Oracle Primavera Gateway Multiple Vulnerabilities (Jul 2019 CPU)

According to its self-reported version number, the Oracle Primavera Gateway installation running on the remote web server is 15.x prior to 15.2.16, 16.x prior to 16.2.9, 17.x prior to 17.12.4, or 18.x prior to 18.8.6. It is, therefore, affected by multiple vulnerabilities: - An unspecified...

Security Bulletin: Multiple vulnerabilities in Spring Framework affect IBM InfoSphere Information Server

Summary Multiple vulnerabilities in Spring Framework were addressed by IBM InfoSphere Information Server. Vulnerability Details CVEID: CVE-2015-5211 DESCRIPTION: Pivotal Spring Framework could allow a remote attacker to download arbitrary files, caused by a reflected file download attack. By usin...

Security Bulletin: IBM QRadar SIEM is vulnerable to a publicly disclosed vulnerability in Spring Framework (CVE-2018-15756)

Summary Open source Spring Framework as used in IBM QRadar SIEM is vulnerable to a denial of service Vulnerability Details CVEID: CVE-2018-15756 Description: Pivotal Spring Framework is vulnerable to a denial of service, caused by improper handling of range request by the...

Exploit for Path Traversal in Pivotal_Software Spring_Framework

Web-Security-Learning 在学习Web安全的过程中整合的一些资料。 该repo会不断更新，最近更新日期为：2017/11/2。 同步更新于： chybeta: Web-Security-Learning 带目录 11月2日更新： + 新收录文章： + SQL注入 + sqlmap自带的tamper你了解多少？ + XSS + 前端防御从入门到弃坑--CSP变迁 + ssrf + SSRF:CVE-2017-9993 FFmpeg + AVI + HLS + CSRF + CSRF 花式绕过Referer技巧 + 各大SRC中的CSRF技巧 + java-Web +...

Security Bulletin: Vulnerability affects Watson Explorer Foundational Components (CVE-2018-15756)

Summary Security vulnerability affects IBM Watson Explorer Foundational Components. Vulnerability Details CVEID: CVE-2018-15756 DESCRIPTION: Pivotal Spring Framework is vulnerable to a denial of service, caused by improper handling of range request by the ResourceHttpRequestHandler. By adding a...

The vulnerability of the Spring Framework components in Oracle’s software products allows attackers to gain unauthorized access to protected information.

The vulnerability of Spring Framework components in Oracle software products is related to improper authentication. Exploiting this vulnerability can allow an attacker, operating remotely, to gain unauthorized access to protected information...

The vulnerability of the Spring Framework software, related to security configuration errors, allows attackers to compromise the confidentiality of protected information.

The vulnerability of the Spring Framework is related to errors in security settings. Exploiting this vulnerability allows a malicious actor to compromise the confidentiality of the information being protected...

The vulnerability of the Spring Framework software platform, which arises due to insufficient validation of input data, allows attackers to trigger service failures.

The vulnerability of the Spring Framework software exists due to insufficient validation of input data. Exploiting this vulnerability can allow a malicious actor to cause service failures remotely...

Oracle Enterprise Manager Ops Center (Apr 2019 CPU)

The version of Oracle Enterprise Manager Cloud Control installed on the remote host is affected by multiple vulnerabilities in Enterprise Manager Base Platform component: - A deserialization vulnerability in Apache Commons FileUpload allows for remote code execution. CVE-2016-1000031 - An...

The vulnerability of the implementation of the ResourceHttpRequestHandler class in the Spring Framework’s software platform allows a perpetrator to trigger a service failure.

The vulnerability of the ResourceHttpRequestHandler implementation in the Spring Framework’s software platform is related to resource management errors. Exploiting this vulnerability could allow a malicious actor to cause service failures remotely...

Security Bulletin: IBM Security Guardium is affected by a Spring Framework vulnerability

Summary IBM Security Guardium has addressed the following vulnerability. Vulnerability Details CVEID: CVE-2018-15756 DESCRIPTION: Pivotal Spring Framework is vulnerable to a denial of service, caused by improper handling of range request by the ResourceHttpRequestHandler. By adding a range header...

Security Bulletin: Vulnerability in Pivotal Spring Framework affects IBM TRIRIGA Application Platform (CVE-2018-15786)

Summary Pivotal Spring Framework, used by IBM TRIRIGA Application Platform, is vulnerable to a denial of service, caused by improper handling of range request by the ResourceHttpRequestHandler. Vulnerability Details CVEID: CVE-2018-15756 DESCRIPTION: Pivotal Spring Framework is vulnerable to a...

Privilege Escalation

An attack technique against the W3C XML Encryption Standard when block ciphers were used in CBC mode could allow a remote attacker to conduct chosen-ciphertext attacks, leading to the recovery of the entire plain text of a particular cryptogram. CVE-2011-1096 JBoss Web Services leaked side-channe...

Privilege Escalation

An attack technique against the W3C XML Encryption Standard when block ciphers were used in CBC mode could allow a remote attacker to conduct chosen-ciphertext attacks, leading to the recovery of the entire plain text of a particular cryptogram. CVE-2011-1096 JBoss Web Services leaked side-channe...

Information Disclosure

An attack technique against the W3C XML Encryption Standard when block ciphers were used in CBC mode could allow a remote attacker to conduct chosen-ciphertext attacks, leading to the recovery of the entire plain text of a particular cryptogram. CVE-2011-1096 JBoss Web Services leaked side-channe...

Cross Site Scripting (XSS)

An attack technique against the W3C XML Encryption Standard when block ciphers were used in CBC mode could allow a remote attacker to conduct chosen-ciphertext attacks, leading to the recovery of the entire plain text of a particular cryptogram. CVE-2011-1096 JBoss Web Services leaked side-channe...

Security Bulletin: Security vulnerability in Pivotal Spring Framework affects IBM Rational License Key Server Administration & Reporting Tool

Summary A Security vulnerability in Spring Framework, from Pivotal, used by IBM Rational License Key Server Administration & Reporting Tool has been published. Required remediation has been addressed by IBM Rational License Key Server Administration & Reporting Tool team. Vulnerability Details...

Oracle WebLogic Server high-risk security vulnerability alerts-a vulnerability alert-the black bar safety net

2019 04 May 17, 360CERT detection to the Oracle in 4 December 17 release of the security Bulletin. The security Bulletin disclosed the WebLogic Server there are multiple high-risk vulnerabilities that affect multiple WebLogic components. 360CERT it is determined that the security updates for...

Oracle WebLogic Server Multiple Vulnerabilities (Apr 2019 CPU)

The version of Oracle WebLogic Server installed on the remote host is affected by multiple vulnerabilities: - An unspecified vulnerability in the Spring Framework allows a low privileged, remote attacker with network access via HTTP to compromise and takeover the Oracle Communications Unified...

Oracle Enterprise Manager Cloud Control (Apr 2019 CPU)

The version of Oracle Enterprise Manager Cloud Control installed on the remote host is affected by multiple vulnerabilities in Enterprise Manager Base Platform component: - Networking component of Enterprise Manager Base Platform Spring Framework is easily exploited and may allow an...