750 matches found
Watch Out! Hackers Begin Exploiting Recent Zyxel Firewalls RCE Vulnerability
--- Image source: z3r00t The U.S. Cybersecurity and Infrastructure Security Agency on Monday added two security flaws, including the recently disclosed remote code execution bug affecting Zyxel firewalls, to its Known Exploited Vulnerabilities Catalog, citing evidence of active exploitation...
Exploit for Code Injection in Vmware Spring_Cloud_Gateway
CVE-2022-22947 Spring Cloud Gateway Actuator API SpEL expres...
VMware Spring Cloud Gateway Code Injection Vulnerability
Spring Cloud Gateway applications are vulnerable to a code injection attack when the Gateway Actuator endpoint is enabled, exposed and unsecured...
cn.home1:spring-cloud-eureka-server (>=0.0.1 <=1.0.1.U1), com.github.springcloud:moss-client-1.x (=1.0.1.RELEASE) +162 more potentially affected by CVE-2018-1000129 via org.jolokia:jolokia-core (>=1.3.7 <=1.4.0)
org.jolokia:jolokia-core MAVEN version =1.3.7, =0.0.1, =1.2.0, =1.5.4, =1.5.4, =1.5.4, =1.5.4, =1.5.4, =1.5.4, =1.5.4, =0.1.5, =0.1.5, =2.0-beta-1, =2.3.0, =2.7.1 and more Source cves: CVE-2018-1000129 Source advisory: OSV:GHSA-HFPG-GQJW-779M...
com.mozu:mozu-api-jobs (>=1.0.13 <=1.0.23), gradle.plugin.com.atc.gradle.plugins.xd:spring-xd-deploy-plugin (>=0.0.1 <=0.0.8) +25 more potentially affected by CVE-2018-1229 via org.springframework.batch:spring-batch-admin-manager (>=1.3.0.RELEASE <=1.3.1.RELEASE)
org.springframework.batch:spring-batch-admin-manager MAVEN version =1.3.0.RELEASE, =1.0.13, =0.0.1, =1.3.1.RELEASE, =1.6.0.RELEASE, =1.0.0.RELEASE, =1.0.0.RELEASE, =1.1.0.RELEASE, =1.0.0.RELEASE, =1.0.0.RELEASE, =1.0.0.RELEASE, =1.1.0.RELEASE, =1.7.3.RELEASE -...
Issuer validation regression in Spring Cloud SSO Connector
Spring Cloud SSO Connector, version 2.1.2, contains a regression which disables issuer validation in resource servers that are not bound to the SSO service. In PCF deployments with multiple SSO service plans, a remote attacker can authenticate to unbound resource servers which use this version of...
GHSA-Q4Q2-93PW-QWGF Issuer validation regression in Spring Cloud SSO Connector
Spring Cloud SSO Connector, version 2.1.2, contains a regression which disables issuer validation in resource servers that are not bound to the SSO service. In PCF deployments with multiple SSO service plans, a remote attacker can authenticate to unbound resource servers which use this version of...
at.newmedialab.ldpath:ldpath-api (>=0.9.12 <=0.9.13), at.newmedialab.ldpath:ldpath-backend-jena (>=0.9.12 <=0.9.13) +1790 more potentially affected by CVE-2018-8088 via org.slf4j:slf4j-ext (>=1.0-alpha0 <=1.7.25)
org.slf4j:slf4j-ext MAVEN version =1.0-alpha0, =0.9.12, =0.9.12, =0.9.12, =0.9.12, =0.9.11, =0.9.12, =0.1-1, =2.3.0, =2.3.1 and more Source cves: CVE-2018-8088 Source advisory: OSV:GHSA-W77P-8CFG-2X43...
The vulnerability of the Spring Cloud Config server arises due to an incorrect path name limitation for the restricted access catalog, allowing attackers to expose the protected information.
The vulnerability of the Spring Cloud Config server exists due to an incorrect restriction on the path to the restricted directory. Exploiting this vulnerability allows a malicious actor to expose the protected information using a specially created URL address...
VMware Spring Cloud Function < 3.1.7, 3.2.x < 3.2.3 RCE Vulnerability - Active Check
VMware Spring Cloud Function is prone to a remote code execution RCE vulnerability. SPDX-FileCopyrightText: 2022 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescripti...
This Week in Spring - May 3rd, 2022
Hi, Spring fans! Welcome to another installment of This Week in Spring! How are you doin? Im excited! This week Im speaking at the ArabJUG, and Ill be speaking at Microsofts huuuge JDConf event. Both of these are virtual. Then, next Monday, Im on a plane bound for London, UK, where Ill be speakin...
This Week in Spring - April 26th, 2022
Hi, Spring fans! Welcome to another installment of This Week in Spring! This week I was hoping to be in glorious Chicago, Illinois for the first in-person SpringOne Tour installment since the pandemic. But, alas, I couldnt go because - out of an abundance of caution, and since I was exposed to...
VulnCheck KEV: CVE-2022-22947
Spring Cloud Gateway applications are vulnerable to a code injection attack when the Gateway Actuator endpoint is enabled, exposed and unsecured...
Spring4Shell-Scan - A Fully Automated, Reliable, And Accurate Scanner For Finding Spring4Shell And Spring Cloud RCE Vulnerabilities
A fully automated, reliable, and accurate scanner for finding Spring4Shell and Spring Cloud RCE vulnerabilities Features Support for lists of URLs. Fuzzing for more than 10 new Spring4Shell payloads previously seen tools uses only 1-2 variants. Fuzzing for HTTP GET and POST methods. Automatic...
A Bootiful Podcast: Spring Cloud legend Glenn Renfro about batch processing, tasks, stream processing, data flow, and t-shirts
Hi, Spring fans! Welcome to another installment of A Bootiful Podcast! In this installment Josh Long @starbuxman talks to Spring Cloud luminary and all around lovable guy Glenn Renfro @cppwfs about batch processing, tasks, messaging, integration, data flow, and a million other things. Also:...
Exploit for Expression Language Injection in Vmware Spring_Cloud_Gateway
Spring Cloud Gateway Actuator API SpEL Code Injection CVE-202...
Exploit for Code Injection in Vmware Spring_Cloud_Function
Spring Cloud Function SpEL Expression Injection Vulnerability...
VMware Spring Cloud Function < 3.1.7 / 3.2.x < 3.2.3 SPEL Expression Injection (local check)
The version of Spring Cloud Function running on the remote host is affected by a remote code execution vulnerability in the routing functionality. A remote, unauthenticated attacker could provide a specially crafted SpEL as a routing expression that may result in remote code execution on the remo...
The vulnerability lies in the implementation of the TrustManager library’s authentication verification technology for creating Spring Cloud Gateway API gateways. This allows attackers to access remote services.
The vulnerability of the implementation of the TrustManager library for creating Spring Cloud Gateway API gateways is related to errors in the authentication process. Exploiting this vulnerability can allow attackers to access remote services...
This Week in Spring - April 12th, 2022 (Devnexus 2022 Edition!!)
This Week in Spring - Devnexus Edition Hi, Spring fans! Welcome to another installment of This Week in Spring - Im at my first in-person event since the virus: Devnexus! WOOHOOO!! Well, technically Im still in San Francisco as I write this, but Ill be in Atlanta, GA tomorrow for… Devnexus! I hope...