EUVD-2018-14357

Malware in sbrugna...

K15904: Multiple third-party application-server vulnerabilities

Security Advisory Description CVE-2003-1418 Apache HTTP Server 1.3.22 through 1.3.27 on OpenBSD allows remote attackers to obtain sensitive information via 1 the ETag header, which reveals the inode number, or 2 multipart MIME boundary, which reveals child proccess IDs PID. CVE-2004-2320 The...

Debian DLA-2635-1 : libspring-java security update

Multiple vulnerabilities were discovered in libspring-java, a modular Java/J2EE application framework. An attacker may execute code, perform XST attack, issue unauthorized cross-domain requests or cause a DoS denial of service in specific configurations. CVE-2018-1270 Spring Framework allows...

Debian: Security Advisory (DLA-2635-1)

The remote host is missing an update for the Debian SPDX-FileCopyrightText: 2021 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

[SECURITY] [DLA 2635-1] libspring-java security update

------------------------------------------------------------------------- Debian LTS Advisory DLA-2635-1 [email protected] https://www.debian.org/lts/security/ April 23, 2021 https://wiki.debian.org/LTS - ------------------------------------------------------------------------- Package...

Exploit for Cross-site Scripting in Liferay Liferay_Portal

Authenticated Stored XSS in LifeRay 7.2.1 GA2 via MyAccountPor...

CVE-2019-16366

In XS 9.0.0 in Moddable SDK OS180329, there is a heap-based buffer overflow in fxBeginHost in xsAPI.c when called from fxRunDefine in xsRun.c, as demonstrated by crafted JavaScript code to xst...

CVE-2019-16366

CVE-2019-16366 affects XS 9.0.0 in Moddable SDK OS180329. The issue is a heap-based buffer overflow in fxBeginHost (xsAPI.c) when invoked via fxRunDefine (xsRun.c). This is demonstrated by crafted JavaScript code to xst. The connected Red Hat/OSV entries corroborate the same description. Public e...

CVE-2018-2502

TRACE method is enabled in SAP Business One Service Layer . Attacker can use XST Cross Site Tracing attack if frontend applications that are using Service Layer has a XSS vulnerability. This has been fixed in SAP Business One Service Layer B1ONHANA, versions 9.2, 9.3...

CVE-2018-2502

CVE-2018-2502 affects SAP Business One Service Layer (B1_ON_HANA) with TRACE method enabled, enabling potential Cross Site Tracing (XST) when frontend applications expose an XSS vulnerability. The connected documents specify the vulnerable component as SAP Business One Service Layer and reference...

Cross site scripting

TRACE method is enabled in SAP Business One Service Layer . Attacker can use XST Cross Site Tracing attack if frontend applications that are using Service Layer has a XSS vulnerability. This has been fixed in SAP Business One Service Layer B1ONHANA, versions 9.2, 9.3...

CVE-2018-2502

TRACE method is enabled in SAP Business One Service Layer . Attacker can use XST Cross Site Tracing attack if frontend applications that are using Service Layer has a XSS vulnerability. This has been fixed in SAP Business One Service Layer B1ONHANA, versions 9.2, 9.3...

Spring Framework Cross Site Tracing (XST)

Spring Framework versions 5.0.x prior to 5.0.7, versions 4.3.x prior to 4.3.18, and older unsupported versions allow web applications to change the HTTP request method to any HTTP method including TRACE using the HiddenHttpMethodFilter in Spring MVC. If an application has a pre-existing XSS...

GHSA-9GCM-F4X3-8JPW Spring Framework Cross Site Tracing (XST)

Spring Framework versions 5.0.x prior to 5.0.7, versions 4.3.x prior to 4.3.18, and older unsupported versions allow web applications to change the HTTP request method to any HTTP method including TRACE using the HiddenHttpMethodFilter in Spring MVC. If an application has a pre-existing XSS...

CVE-2018-11039

Spring Framework versions 5.0.x prior to 5.0.7, versions 4.3.x prior to 4.3.18, and older unsupported versions allow web applications to change the HTTP request method to any HTTP method including TRACE using the HiddenHttpMethodFilter in Spring MVC. If an application has a pre-existing XSS...

CVE-2018-11039

Spring Framework versions 5.0.x prior to 5.0.7, versions 4.3.x prior to 4.3.18, and older unsupported versions allow web applications to change the HTTP request method to any HTTP method including TRACE using the HiddenHttpMethodFilter in Spring MVC. If an application has a pre-existing XSS...

CVE-2018-11039

Spring Framework versions 5.0.x prior to 5.0.7, versions 4.3.x prior to 4.3.18, and older unsupported versions allow web applications to change the HTTP request method to any HTTP method including TRACE using the HiddenHttpMethodFilter in Spring MVC. If an application has a pre-existing XSS...

CVE-2018-11039

Spring Framework versions 5.0.x prior to 5.0.7, versions 4.3.x prior to 4.3.18, and older unsupported versions allow web applications to change the HTTP request method to any HTTP method including TRACE using the HiddenHttpMethodFilter in Spring MVC. If an application has a pre-existing XSS...

CVE-2018-11039

CVE-2018-11039 affects the Spring Framework, where the HiddenHttpMethodFilter in Spring MVC allows web apps to change the HTTP request method to any method (including TRACE). This can enable an attacker with an existing XSS vulnerability to escalate to an XST (Cross Site Tracing) attack. Affected...

Cross-Site Tracing (XST)

spring-web is vulnerable to cross-site tracing XST attacks. The vulnerability exists as HiddenHttpMethodFilter allows web applications to change existing HTTP request method to any HTTP method, causing applications with existing cross-site scripting XSS vulnerability to be vulnerable to XST...