Lucene search
K

10 matches found

RedHat Linux
RedHat Linux
added 2025/12/10 2:44 p.m.3 views

tomcat: org.apache.tomcat/tomcat-catalina: Apache Tomcat: Directory traversal via rewrite with possible RCE

A directory traversal vulnerability in Apache Tomcat caused by improper URL normalization during request rewriting. When specific rewrite rules are used, an attacker could craft a malicious request to bypass access restrictions and reach protected directories such as /WEB-INF/ or /META-INF/. If...

7.5CVSS7.7AI score0.66535EPSS
Exploits4References6
EUVD
EUVD
added 2025/10/07 12:30 a.m.3 views

EUVD-2020-23785

Malware in sbrugna...

5.3CVSS5.5AI score0.01233EPSS
Exploits0References2
Tenable Nessus
Tenable Nessus
added 2023/03/14 12:0 a.m.40 views

Atlassian Jira 8.0.0 < 8.0.4 Multiple Vulnerabilities

According to its self-reported version number, the instance of Atlassian Jira hosted on the remote web server is version 7.13.0 prior to 7.13.4, 8.0.0 prior to 8.0.4 or 8.1.0 prior to 8.1.1. It is, therefore, affected by multiple vulnerabilities: - A vulnerability which permits remote attackers w...

8.1CVSS6.5AI score0.59832EPSS
Exploits2References6
NVD
NVD
added 2019/05/22 6:29 p.m.24 views

CVE-2019-8442

The CachingResourceDownloadRewriteRule class in Jira before version 7.13.4, and from version 8.0.0 before version 8.0.4, and from version 8.1.0 before version 8.1.1 allows remote attackers to access files in the Jira webroot under the META-INF directory via a lax path access check...

7.5CVSS7.4AI score0.59832EPSS
Exploits1References2
Cvelist
Cvelist
added 2019/05/22 5:39 p.m.38 views

CVE-2019-8442

The CachingResourceDownloadRewriteRule class in Jira before version 7.13.4, and from version 8.0.0 before version 8.0.4, and from version 8.1.0 before version 8.1.1 allows remote attackers to access files in the Jira webroot under the META-INF directory via a lax path access check...

7.4AI score0.59832EPSS
Exploits1References2
CVE
CVE
added 2019/05/22 5:39 p.m.165 views

CVE-2019-8442

CVE-2019-8442 (Jira) : Jira prior to 7.13.4; 8.0.x before 8.0.4; 8.1.x before 8.1.1 permits remote attackers to access files under the Jira webroot META-INF via a lax path access check in the CachingResourceDownloadRewriteRule. The Nuclei template details a local file inclusion path traversal vul...

7.5CVSS7.2AI score0.59832EPSS
In wildExploits1References2Affected Software2
Atlassian
Atlassian
added 2019/04/29 3:50 a.m.45 views

Lax path access check allowing access to webroot files in the META-INF directory in the CachingResourceDownloadRewriteRule class - CVE-2019-8442

The CachingResourceDownloadRewriteRule class in Jira before version 7.13.4, and from version 8.0.0 before version 8.0.4, and from version 8.1.0 before version 8.1.1 allows remote attackers to access files in the Jira webroot under the META-INF directory via a lax path access check...

7.5CVSS7.3AI score0.59832EPSS
Exploits1
BDU FSTEC
BDU FSTEC
added 2016/04/19 12:0 a.m.6 views

The vulnerability of the WildFly application server in Java, which allows a hacker to read confidential files

The vulnerability of the WildFly application server in Java relates to the use of an incomplete blacklist. Exploiting this vulnerability allows a malicious actor to read confidential files in the WEB-INF or META-INF directories by using a query containing lowercase characters or “ meaningless”...

5CVSS7.2AI score0.15572EPSS
Exploits3References5Affected Software1
NVD
NVD
added 2014/04/15 11:55 p.m.21 views

CVE-2014-2857

The default configuration of the Resources plugin 1.0.0 before 1.2.6 for Pivotal Grails 2.0.0 through 2.3.6 does not properly restrict access to files in the META-INF directory, which allows remote attackers to obtain sensitive information via a direct request. NOTE: this issue was SPLIT from...

5CVSS5.8AI score0.01354EPSS
Exploits0References3
Prion
Prion
added 2014/04/15 11:55 p.m.30 views

Default configuration

The default configuration of the Resources plugin 1.0.0 before 1.2.6 for Pivotal Grails 2.0.0 through 2.3.6 does not properly restrict access to files in the META-INF directory, which allows remote attackers to obtain sensitive information via a direct request. NOTE: this issue was SPLIT from...

5CVSS6.3AI score0.01979EPSS
Exploits0References3Affected Software2
Rows per page
Query Builder