Lucene search
K
Database
Vendors
Products
Timeline
Vulnerabilities
Perimeter Scanner
Scanning
Projects
Scanner
Agent Scanning
API Scanning
Manual Audit
Email
Webhook
Resources
Documents
Blog
Glossary
FAQ
Plugins
Pricing
Contacts
About Us
Partners
Branding Guideline
Settings
Sign in
ApacheKaraf*

3 matches found

CVE
CVEadded 2018/09/18 2:29 p.m.75 views

CVE-2018-11786

In Apache Karaf prior to 4.2.0 release, if the sshd service in Karaf is left on so an administrator can manage the running instance, any user with rights to the Karaf console can pivot and read/write any file on the file system to which the Karaf process user has access. This can be locked down a b...

9CVSS8.5AI score0.00827EPSS
CVE
CVEadded 2018/09/18 2:29 p.m.75 views

CVE-2018-11787

In Apache Karaf version prior to 3.0.9, 4.0.9, 4.1.1, when the webconsole feature is installed in Karaf, it is available at .../system/console and requires authentication to access it. One part of the console is a Gogo shell/console that gives access to the command line console of Karaf via a Web b...

8.1CVSS8AI score0.00724EPSS
CVE
CVEadded 2018/02/19 3:29 p.m.70 views

CVE-2016-8750

Apache Karaf prior to 4.0.8 used the LDAPLoginModule to authenticate users to a directory via LDAP. However, it did not encoding usernames properly and hence was vulnerable to LDAP injection attacks leading to a denial of service.

6.5CVSS6.4AI score0.0151EPSS