EUVD-2019-10954

Malware in sbrugna...

Admin user can toggle JMX monitoring without WebSudo validation

Affected versions of Atlassian Jira Server and Data Center allow attackers with administrator privileges to bypass WebSudo validation in order to toggle JMX monitoring, via a Broken Access Control vulnerability in the JmxMonitoringAction.jspa endpoint. The affected versions are before version...

CVE-2021-41766

A flaw was found in Apache Karaf. This issue allows monitoring of applications and the Java runtime by using the Java Management Extensions JMX...

Atlassian Jira 7.13.x < 8.6.0 JMX monitoring flag CSRF Vulnerability (JRASERVER-70570)

According to its self-reported version number, the instance of Atlassian Jira hosted on the remote web server is version 7.13.x prior to 8.6.0. It is, therefore, affected by a flaw in the JMX monitoring component. An unauthenticated, remote attacker can exploit this by tricking a user into visiti...

CVE-2019-20405

The JMX monitoring flag in Atlassian Jira Server and Data Center before version 8.6.0 allows remote attackers to turn the JMX monitoring flag off or on via a Cross-site request forgery CSRF vulnerability...

Cross site request forgery (csrf)

The JMX monitoring flag in Atlassian Jira Server and Data Center before version 8.6.0 allows remote attackers to turn the JMX monitoring flag off or on via a Cross-site request forgery CSRF vulnerability...

CVE-2019-20405

The JMX monitoring flag in Atlassian Jira Server and Data Center before version 8.6.0 allows remote attackers to turn the JMX monitoring flag off or on via a Cross-site request forgery CSRF vulnerability...

JMX monitoring flag in Jira was vulnerable to XSRF/CSRF - CVE-2019-20405

The JMX monitoring flag in Atlassian Jira Server and Data Center before version 8.6.0 allows remote attackers to turn the JMX monitoring flag off or on via a Cross-site request forgery CSRF vulnerability...

Unrestricted upload of file with dangerous type in Apache Solr

The 8.1.1 and 8.2.0 releases of Apache Solr contain an insecure setting for the ENABLEREMOTEJMXOPTS configuration option in the default solr.in.sh configuration file shipping with Solr. If you use the default solr.in.sh file from the affected releases, then JMX monitoring will be enabled and...

GHSA-2289-PQFQ-6WX7 Unrestricted upload of file with dangerous type in Apache Solr

The 8.1.1 and 8.2.0 releases of Apache Solr contain an insecure setting for the ENABLEREMOTEJMXOPTS configuration option in the default solr.in.sh configuration file shipping with Solr. If you use the default solr.in.sh file from the affected releases, then JMX monitoring will be enabled and...

CVE-2019-12409

A flaw was discovered in Apache Solr, where it contains an insecure setting in the default configuration that exposes unauthenticated access to the JMX monitoring service. This flaw allows an attacker to upload malicious code for execution on the Solr server. Mitigation Per Solr guidance: "Make...

CVE-2019-12409

The 8.1.1 and 8.2.0 releases of Apache Solr contain an insecure setting for the ENABLEREMOTEJMXOPTS configuration option in the default solr.in.sh configuration file shipping with Solr. If you use the default solr.in.sh file from the affected releases, then JMX monitoring will be enabled and...

Default configuration

The 8.1.1 and 8.2.0 releases of Apache Solr contain an insecure setting for the ENABLEREMOTEJMXOPTS configuration option in the default solr.in.sh configuration file shipping with Solr. If you use the default solr.in.sh file from the affected releases, then JMX monitoring will be enabled and...

CVE-2019-12409

The 8.1.1 and 8.2.0 releases of Apache Solr contain an insecure setting for the ENABLEREMOTEJMXOPTS configuration option in the default solr.in.sh configuration file shipping with Solr. If you use the default solr.in.sh file from the affected releases, then JMX monitoring will be enabled and...

CVE-2019-12409

CVE-2019-12409 affects Apache Solr 8.1.1 and 8.2.0 where the default solr.in.sh enables ENABLE_REMOTE_JMX_OPTS, exposing JMX on RMI_PORT 18983 without authentication. Unauthenticated network access to JMX can allow uploading and execution of malicious code on the Solr server. Public exploitation ...

CVE-2019-12409

The 8.1.1 and 8.2.0 releases of Apache Solr contain an insecure setting for the ENABLEREMOTEJMXOPTS configuration option in the default solr.in.sh configuration file shipping with Solr. If you use the default solr.in.sh file from the affected releases, then JMX monitoring will be enabled and...

Apache Tomcat multiple versions of a remote code execution CVE-2016-8735(POC)-vulnerability warning-the black bar safety net

Background description Tomcat is by Apache Software Foundation subordinate's Jakarta a project development Servlet vessel, in accordance with Sun Microsystems to provide the technical specifications, the realization of the Servlet and JavaServer Page（JSP）support, and provides as aWeb serversome...

Apache Tomcat Remote Code Execution（CVE-2016-8735）

Update 12/04 : the need to note that in conf/server,xml to increase the configuration, you need the catalina-jmx-remote. the jar and the groovy-2.3.9. jar package into lib directory And modify the CATALINAOPTS"-Dcom. sun. management. jmxremote. ssl=false-Dcom. sun. management. jmxremote...