58 matches found
CVE-2020-1938
CVE-2020-1938 (Tomcat AJP vulnerability) : The issue affects Apache Tomcat where the AJP Connector, enabled by default in several legacy releases, could be reached through untrusted networks. An attacker could exploit the configured AJP path to read arbitrary files in the web application and pote...
CVE-2022-22965
CVE-2022-22965 (Spring4Shell) affects Spring Framework’s Spring MVC and Spring WebFlux when data binding is enabled in apps running on JDK 9+, with exploitation requiring Tomcat as WAR deployment. The issue is not exploited in Spring Boot executable jars. Vulnerable configurations are associated ...
CVE-2021-23841
CVE-2021-23841 is described in connected advisories as a NULL pointer dereference in OpenSSL’s X509_issuer_and_serial_hash() when parsing the issuer field. This can crash a process if certificates from untrusted sources are processed and the issuer parsing fails, enabling a potential denial of se...
CVE-2018-11776
The CVE-2018-11776 issue affects Apache Struts 2.x versions 2.3–2.3.34 and 2.5–2.5.16. The underlying condition is when alwaysSelectFullNamespace is true and a result or url tag lacks a namespace/value, and the upper namespace/action configuration also has no or a wildcard namespace, allowing rem...
CVE-2017-12617
CVE-2017-12617 concerns Apache Tomcat JSP upload via HTTP PUT when readonly=false and PUTs are allowed. Affected: Tomcat 7.x/8.x/9.x (various 7.0.0–7.0.81, 8.0.0.RC1–8.0.46, 8.5.0–8.5.22, 9.0.0.M1–9.0.0) with PUT enabled. Root cause: PUT request handling allowed uploading a JSP, enabling remote c...
CVE-2022-22963
CVE-2022-22963 affects Spring Cloud Function: in versions 3.1.6, 3.2.2 and older unsupported releases, routing-expression using SpEL can be crafted by a user to trigger remote code execution and access local resources. The root cause is unsafe evaluation of SpEL within the HTTP request routing he...
CVE-2020-9484
CVE-2020-9484 is a deserialization flaw in Apache Tomcat that, under a specific FileStore PersistenceManager configuration and a crafted request, can trigger remote code execution. Affected are Tomcat versions 10.0.0-M1 to 10.0.0, 9.0.0.M1 to 9.0.41, 8.5.0 to 8.5.61, and 7.0.0 to 7.0.107 when the...
CVE-2020-1935
CVE-2020-1935 affects Apache Tomcat across multiple branches: 9.0.0.M1–9.0.30, 8.5.0–8.5.50, and 7.0.0–7.0.99. It stems from HTTP header parsing that can mishandle end-of-line and Transfer-Encoding, enabling HTTP Request Smuggling when Tomcat sits behind certain reverse proxies. Impact is informa...
CVE-2021-4104
CVE-2021-4104 affects JMSAppender in Log4j 1.2 when it is explicitly configured to use JMSAppender. A deserialization of untrusted data can occur if an attacker can write Log4j configuration and supply TopicBindingName and TopicConnectionFactoryBindingName, causing JMSAppender to perform JNDI req...
CVE-2020-17530
CVE-2020-17530 describes a vulnerability in Apache Struts 2 where forced OGNL evaluation on raw user input in tag attributes can cause remote code execution. Affected products range from Struts 2.0.0 up to 2.5.25. The description states that evaluating untrusted input via the %{...} syntax enable...
CVE-2019-17563
Tomcat CVE-2019-17563: A race-condition in FORM authentication allowed a session-fixation window in Tomcat 9.0.0.M1–9.0.29, 8.5.0–8.5.49, and 7.0.0–7.0.98. The issue is acknowledged as a vulnerability with practical exploitation not detailed in the provided docs. Affected products: Apache Tomcat....
CVE-2021-45105
Summary of CVE-2021-45105 (Log4j2) : Affected Log4j 2.x versions 2.0-alpha1 through 2.16.0 (except 2.12.3 and 2.3.1) are vulnerable to denial of service via uncontrolled recursion triggered by self-referential lookups in Thread Context Map data. The root cause is improper handling of self-referen...
CVE-2019-17571
CVE-2019-17571 affects the Apache Log4j 1.x SocketServer: it deserializes serialized log events from untrusted network input without proper whitelisting, enabling remote code execution when combined with a deserialization gadget. Affected are Log4j 1.2 up to 1.2.17; exploitation hinges on receivi...
CVE-2021-41182
CVE-2021-41182 is an XSS in the jQuery-UI Datepicker altField path (embedded in some OTRS deployments). Affected version observed as 1.12.1 copy; the issue is fixed in jQuery UI 1.13.0 by treating any altField value as a CSS selector. Debris from related CVEs (41183/41184) describe similar issues...
CVE-2016-8735
CVE-2016-8735 is a remote code execution vulnerability in Apache Tomcat via JmxRemoteLifecycleListener. Affected are Tomcat releases before 6.0.48, 7.x before 7.0.73, 8.x before 8.0.39, 8.5.x before 8.5.7, and 9.x before 9.0.0.M12, when JMX ports are reachable. Root cause: JmxRemoteLifecycleListe...
CVE-2020-13935
CVE-2020-13935 affects Apache Tomcat: the WebSocket frame payload length was not properly validated, which could trigger an infinite loop and allow DoS via multiple invalid payloads. Affected: Tomcat 10.0.0-M1 to 10.0.0-M6, 9.0.0.M1 to 9.0.36, 8.5.0 to 8.5.56, and 7.0.27 to 7.0.104. The initial d...
