129 matches found
Spring Cloud Config 2.1.x - Path Traversal Exploit
Exploit for java platform in category web applications This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'Spring Cloud Config Server Directory Traversal', 'Description' = %q This module exploits a...
Spring Cloud Config 2.1.x Path Traversal
This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'Spring Cloud Config Server Directory Traversal', 'Description' = %q This module exploits an unauthenticated directory traversal vulnerability whi...
Spring Cloud Config 2.1.x - Path Traversal (Metasploit)
Spring Cloud Config 2.1.x - Path Traversal Metasploit This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'Spring Cloud Config Server Directory Traversal', 'Description' = %q This module exploits an...
Spring Cloud Config 2.1.x - Path Traversal (Metasploit)
This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'Spring Cloud Config Server Directory Traversal', 'Description' = %q This module exploits an unauthenticated directory traversal vulnerability whi...
Spring Cloud Config directory traversal vulnerability, CVE-2019-3799)early warning-vulnerability warning-the black bar safety net
Recently, the Spring official team in the latest security update, disclose a SpringCloud Config directory traversal vulnerability, CVE-2019-3799 on. Vulnerability official rated as High, belong to high-risk vulnerabilities. The vulnerability in essence is allows an application program through the...
Spring Cloud Config Server Directory Traversal
This module exploits an unauthenticated directory traversal vulnerability which exists in Spring Cloud Config versions 2.1.x prior to 2.1.2, versions 2.0.x prior to 2.0.4, and versions 1.4.x prior to 1.4.6. Spring Cloud Config listens by default on port 8888. This module requires Metasploit:...
Directory Traversal
spring-cloud-config-server is vulnerable to directory traversal. It is possible because an attacker can serve arbitrary configuration files to the sever through a malicious URL feed into spring-cloud-config-server module...
Pivotal Software Spring Cloud Config Path Traversal Vulnerability
Pivotal Software Spring Cloud Config is a configuration management solution for distributed systems from Pivotal Software. The product mainly provides server and client support for external configuration in distributed systems. A path traversal vulnerability exists in Pivotal Software Spring Clou...
Unverifiable Symmetric Encryption
spring-cloud-config has a flaw which allows malicious manipulation of symmetric encryptions. The vulnerability exists because its default symmetric encryption does not use a Message Authentication Code MAC to verify the authenticity of encrypted message...