Lucene search
K

5 matches found

Github Security Blog
Github Security Blog
added 2019/03/06 5:36 p.m.29 views

Incomplete List of Disallowed Inputs in SOFA-Hessian

SOFA-Hessian through 4.0.2 allows remote attackers to execute arbitrary commands via a crafted serialized Hessian object because blacklisting of com.caucho.naming.QName and com.sun.org.apache.xpath.internal.objects.XString is mishandled, related to Resin Gadget...

9.8CVSS8AI score0.02763EPSS
Exploits0References3Affected Software1
NVD
NVD
added 2019/02/27 5:29 p.m.15 views

CVE-2019-9212

SOFA-Hessian through 4.0.2 allows remote attackers to execute arbitrary commands via a crafted serialized Hessian object because blacklisting of com.caucho.naming.QName and com.sun.org.apache.xpath.internal.objects.XString is mishandled, related to Resin Gadget. NOTE: The vendor doesn’t consider...

9.8CVSS9.7AI score0.02763EPSS
Exploits0References1
Prion
Prion
added 2019/02/27 5:29 p.m.10 views

Design/Logic Flaw

DISPUTED SOFA-Hessian through 4.0.2 allows remote attackers to execute arbitrary commands via a crafted serialized Hessian object because blacklisting of com.caucho.naming.QName and com.sun.org.apache.xpath.internal.objects.XString is mishandled, related to Resin Gadget. NOTE: The vendor doesn’t...

7.5CVSS9.6AI score0.02763EPSS
Exploits0References1Affected Software1
Cvelist
Cvelist
added 2019/02/27 5:0 p.m.25 views

CVE-2019-9212

SOFA-Hessian through 4.0.2 allows remote attackers to execute arbitrary commands via a crafted serialized Hessian object because blacklisting of com.caucho.naming.QName and com.sun.org.apache.xpath.internal.objects.XString is mishandled, related to Resin Gadget. NOTE: The vendor doesn’t consider...

9.7AI score0.02763EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2019/02/27 12:0 a.m.11 views

PT-2019-19439 · Sofa · Sofahessian

Name of the Vulnerable Software and Affected Versions: SOFA-Hessian versions 4.0.2 and earlier Description: The issue allows remote attackers to execute arbitrary commands via a crafted serialized Hessian object because blacklisting of com.caucho.naming.QName and...

9.8CVSS8.2AI score0.02763EPSS
Exploits0References7
Rows per page
Query Builder