166 matches found
Apache Struts2 Broken Access Control Vulnerability
The Struts 2 action mapping mechanism supports the special parameter prefix action: which is intended to help with attaching navigational information to buttons within forms, under certain conditions this can be used to bypass security constraints. In Struts 2.3.15.3 the action mapping mechanism...
Authentication Bypass in Apache Tomcat
org/apache/catalina/realm/RealmBase.java in Apache Tomcat 6.x before 6.0.36 and 7.x before 7.0.30, when FORM authentication is used, allows remote attackers to bypass security-constraint checks by leveraging a previous setUserPrincipal call and then placing /jsecuritycheck at the end of a URI...
Cross-site Scripting in Apache Struts
When the Struts2 debug mode is turned on, under certain conditions an arbitrary script may be executed in the 'Problem Report' screen. Also if JSP files are exposed to be accessed directly it's possible to execute an arbitrary script. It is generally not advisable to have debug mode switched on...
GHSA-H376-J262-VHQ6 RCE in H2 Console
Impact H2 Console in versions since 1.1.100 2008-10-14 to 2.0.204 2021-12-21 inclusive allows loading of custom classes from remote servers through JNDI. H2 Console doesn't accept remote connections by default. If remote access was enabled explicitly and some protection method such as security...
RCE in H2 Console
Impact H2 Console in versions since 1.1.100 2008-10-14 to 2.0.204 2021-12-21 inclusive allows loading of custom classes from remote servers through JNDI. H2 Console doesn't accept remote connections by default. If remote access was enabled explicitly and some protection method such as security...
Apache Tomcat 7.0.x < 7.0.11 Multiple Vulnerabilities - Linux
Apache Tomcat is prone to multiple vulnerabilities. Copyright C 2021 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This program is free software; you can...
CSZ CMS 1.2.9 Arbitrary File Deletion
Exploit Title: CSZ CMS 1.2.9 - 'Multiple' Arbitrary File Deletion Date: 2021-07-20 Exploit Author: faisalfs10x https://github.com/faisalfs10x Vendor Homepage: https://www.cszcms.com Software Link: https://sourceforge.net/projects/cszcms/files/latest/download Version: 1.2.9 Tested on: Windows 10,...
Apache Tomcat Information Disclosure Vulnerability (Jan 2021) - Windows
Apache Tomcat is prone to an information disclosure vulnerability. SPDX-FileCopyrightText: 2021 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE = "cpe:/a:apache:tomcat"...
GHSA-V35C-49J6-Q8HQ Security Constraint Bypass in Spring Security
Spring Security does not consider URL path parameters when processing security constraints. By adding a URL path parameter with an encoded "/" to a request, an attacker may be able to bypass a security constraint. The root cause of this issue is a lack of clarity regarding the handling of path...
Security Constraint Bypass in Spring Security
Spring Security does not consider URL path parameters when processing security constraints. By adding a URL path parameter with an encoded "/" to a request, an attacker may be able to bypass a security constraint. The root cause of this issue is a lack of clarity regarding the handling of path...
Important: tomcat
Issue Overview: The host name verification when using TLS with the WebSocket client was missing. It is now enabled by default. Versions Affected: Apache Tomcat 9.0.0.M1 to 9.0.9, 8.5.0 to 8.5.31, 8.0.0.RC1 to 8.0.52, and 7.0.35 to 7.0.88. CVE-2018-8034 The URL pattern of "" the empty string which...
CVE-2018-1304
The URL pattern of "" the empty string which exactly maps to the context root was not correctly handled in Apache Tomcat 9.0.0.M1 to 9.0.4, 8.5.0 to 8.5.27, 8.0.0.RC1 to 8.0.49 and 7.0.0 to 7.0.84 when used as part of a security constraint definition. This caused the constraint to be ignored. It...
Apache Tomcat 8.0.x < 8.0.50 Security Constraint Weakness
Binary data 700687.pasl...
Apache Tomcat 7.0.x < 7.0.85 Security Constraint Weakness
Binary data 700677.pasl...
Apache Tomcat 8.5.x < 8.5.28 Security Constraint Weakness
Binary data 700693.pasl...
CVE-2019-3835
It was found that the superexec operator was available in the internal dictionary in ghostscript before 9.27. A specially crafted PostScript file could use this flaw in order to, for example, have access to the file system outside of the constrains imposed by -dSAFER...
Security Bulletin: Apache Tomcat as used in IBM QRadar SIEM is vulnerable to security constraint bypass. (CVE-2018-1304, CVE-2018-1305)
Summary Public disclosed vulnerability from Apache Tomcat Vulnerability Details CVEID: CVE-2018-1305 DESCRIPTION: Apache Tomcat could allow a remote attacker to bypass security restrictions, caused by the failure to properly enforce security constraints that are defined by annotations of Servlets...
Directory Information Disclosure
Tomcat is vulnerable to directory information disclosure. When accessing a directory protected by a security constraint with a URL that did not need in a slash, Tomcat would redirect to the URL with the trailing slash, confirming the presence of the file, even if no access is permitted...
Apache Tomcat 8.5.x < 8.5.28 Security Constraint Weakness
The version of Apache Tomcat installed on the remote host is 8.5.x prior to 8.5.28. It is, therefore, affected by security constraints flaws which could expose resources to unauthorized users. Note that the scanner has not tested for these issues but has instead relied only on the application's...
Apache Tomcat 9.0.0.M1 < 9.0.5 Security Constraint Weakness
The version of Apache Tomcat installed on the remote host is 9.0.x prior to 9.0.5. It is, therefore, affected by security constraints flaws which could expose resources to unauthorized users. Note that the scanner has not tested for these issues but has instead relied only on the application's...