Lucene search
K

318 matches found

IBM Security Bulletins
IBM Security Bulletins
added 2018/06/15 7:8 a.m.19 views

Security Bulletin: Multiple vulnerabilities affect Java Server Faces (JSF) used by WebSphere Application Server (CVE-2017-1583, CVE-2011-4343)

Summary There are two potential infomation disclosure vulnerabilities that affects the Java Server Faces JSF component used by WebSphere Application Server. Vulnerability Details CVEID: CVE-2017-1583 DESCRIPTION: IBM WebSphere Application Server could allow a remote attacker to obtain sensitive...

7.5CVSS7.2AI score0.05334EPSS
Exploits1Affected Software3
Tenable Nessus
Tenable Nessus
added 2018/06/13 12:0 a.m.38 views

Cisco Prime Data Center Network Manager File Upload RCE (cisco-sa-20180502-prime-upload)

The Cisco Prime Data Center Network Manager DCNM running on the remote host is affected by a remote code execution vulnerability due to improper input validation of the parameters in an HTTP request processed by the XmpFileUploadServlet servlet. An unauthenticated, remote attacker can exploit thi...

10CVSS9.3AI score0.49867EPSS
Exploits0References2
RedHat Linux
RedHat Linux
added 2018/03/07 3:21 p.m.2 views

tomcat: Information Disclosure when using VirtualDirContext

When using a VirtualDirContext with Apache Tomcat 7.0.0 to 7.0.80 it was possible to bypass security constraints and/or view the source code of JSPs for resources served by the VirtualDirContext using a specially crafted request...

7.5CVSS7.4AI score0.708EPSS
Exploits4References5
RedHat Linux
RedHat Linux
added 2018/03/07 3:9 p.m.4 views

tomcat: Remote Code Execution via JSP Upload

A vulnerability was discovered in Tomcat where if a servlet context was configured with readonly=false and HTTP PUT requests were allowed, an attacker could upload a JSP file to that context and achieve code execution...

8.1CVSS7.5AI score0.99607EPSS
Exploits17References6
CNVD
CNVD
added 2018/02/06 12:0 a.m.3 views

DS Data Systems KonaKart eCommerce Platform Directory Traversal Vulnerability

DS Data Systems KonaKart eCommerce Platform is a Java-based eCommerce software from DS Data Systems, UK. The software enhances modules such as shopping cart, payment and order summarization. A directory traversal vulnerability exists in the administration panel of DS Data Systems KonaKart eCommer...

9.8CVSS7AI score0.02195EPSS
Exploits0References1
CNVD
CNVD
added 2018/02/06 12:0 a.m.3 views

IBM TRIRIGA Application Platform Input Validation Vulnerability

The IBM TRIRIGA Application Platform is a set of technology platforms for deploying TRIRIGA applications from IBM in the United States. The platform provides a set of design-time and run-time components for building and running its enterprise applications, respectively, and supports...

5.5CVSS7.2AI score0.00766EPSS
Exploits0References1
OSV
OSV
added 2018/02/02 9:29 p.m.6 views

CVE-2016-0300

IBM TRIRIGA Application Platform 3.3 before 3.3.2.6, 3.4 before 3.4.2.3, and 3.5 before 3.5.0.1 might allow remote attackers to access arbitrary JSP pages via vectors related to improper input validation. IBM X-Force ID: 111412...

5.4CVSS5.9AI score0.00766EPSS
Exploits0References2
RedHat Linux
RedHat Linux
added 2017/12/13 5:31 p.m.3 views

undertow: Long URL proxy request lead to java.nio.BufferOverflowException and DoS

It was discovered that a long URL sent to EAP 7 Server operating as a reverse proxy with default buffer sizes causes a Denial of Service...

7.1CVSS7.5AI score0.0248EPSS
Exploits0References4
Broadcom
Broadcom
added 2017/11/17 12:0 a.m.10 views

BSA-2017-447

Security Advisory ID : BSA-2017-447 Component : Apache Revision : 2.0: Final When running Apache Tomcat versions 9.0.0.M1 to 9.0.0, 8.5.0 to 8.5.22, 8.0.0.RC1 to 8.0.46 and 7.0.0 to 7.0.81 with HTTP PUTs enabled e.g. via setting the readonly initialisation parameter of the Default servlet to fals...

8.1CVSS8.7AI score0.99988EPSS
Exploits23
The Hacker News
The Hacker News
added 2017/10/05 12:16 a.m.396 views

Apache Tomcat Patches Important Remote Code Execution Flaw

The Apache Tomcat team has recently patched several security vulnerabilities in Apache Tomcat, one of which could allow an unauthorised attacker to execute malicious code on affected servers remotely. Apache Tomcat, developed by the Apache Software Foundation ASF, is an open source web server and...

