detection (UDP)

Oracle WebLogic, a Java EE application server, was detected on the remote host. TRUSTED...

wildPwn - Brute forcer and shell deployer for WildFly (JBoss AS)

WildFly, formerly known as JBoss AS, or simply JBoss, is an application server authored by JBoss, now developed by Red Hat. WildFly is written in Java, and implements the Java Platform, Enterprise Edition Java EE specification. It runs on multiple platforms. WildFly is free and open-source...

Apache Tomcat Patches Important Remote Code Execution Flaw

The Apache Tomcat team has recently patched several security vulnerabilities in Apache Tomcat, one of which could allow an unauthorised attacker to execute malicious code on affected servers remotely. Apache Tomcat, developed by the Apache Software Foundation ASF, is an open source web server and...

Apache Struts REST plugin XStream deserialization vulnerability

Added: 09/08/2017 CVE: CVE-2017-9805 BID: 100609 Background Apache Struts is an open-source web application framework for developing Java EE web applications. It uses and extends the Java Servlet API to encourage developers to adopt a model-view-controller MVC architecture. Problem The REST plugi...

[SECURITY] Fedora 25 Update: springframework-security-3.2.10-1.fc25

Spring Security is a Java/Java EE framework that provides advanced authentication, authorization and other comprehensive security features for enterprise applications. In addition to having a comprehensive list of security functionality, Spring Security is very configurable and employs the Spring...