Lucene search
K

750 matches found

Spring Security Advisories
Spring Security Advisories
added 2020/02/26 12:0 a.m.6 views

Directory Traversal with spring-cloud-config-server

Spring Cloud Config, versions 2.2.x prior to 2.2.2, versions 2.1.x prior to 2.1.7, and older unsupported versions allow applications to serve arbitrary configuration files through the spring-cloud-config-server module. A malicious user, or attacker, can send a request using a specially crafted UR...

6.5CVSS6.9AI score0.68542EPSS
Exploits0References1
CNVD
CNVD
added 2020/02/26 12:0 a.m.1 views

Arbitrary File Read Vulnerability in Spring Cloud Config

Spring Cloud Config is a configuration center in a distributed system , microservice environment , centralized management of all the services of the various environment configuration files , large-scale update of a configuration . Spring Cloud Config has an arbitrary file read vulnerability that...

6.7AI score
Exploits0
CNVD
CNVD
added 2019/08/27 12:0 a.m.2 views

Spring Cloud eureka suffers from an information disclosure vulnerability

Spring Cloud is currently used for the development of microservices, one of the mainstream frameworks, in Spring Cloud you can use the Eureka module to realize the service registration and discovery, Spring Cloud Eureka is based on Netflix Eureka to do the second package, which is mainly...

6.4AI score
Exploits0
Github Security Blog
Github Security Blog
added 2019/05/23 8:39 a.m.37 views

Path Traversal in Spring Cloud Config

Spring Cloud Config, versions 2.1.x prior to 2.1.2, versions 2.0.x prior to 2.0.4, and versions 1.4.x prior to 1.4.6, and older unsupported versions allow applications to serve arbitrary configuration files through the spring-cloud-config-server module. A malicious user, or attacker, can send a...

6.5CVSS4.9AI score0.85295EPSS
Exploits6References5Affected Software1
vulnersOsv
vulnersOsv
added 2019/05/23 8:39 a.m.6 views

ai.hyacinth.framework:core-service-config-server (=0.5.0), org.apereo.cas:cas-server-support-configuration-cloud-amqp (>=6.0.1 <=6.1.0-RC2) +12 more potentially affected by CVE-2019-3799 via org.springframework.cloud:spring-cloud-config-server (>=2.1.0.RELEASE <=2.1.1.RELEASE)

org.springframework.cloud:spring-cloud-config-server MAVEN version =2.1.0.RELEASE, =6.0.1, =6.0.1, =6.0.1, =Einstein.RELEASE, =2.1.0.RELEA...

6.5CVSS6.5AI score0.85295EPSS
Exploits6
vulnersOsv
vulnersOsv
added 2019/05/23 8:39 a.m.6 views

com.okta.spring.examples:okta-spring-boot-cloud-config-example (>=1.0.0 <=1.1.0), com.yoozoo.protoconf:protoconf-java (>=0.2.2 <=0.2.3) +9 more potentially affected by CVE-2019-3799 via org.springframework.cloud:spring-cloud-config-server (>=2.0.0.RELEASE <=2.0.3.RELEASE)

org.springframework.cloud:spring-cloud-config-server MAVEN version =2.0.0.RELEASE, =1.0.0, =0.2.2, =1.0.2, =0.0.2, =Darwin.RELEASE, =0.2.1.RELEASE, =2.0.0.RELEASE, =2.0.3.RELEASE - xyz.weechang:moreco-cloud-config =0.0.1 Source cves: CVE-2019-3799 Source advisory: OSV:GHSA-4X49-W62V-76Q7...

6.5CVSS6.5AI score0.85295EPSS
Exploits6
vulnersOsv
vulnersOsv
added 2019/05/23 8:39 a.m.7 views

cn.home1:oss-configserver (>=1.0.6.OSS <=1.0.7.OSS), cn.home1:spring-cloud-config-monitor (>=0.0.1 <=1.0.1.U1) +166 more potentially affected by CVE-2019-3799 via org.springframework.cloud:spring-cloud-config-server (>=1.1.0.RELEASE <=1.4.5.RELEASE)

org.springframework.cloud:spring-cloud-config-server MAVEN version =1.1.0.RELEASE, =1.0.6.OSS, =0.0.1, =0.0.1, =1.1.0-RELEASE, =1.0.0, =1.0.0, =1.5.0-Beta, =0.8.3, =0.8.3, =0.8.3, =0.8.3, =0.10.0 and more Source cves: CVE-2019-3799 Source advisory: OSV:GHSA-4X49-W62V-76Q7...

6.5CVSS6.5AI score0.85295EPSS
Exploits6
OSV
OSV
added 2019/05/23 8:39 a.m.31 views

GHSA-4X49-W62V-76Q7 Path Traversal in Spring Cloud Config

Spring Cloud Config, versions 2.1.x prior to 2.1.2, versions 2.0.x prior to 2.0.4, and versions 1.4.x prior to 1.4.6, and older unsupported versions allow applications to serve arbitrary configuration files through the spring-cloud-config-server module. A malicious user, or attacker, can send a...