6.8CVSS8.1AI score0.99988EPSS
Exploits36
CNVD
CNVD
added 2017/09/27 12:0 a.m.7 views

Apache Tomcat Remote Code Execution Vulnerability (CNVD-2017-30092)

Apache Tomcat is a popular open source JSP application server program. Apache Tomcat has a remote code execution vulnerability. With HTTP PUT enabled in Apache Tomcat, an attacker can upload an arbitrary JSP file to the server via a constructed request, resulting in remote code execution...

8.1CVSS8.1AI score0.99988EPSS
Exploits23References1
OSV
OSV
added 2017/09/01 5:29 p.m.5 views

CVE-2017-14105

HiveManager Classic through 8.1r1 allows arbitrary JSP code execution by modifying a backup archive before a restore, because the restore feature does not validate pathnames within the archive. An authenticated, local attacker - even restricted as a tenant - can add a jsp at...

7.8CVSS6.2AI score0.013EPSS
Exploits3References1
RedHat Linux
RedHat Linux
added 2017/08/01 3:43 p.m.4 views

tomcat: security manager bypass via JSP Servlet config parameters

It was discovered that a malicious web application could bypass a configured SecurityManager via manipulation of the configuration parameters for the JSP Servlet...

7.5CVSS7.2AI score0.08321EPSS
Exploits0References7
Fedora
Fedora
added 2017/07/07 11:21 p.m.30 views

[SECURITY] Fedora 26 Update: jetty-9.4.6-1.v20170531.fc26

Jetty is a 100% Java HTTP Server and Servlet Container. This means that you do not need to configure and run a separate web server like Apache in ord er to use Java, servlets and JSPs to generate dynamic content. Jetty is a fully featured web server for static and dynamic content. Unlike separate...

7.5CVSS0.6AI score0.05795EPSS
Exploits0
CNVD
CNVD
added 2017/06/08 12:0 a.m.3 views

CMS4J suffers from an arbitrary file download vulnerability patch bypass vulnerability

CMS4J is a CMS system developed by Beijing Paidao Network based on JSP program. CMS4J has an arbitrary file download vulnerability patch bypass vulnerability. The vulnerability arises from the DownloadFile servlet arbitrary file download repair code to download the file filtering is not strict, c...

7.3AI score
Exploits0
Prion
Prion
added 2017/04/24 7:59 p.m.30 views

Buffer overflow

Vulnerability in the Oracle GlassFish Server component of Oracle Fusion Middleware subcomponent: Java Server Faces. The supported version that is affected is 3.1.2. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Oracle...

2.6CVSS2AI score0.0152EPSS
Exploits0References3Affected Software1
OSV
OSV
added 2017/04/24 7:59 p.m.2 views

UBUNTU-CVE-2017-3626

Vulnerability in the Oracle GlassFish Server component of Oracle Fusion Middleware subcomponent: Java Server Faces. The supported version that is affected is 3.1.2. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Oracle...

3.1CVSS6.1AI score0.0152EPSS
Exploits0References3
Cvelist
Cvelist
added 2017/04/24 7:0 p.m.28 views

CVE-2017-3626

Vulnerability in the Oracle GlassFish Server component of Oracle Fusion Middleware subcomponent: Java Server Faces. The supported version that is affected is 3.1.2. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Oracle...

2AI score0.0152EPSS
Exploits0References3
Vulnrichment
Vulnrichment
added 2017/04/24 7:0 p.m.11 views

CVE-2017-3626

Vulnerability in the Oracle GlassFish Server component of Oracle Fusion Middleware subcomponent: Java Server Faces. The supported version that is affected is 3.1.2. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Oracle...

4.6AI score0.0152EPSS
Exploits0References3
Tenable Nessus
Tenable Nessus
added 2017/04/20 12:0 a.m.462 views

Oracle GlassFish Server 3.1.2.x < 3.1.2.17 Java Server Faces Information Disclosure (April 2017 CPU)

According to its self-reported version, the Oracle GlassFish Server running on the remote host is 3.1.2.x prior to 3.1.2.17. It is, therefore, affected by an unspecified flaw in the Java Server Faces subcomponent that allows an unauthenticated, remote attacker to disclose potentially sensitive...

3.1CVSS5.7AI score0.0152EPSS
Exploits0References3
Rows per page
Query Builder