CVE-2024-23673

Malicious code execution via path traversal in Apache Software Foundation Apache Sling Servlets Resolver.This issue affects all version of Apache Sling Servlets Resolver before 2.11.0. However, whether a system is vulnerable to this attack depends on the exact configuration of the system. If the...

Path traversal

Malicious code execution via path traversal in Apache Software Foundation Apache Sling Servlets Resolver.This issue affects all version of Apache Sling Servlets Resolver before 2.11.0. However, whether a system is vulnerable to this attack depends on the exact configuration of the system. If the...

CVE-2024-23673 Apache Sling Servlets Resolver: Malicious code execution via path traversal

Malicious code execution via path traversal in Apache Software Foundation Apache Sling Servlets Resolver.This issue affects all version of Apache Sling Servlets Resolver before 2.11.0. However, whether a system is vulnerable to this attack depends on the exact configuration of the system. If the...

Apache Sling 路径遍历漏洞

Apache Sling is the United States Apache Apache Foundation of a Java platform for open source Web framework. Designed to meet the JSR-170 content repository such as Apache Jackrabbit to create content-centric applications. A path traversal vulnerability exists in Apache Sling Servlets Resolver...

Undertow vulnerable to denial of service

A flaw was found in undertow. Servlets annotated with @MultipartConfig may cause an OutOfMemoryError due to large multipart content. This may allow unauthorized users to cause remote Denial of Service DoS attack. If the server uses fileSizeThreshold to limit the file size, it's possible to bypass...

CVE-2023-3223

A flaw was found in undertow. Servlets annotated with @MultipartConfig may cause an OutOfMemoryError due to large multipart content. This may allow unauthorized users to cause remote Denial of Service DoS attack. If the server uses fileSizeThreshold to limit the file size, it's possible to bypass...

Security Bulletin: VMware Tanzu Spring Security is vulnerable to CVE-2023-34034 and CVE-2023-34035 used in IBM Maximo Application Suite - Monitor Component

Summary IBM Maximo Application Suite - Monitor Component uses VMware Tanzu Spring Security which is vulnerable to CVE-2023-34034 and CVE-2023-34035. The vulnerabilities in the product component have been addressed. Vulnerability Details CVEID:CVE-2023-34034 DESCRIPTION: VMware Tanzu Spring Securi...

Arbitrary Code Execution

Jetty-servlets is vulnerable to Arbitrary Code Execution. The vulnerability is due to insecure escaping of user input which can result in the execution of arbitrary commands. This vulnerability occurs in the CGI servlet handler through the getRuntime.exec method...

Important: Red Hat Security Advisory: Red Hat AMQ Streams 2.5.0 release and security update

Red Hat AMQ Streams 2.5.0 is now available from the Red Hat Customer Portal. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability...

Adobe Experience Manager 5.6.1, 6.0.0, and 6.1.0 Multiple Vulnerabilities (APSB16-05)

The version of Adobe Experience Manager installed on the remote host is either 5.6.1, 6.0.0, or 6.1.0. It is, therefore, affected by multiple vulnerabilities as referenced in the APSB16-05 advisory. - Adobe Experience Manager version 6.1 is affected by a cross-site scripting vulnerability that...

Oracle Linux 7 : tomcat (ELSA-2019-2205)

The remote Oracle Linux 7 host has packages installed that are affected by multiple vulnerabilities as referenced in the ELSA-2019-2205 advisory. - Resolves: rhbz1641873 CVE-2018-11784 tomcat: Open redirect in default servlet - Resolves: rhbz1552375 CVE-2018-1304 tomcat: Incorrect handling of emp...

Authorization Rule Misconfiguration

spring-security-config is vulnerable to Authorization Rule Misconfiguration. The vulnerability exists due to the lack of validation in the RequestMatcher of AbstractRequestMatcherRegistry.java when the application uses the requestMatchersString function with multiple servlets, one of them being...

The vulnerability of the Java framework for securing industrial applications using Spring Security stems from configuration errors related to authentication. These errors can occur when using multiple servlets, including the DispatcherServlet in Spring MVC. This vulnerability allows attackers to expose sensitive information and enhance their privileges.

The vulnerability of the Java framework for securing industrial applications using Spring Security is related to errors in authentication configuration. These errors can occur when using multiple servlets, including the DispatcherServlet in Spring MVC. Exploiting this vulnerability allows a...

GHSA-4VPR-XFRP-CJ64 Spring Security's authorization rules can be misconfigured when using multiple servlets

Spring Security versions 5.8 prior to 5.8.5, 6.0 prior to 6.0.5, and 6.1 prior to 6.1.2 could be susceptible to authorization rule misconfiguration if the application uses requestMatchersString and multiple servlets, one of them being Spring MVC’s DispatcherServlet. DispatcherServlet is a Spring...

Spring Security's authorization rules can be misconfigured when using multiple servlets

Spring Security versions 5.8 prior to 5.8.5, 6.0 prior to 6.0.5, and 6.1 prior to 6.1.2 could be susceptible to authorization rule misconfiguration if the application uses requestMatchersString and multiple servlets, one of them being Spring MVC’s DispatcherServlet. DispatcherServlet is a Spring...

CVE-2023-34035

Spring Security versions 5.8 prior to 5.8.5, 6.0 prior to 6.0.5, and 6.1 prior to 6.1.2 could be susceptible to authorization rule misconfiguration if the application uses requestMatchersString and multiple servlets, one of them being Spring MVC’s DispatcherServlet. DispatcherServlet is a Spring...

Authorization

Spring Security versions 5.8 prior to 5.8.5, 6.0 prior to 6.0.5, and 6.1 prior to 6.1.2 could be susceptible to authorization rule misconfiguration if the application uses requestMatchersString and multiple servlets, one of them being Spring MVC’s DispatcherServlet. DispatcherServlet is a Spring...

CVE-2023-34035

Spring Security versions 5.8 prior to 5.8.5, 6.0 prior to 6.0.5, and 6.1 prior to 6.1.2 could be susceptible to authorization rule misconfiguration if the application uses requestMatchersString and multiple servlets, one of them being Spring MVC’s DispatcherServlet. DispatcherServlet is a Spring...

Spring Security 安全漏洞

VMware Spring Security is a security framework from VMware that provides illustrative security protection for Spring-based applications. A security vulnerability exists in Spring Security that stems from an authorization rule misconfiguration when using multiple servlets. Affected Products and...

OutOfMemoryError for large multipart without filename in Eclipse Jetty

Impact Servlets with multipart support e.g. annotated with @MultipartConfig that call HttpServletRequest.getParameter or HttpServletRequest.getParts may cause OutOfMemoryError when the client sends a multipart request with a part that has a name but no filename and a very large content. This...