Lucene search
K
Database
Vendors
Products
Timeline
Vulnerabilities
Perimeter Scanner
Scanning
Projects
Scanner
Agent Scanning
API Scanning
Manual Audit
Email
Webhook
Resources
Documents
Blog
Glossary
FAQ
Plugins
Pricing
Contacts
About Us
Partners
Branding Guideline
Settings
Sign in
ApacheKaraf

3 matches found

CVE
CVEadded 2020/06/12 10:15 p.m.79 views

CVE-2020-11980

In Karaf, JMX authentication takes place using JAAS and authorization takes place using ACL files. By default, only an "admin" can actually invoke on an MBean. However there is a vulnerability there for someone who is not an admin, but has a "viewer" role. In the 'etc/jmx.acl.cfg', such as role can...

6.5CVSS6.3AI score0.00514EPSS
CVE
CVEadded 2018/02/19 3:29 p.m.71 views

CVE-2016-8750

Apache Karaf prior to 4.0.8 used the LDAPLoginModule to authenticate users to a directory via LDAP. However, it did not encoding usernames properly and hence was vulnerable to LDAP injection attacks leading to a denial of service.

6.5CVSS6.4AI score0.0151EPSS
CVE
CVEadded 2019/03/21 4:1 p.m.71 views

CVE-2019-0191

Apache Karaf kar deployer reads .kar archives and extracts the paths from the "repository/" and "resources/" entries in the zip file. It then writes out the content of these paths to the Karaf repo and resources directories. However, it doesn't do any validation on the paths in the zip file. This m...

6.5CVSS6.3AI score0.05092EPSS