6.5CVSS6.5AI score0.85295EPSS
Exploits6References4
RedhatCVE
RedhatCVE
added 2019/05/13 8:25 a.m.29 views

CVE-2019-3799

Spring Cloud Config, versions 2.1.x prior to 2.1.2, versions 2.0.x prior to 2.0.4, and versions 1.4.x prior to 1.4.6, and older unsupported versions allow applications to serve arbitrary configuration files through the spring-cloud-config-server module. A malicious user, or attacker, can send a...

6.5CVSS5.5AI score0.85295EPSS
Exploits6References3
NVD
NVD
added 2019/05/06 4:29 p.m.14 views

CVE-2019-3799

Spring Cloud Config, versions 2.1.x prior to 2.1.2, versions 2.0.x prior to 2.0.4, and versions 1.4.x prior to 1.4.6, and older unsupported versions allow applications to serve arbitrary configuration files through the spring-cloud-config-server module. A malicious user, or attacker, can send a...

6.5CVSS6.5AI score0.85295EPSS
Exploits6References2
OSV
OSV
added 2019/05/06 4:29 p.m.21 views

CVE-2019-3799

Spring Cloud Config, versions 2.1.x prior to 2.1.2, versions 2.0.x prior to 2.0.4, and versions 1.4.x prior to 1.4.6, and older unsupported versions allow applications to serve arbitrary configuration files through the spring-cloud-config-server module. A malicious user, or attacker, can send a...

6.5CVSS7.2AI score0.85295EPSS
Exploits6References2
Prion
Prion
added 2019/05/06 4:29 p.m.22 views

Directory traversal

Spring Cloud Config, versions 2.1.x prior to 2.1.2, versions 2.0.x prior to 2.0.4, and versions 1.4.x prior to 1.4.6, and older unsupported versions allow applications to serve arbitrary configuration files through the spring-cloud-config-server module. A malicious user, or attacker, can send a...

4.3CVSS6.6AI score0.85295EPSS
Exploits6References2Affected Software2
Cvelist
Cvelist
added 2019/05/06 3:21 p.m.44 views

CVE-2019-3799 Directory Traversal with spring-cloud-config-server

Spring Cloud Config, versions 2.1.x prior to 2.1.2, versions 2.0.x prior to 2.0.4, and versions 1.4.x prior to 1.4.6, and older unsupported versions allow applications to serve arbitrary configuration files through the spring-cloud-config-server module. A malicious user, or attacker, can send a...

6.7AI score0.85295EPSS
Exploits6References2
CVE
CVE
added 2019/05/06 3:21 p.m.175 views

CVE-2019-3799

The CVE-2019-3799 entries describe a Local File Inclusion/Directory Traversal vulnerability in Spring Cloud Config Server. Affected versions are Spring Cloud Config Server 2.1.x before 2.1.2, 2.0.x before 2.0.4, and 1.4.x before 1.4.6, plus older unsupported releases. An unauthenticated attacker ...

6.5CVSS6.3AI score0.85295EPSS
Exploits6References2Affected Software1
0day.today
0day.today
added 2019/05/01 12:0 a.m.46 views

Spring Cloud Config 2.1.x - Path Traversal Exploit

Exploit for java platform in category web applications This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'Spring Cloud Config Server Directory Traversal', 'Description' = %q This module exploits a...

0.85295EPSS
Exploits6
exploitpack
exploitpack
added 2019/04/30 12:0 a.m.38 views

Spring Cloud Config 2.1.x - Path Traversal (Metasploit)

Spring Cloud Config 2.1.x - Path Traversal Metasploit This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'Spring Cloud Config Server Directory Traversal', 'Description' = %q This module exploits an...

4.3CVSS0.2AI score0.85295EPSS
Exploits6
Packet Storm
Packet Storm
added 2019/04/30 12:0 a.m.48 views

Spring Cloud Config 2.1.x Path Traversal

This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'Spring Cloud Config Server Directory Traversal', 'Description' = %q This module exploits an unauthenticated directory traversal vulnerability whi...

6.8AI score0.85295EPSS
Exploits6
Exploit DB
Exploit DB
added 2019/04/30 12:0 a.m.59 views

Spring Cloud Config 2.1.x - Path Traversal (Metasploit)

This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'Spring Cloud Config Server Directory Traversal', 'Description' = %q This module exploits an unauthenticated directory traversal vulnerability whi...

6.5CVSS6.7AI score0.85295EPSS
Exploits6
myhack58
myhack58
added 2019/04/19 12:0 a.m.147 views

Spring Cloud Config directory traversal vulnerability, CVE-2019-3799)early warning-vulnerability warning-the black bar safety net

Recently, the Spring official team in the latest security update, disclose a SpringCloud Config directory traversal vulnerability, CVE-2019-3799 on. Vulnerability official rated as High, belong to high-risk vulnerabilities. The vulnerability in essence is allows an application program through the...

6.6AI score0.85295EPSS
Exploits6
Metasploit
Metasploit
added 2019/04/18 7:24 a.m.40 views

Spring Cloud Config Server Directory Traversal

This module exploits an unauthenticated directory traversal vulnerability which exists in Spring Cloud Config versions 2.1.x prior to 2.1.2, versions 2.0.x prior to 2.0.4, and versions 1.4.x prior to 1.4.6. Spring Cloud Config listens by default on port 8888. This module requires Metasploit:...

6.5CVSS0.1AI score0.85295EPSS
Exploits6
Rows per page
Query Builder