GHSA-P8C3-7RJ8-Q963 ECDSA signature validation vulnerability by accepting wrong ASN.1 encoding in jsrsasign

Impact Jsrsasign supports ECDSA signature validation which signature value is represented by ASN.1 DER encoding. This vulnerablity may accept a wrong ASN.1 DER encoded ECDSA signature such as: - wrong multi-byte ASN.1 length of TLV ex. 0x820045 even though 0x45 is correct - prepending zeros with...

ECDSA signature validation vulnerability by accepting wrong ASN.1 encoding in jsrsasign

Impact Jsrsasign supports ECDSA signature validation which signature value is represented by ASN.1 DER encoding. This vulnerablity may accept a wrong ASN.1 DER encoded ECDSA signature such as: - wrong multi-byte ASN.1 length of TLV ex. 0x820045 even though 0x45 is correct - prepending zeros with...

jolokia: system-wide CSRF that could lead to Remote Code Execution

A flaw was found in Jolokia, versions 1.2 through 1.6.0, where Jolokia did not correctly handle checking for origin and referrer headers when strict checking was enabled. An attacker could use this vulnerability to conduct cross-site request forgery or further attacks...

Cross-site Request Forgery (CSRF)

jolokia is vulnerable to cross-site request forgery CSRF. The backend manager does not properly handle the strict checking for origin and referrer header, causing a system-wide CSRF which subsequently allows a remote code execution...