4 matches found
CVE-2007-0185
DWR (Getahead Direct Web Remoting) before version 1.1.4 is vulnerable to denial of service due to memory exhaustion triggered by a large number of batched calls; the specific vectors are not detailed in the provided documents. No remediation details are present here.
CVE-2007-0184
CVE-2007-0184 concerns Getahead Direct Web Remoting (DWR) prior to 1.1.4. A crafted request can bypass include/exclude checks and enable unauthorized access to public methods, indicating an authorization bypass vulnerability . The connected documents reference this CVE across multiple advisories ...
CVE-2006-6916
CVE-2006-6916 affects Getahead Direct Web Remoting (DWR) prior to 1.1.3. The provided connected Red Hat entry corroborates that attackers can cause a denial of service (infinite loop) via crafted input. The exact root cause, vulnerable component(s) within DWR, affected versions beyond the stated ...
CVE-2007-2377
The CVE-2007-2377 vulnerability affects the Getahead Direct Web Remoting (DWR) framework up to version 1.1.4, where JSON data is exchanged without an accompanying protection scheme. This enables JavaScript Hijacking: an attacker can retrieve sensitive data by loading a page that fetches data via ...