Lucene search
K

751 matches found

Metasploit
Metasploit
added 2019/04/18 7:24 a.m.40 views

Spring Cloud Config Server Directory Traversal

This module exploits an unauthenticated directory traversal vulnerability which exists in Spring Cloud Config versions 2.1.x prior to 2.1.2, versions 2.0.x prior to 2.0.4, and versions 1.4.x prior to 1.4.6. Spring Cloud Config listens by default on port 8888. This module requires Metasploit:...

6.5CVSS0.1AI score0.85295EPSS
Exploits6
Veracode
Veracode
added 2019/04/17 9:12 a.m.25 views

Directory Traversal

spring-cloud-config-server is vulnerable to directory traversal. It is possible because an attacker can serve arbitrary configuration files to the sever through a malicious URL feed into spring-cloud-config-server module...

6.5CVSS6.7AI score0.85295EPSS
Exploits6References6Affected Software1
CNVD
CNVD
added 2019/04/17 12:0 a.m.4 views

Pivotal Software Spring Cloud Config Path Traversal Vulnerability

Pivotal Software Spring Cloud Config is a configuration management solution for distributed systems from Pivotal Software. The product mainly provides server and client support for external configuration in distributed systems. A path traversal vulnerability exists in Pivotal Software Spring Clou...

6.5CVSS7.6AI score0.85295EPSS
Exploits6References1
vulnersOsv
vulnersOsv
added 2018/10/17 8:5 p.m.5 views

ca.uhn.hapi.fhir:hapi-fhir-cli-api (=3.4.0), ca.uhn.hapi.fhir:hapi-fhir-jpaserver-base (>=3.1.0 <=3.4.0) +463 more potentially affected by CVE-2018-1270 via org.springframework:spring-messaging (>=5.0.0.RELEASE <=5.0.4.RELEASE)

org.springframework:spring-messaging MAVEN version =5.0.0.RELEASE, =3.1.0, =0.2.0, =B.0.0.1, =B.0.0.1, =B.0.0.6 and more Source cves: CVE-2018-1270 Source advisory: OSV:GHSA-P5HG-3XM3-GCJG...

9.8CVSS7.1AI score0.77245EPSS
Exploits5
CNVD
CNVD
added 2018/05/09 12:0 a.m.4 views

Pivotal Spring Cloud SSO Connector Authentication Vulnerability

Pivotal Spring Cloud SSO Connector is a single sign-on connector for Cloud Foundry from Pivotal Software. A security vulnerability exists in Pivotal Spring Cloud SSO Connector version 2.1.2. An attacker can exploit the vulnerability to authenticate to an unbound resource server...

8.1CVSS6.9AI score0.01589EPSS
Exploits0References1
Prion
Prion
added 2018/05/07 4:22 p.m.19 views

Input validation

Spring Cloud SSO Connector, version 2.1.2, contains a regression which disables issuer validation in resource servers that are not bound to the SSO service. In PCF deployments with multiple SSO service plans, a remote attacker can authenticate to unbound resource servers which use this version of...

6.8CVSS7.9AI score0.01589EPSS
Exploits0References1Affected Software1
NVD
NVD
added 2018/05/07 4:22 p.m.16 views

CVE-2018-1256

Spring Cloud SSO Connector, version 2.1.2, contains a regression which disables issuer validation in resource servers that are not bound to the SSO service. In PCF deployments with multiple SSO service plans, a remote attacker can authenticate to unbound resource servers which use this version of...

8.1CVSS8AI score0.01589EPSS
Exploits0References1
OSV
OSV
added 2018/05/07 4:22 p.m.18 views

CVE-2018-1256

Spring Cloud SSO Connector, version 2.1.2, contains a regression which disables issuer validation in resource servers that are not bound to the SSO service. In PCF deployments with multiple SSO service plans, a remote attacker can authenticate to unbound resource servers which use this version of...

8.1CVSS8.2AI score0.01589EPSS
Exploits0References1
CVE
CVE
added 2018/05/07 3:0 p.m.54 views

CVE-2018-1256

CVE-2018-1256 relates to Spring Cloud SSO Connector 2.1.2, where a regression disables issuer validation in resource servers not bound to the SSO service. In PCF environments with multiple SSO service plans, an attacker could authenticate against unbound resource servers using tokens from another...

8.1CVSS7.9AI score0.01589EPSS
Exploits0References1Affected Software1
Cvelist
Cvelist
added 2018/05/07 3:0 p.m.15 views

CVE-2018-1256

Spring Cloud SSO Connector, version 2.1.2, contains a regression which disables issuer validation in resource servers that are not bound to the SSO service. In PCF deployments with multiple SSO service plans, a remote attacker can authenticate to unbound resource servers which use this version of...

8AI score0.01589EPSS
Exploits0References1
Veracode
Veracode
added 2017/01/17 6:15 a.m.10 views

Unverifiable Symmetric Encryption

spring-cloud-config has a flaw which allows malicious manipulation of symmetric encryptions. The vulnerability exists because its default symmetric encryption does not use a Message Authentication Code MAC to verify the authenticity of encrypted message...

6.8AI score
Exploits0
Rows per page
Query Builder