Bajie HTTP Server 0.95 Example Scripts And Servlets Cross-Site Scripting Vulnerability

No description provided by source. source: http://www.securityfocus.com/bid/8841/info Demonstration scripts and servlets that are distributed as part of Bajie HTTP Server have been reported prone to multiple cross-site scripting vulnerabilities. It has been reported that a remote attacker may...

Sun Java Web Server 1.1.3/2.0 Servlets Vulnerability

No description provided by source. source: http://www.securityfocus.com/bid/1498/info The servlet sunexamples.RealmDumpServlet, which is packaged by Default with Sun's Java Web Server, can be used to discover ACLs and local users on the server. http://javawebserver.com/pservlet.html User: sherwin...

Novell Groupwise 5.5/6.0 Servlet Gateway Default Authentication Vulnerability

No description provided by source. source: http://www.securityfocus.com/bid/3697/info Novell Groupwise Servlet Gateway is a product that allows Java servlets to be run with NetWare, using Novell JVM for NetWare v1.1.7b and NetWare Enterprise Web Server. A remote attacker may gain access to the...

[SECURITY] [DSA 2827-1] libcommons-fileupload-java security update

------------------------------------------------------------------------- Debian Security Advisory DSA-2827-1 [email protected] http://www.debian.org/security/ Salvatore Bonaccorso December 24, 2013 http://www.debian.org/security/faq -...

Debian: Security Advisory (DSA-2827-1)

The remote host is missing an update for the Debian SPDX-FileCopyrightText: 2013 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

USN-2029-1: Apache Commons FileUpload vulnerability

It was discovered that Apache Commons FileUpload incorrectly handled file names with NULL bytes in serialized instances. An attacker could use this issue to possibly write to arbitrary files...

Symantec Workspace Streaming 7.5.0.493 Rmote Code Execution

Symantec Workspace Streaming 7.5.0.493 SWS Streamlet Engine Invoker Servlets Remote Code Execution tested against: Microsoft Windows Server 2008 R2 sp1 download url: http://www.symantec.com/it/it/products-solutions/trialware/ file tested: SymantecWorkspaceStreaming7.5.0.493.zip vulnerability: the...

struts 2.3.14.2 命令执行漏洞

Apache Struts框架是一个基于Java Servlets,JavaBeans和JavaServer PagesJSP的Web应用框架的开源项目,Struts基于Model-View-ControllerMVC的设计模式,可以用来构件复杂的Web应用.Apache Struts 2.3.14.3（不含）以前版本中， 利用Action名字的模糊匹配特性可以触发命令执行攻击。 Struts 2.3.14.3...

Apache Struts 'ParameterInterceptor'类OGNL安全绕过漏洞

Bugtraq ID:60082 Apache Struts框架是一个基于Java Servlets,JavaBeans, 和 JavaServer Pages JSP的Web应用框架的开源项目。 Apache Struts "ParameterInterceptor"类存在一个错误，允许远程攻击者利用漏洞修改服务端对象，如通过特制的OGNL表达式来执行任意命令。 0 Apache Struts 2.x 厂商解决方案 Apache Struts 2.3.14.1已经修复此漏洞，建议用户下载更新： http://struts.apache.org/...

[SECURITY] CVE-2013-0248 Apache Commons FileUpload - Insecure examples

CVE-2013-0248 Apache Commons FileUpload - Insecure examples Severity: Low Vendor: The Apache Software Foundation Versions Affected: - Commons FileUpload 1.0 to 1.2.2 Description: Commons FileUpload provides file upload capability for Servlets and web applications. During the upload process,...

JBoss invoker servlets do not require authentication

The 1 JMXInvokerHAServlet and 2 EJBInvokerHAServlet invoker servlets in JBoss Enterprise Application Platform EAP before 5.2.0, Web Platform EWP before 5.2.0, BRMS Platform before 5.3.1, and SOA Platform before 5.3.1 do not require authentication by default in certain profiles, which might allow...

JBoss invoker servlets do not require authentication

The 1 JMXInvokerHAServlet and 2 EJBInvokerHAServlet invoker servlets in JBoss Enterprise Application Platform EAP before 5.2.0, Web Platform EWP before 5.2.0, BRMS Platform before 5.3.1, and SOA Platform before 5.3.1 do not require authentication by default in certain profiles, which might allow...

JBoss invoker servlets do not require authentication

The 1 JMXInvokerHAServlet and 2 EJBInvokerHAServlet invoker servlets in JBoss Enterprise Application Platform EAP before 5.2.0, Web Platform EWP before 5.2.0, BRMS Platform before 5.3.1, and SOA Platform before 5.3.1 do not require authentication by default in certain profiles, which might allow...

JBoss invoker servlets do not require authentication

The 1 JMXInvokerHAServlet and 2 EJBInvokerHAServlet invoker servlets in JBoss Enterprise Application Platform EAP before 5.2.0, Web Platform EWP before 5.2.0, BRMS Platform before 5.3.1, and SOA Platform before 5.3.1 do not require authentication by default in certain profiles, which might allow...

JBoss invoker servlets do not require authentication

The 1 JMXInvokerHAServlet and 2 EJBInvokerHAServlet invoker servlets in JBoss Enterprise Application Platform EAP before 5.2.0, Web Platform EWP before 5.2.0, BRMS Platform before 5.3.1, and SOA Platform before 5.3.1 do not require authentication by default in certain profiles, which might allow...

JBoss invoker servlets do not require authentication

The 1 JMXInvokerHAServlet and 2 EJBInvokerHAServlet invoker servlets in JBoss Enterprise Application Platform EAP before 5.2.0, Web Platform EWP before 5.2.0, BRMS Platform before 5.3.1, and SOA Platform before 5.3.1 do not require authentication by default in certain profiles, which might allow...

JBoss invoker servlets do not require authentication

The 1 JMXInvokerHAServlet and 2 EJBInvokerHAServlet invoker servlets in JBoss Enterprise Application Platform EAP before 5.2.0, Web Platform EWP before 5.2.0, BRMS Platform before 5.3.1, and SOA Platform before 5.3.1 do not require authentication by default in certain profiles, which might allow...

JBoss invoker servlets do not require authentication

The 1 JMXInvokerHAServlet and 2 EJBInvokerHAServlet invoker servlets in JBoss Enterprise Application Platform EAP before 5.2.0, Web Platform EWP before 5.2.0, BRMS Platform before 5.3.1, and SOA Platform before 5.3.1 do not require authentication by default in certain profiles, which might allow...

RHEL 6 : JBoss Enterprise Application Platform 5.1.2 update (Low) (RHSA-2011:1798)

The remote Redhat Enterprise Linux 6 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2011:1798 advisory. - Invoker servlets authentication bypass HTTP verb tampering CVE-2011-4085 - openid4java AX extension: MITM due to improper validation of AX...

CVE-2011-4085

The servlets invoked by httpha-invoker in JBoss Enterprise Application Platform before 5.1.2, SOA Platform before 5.2.0, BRMS Platform before 5.3.0, and Portal Platform before 4.3 CP07 perform access control only for the GET and POST methods, which allow remote attackers to bypass authentication ...