CVE-2021-25329
The CVE-2021-25329 entry is tied to an incomplete fix for CVE-2020-9484 in Apache Tomcat. In affected releases (Tomcat 10.0.0-M1 to 10.0.0, 9.0.0.M1 to 9.0.41, 8.5.0 to 8.5.61, and 7.0.0 to 7.0.107) a configuration edge case that was deemed highly unlikely could leave the Tomcat instance vulnerab...
CVE-2021-25122
CVE-2021-25122 affects Apache Tomcat across multiple lines: 10.0.0-M1 to 10.0.0, 9.0.0.M1 to 9.0.41, and 8.5.0 to 8.5.61. The issue allows duplicating request headers and a limited amount of request body from one request to another, enabling cross-user visibility of results (information disclosur...
CVE-2019-1559
OpenSSL vulnerability CVE-2019-1559 describes a padding-oracle weakness where, if an application encounters a fatal protocol error and then calls SSL_shutdown() twice (to send close_notify and to receive one), the server may respond differently to a 0-byte record with invalid padding versus inval...
CVE-2022-23302
CVE-2022-23302 affects Log4j 1.x JMSSink. TheDeserialization flaw allows remote code execution when an attacker can write to the Log4j configuration or when the configuration references an LDAP service the attacker controls. JMSSink can be triggered via a TopicConnectionFactoryBindingName to caus...
CVE-2020-1967
CVE-2020-1967 describes a NULL pointer dereference in OpenSSL’s SSL_check_chain() during or after a TLS 1.3 handshake, caused by incorrect handling of the signature_algorithms_cert extension. A malicious peer sending an invalid/unrecognized signature algorithm can crash the server/client, enablin...
CVE-2022-23307
CVE-2022-23307 concerns a deserialization vulnerability in the Chainsaw component of Apache Log4j 1.x (Chainsaw bundled with Log4j 1.2.x). The root cause is unsafe deserialization of untrusted data via Chainsaw, allowing potential code execution. Multiple Atlassian products initially bundled Chai...
CVE-2020-17527
CVE-2020-17527 affects multiple Apache Tomcat releases where HTTP/2 stream handling could cause information leakage by reusing an HTTP request header value from a previous stream for the next stream. Affected products/versions include Tomcat 10.0.0-M1–M9, 9.0.0-M1–9.0.39, and 8.5.0–8.5.59; the is...
CVE-2021-3711
CVE-2021-3711 involves a bug in OpenSSL SM2 decryption: the buffer-size calculation during EVP_PKEY_decrypt() first call can under-allocate, enabling a later second call with a too-small buffer and causing a buffer overflow (up to 62 bytes). The issue affects OpenSSL 1.1.1 up to 1.1.1k and is fix...
CVE-2020-11996
CVE-2020-11996 affects Apache Tomcat versions 10.0.0-M1 to 10.0.0-M5, 9.0.0.M1 to 9.0.35, and 8.5.0 to 8.5.55, where a specially crafted sequence of HTTP/2 requests could trigger high CPU and make the server unresponsive. Multiple connected advisories confirm this DoS through HTTP/2 traffic. Publ...
CVE-2022-23305
CVE-2022-23305 concerns Apache Log4j 1.x when configured with JDBCAppender: an SQL statement is built from a PatternLayout-converted value (notably %m), allowing an attacker to craft input to alter and potentially execute SQL. The issue is specific to Log4j 1.x if JDBCAppender is used; JDBCAppend...
CVE-2021-3712
The CVE-2021-3712 issue affects OpenSSL where ASN1_STRING data may not be NUL-terminated if constructed directly (or via ASN1_STRING_set0), causing read-buffer overreads when many OpenSSL print/name-constraining paths handle such ASN.1 strings. Exploitation could crash the application (DoS) or di...
CVE-2020-13934
CVE-2020-13934 affects multiple Apache Tomcat releases (8.5.1–8.5.56, 9.0.x, 10.0.x up to M6) where an h2c direct connection didn’t release the HTTP/1.1 processor after upgrading to HTTP/2, potentially causing OutOfMemoryError and denial of service. Public advisories across vendors and distributi...
CVE-2021-33037
CVE-2021-33037 affects Apache Tomcat: versions 10.0.0-M1–10.0.6, 9.0.0.M1–9.0.46, and 8.5.0–8.5.66 may mishandle the HTTP transfer-encoding header with reverse proxies, enabling request smuggling. Root cause: improper header handling allowing spoofed content encoding sequencing. Impact stated in ...
CVE-2021-41183
CVE-2021-41183 concerns jQuery-UI’s Datepicker in the embedded jQuery-UI copy used by OTRS (notably in the 1.12.1 series). The vulnerability arises from accepting values for the various *Text options from untrusted sources, which could allow execution of untrusted code. The issue is fixed in jQue...
CVE-2017-5645
CVE-2017-5645 affects Apache Log4j 2.x prior to 2.8.2. The vulnerability arises when using a TCP/UDP socket server to receive serialized log events from another application; a crafted binary payload can be deserialized to execute arbitrary code. The documented impact is remote code execution via ...
CVE-2021-3450
CVE-2021-3450 affects OpenSSL 1.1.1h–1.1.1j where a bug in the X509_V_FLAG_X509_STRICT path overwrote a prior CA-check result, bypassing the non-CA certificates prohibition unless a programmed purpose is used. When a purpose is configured, the certificate chain is still rejected; the issue is fix...
CVE-2019-1551
CVE-2019-1551 refers to an overflow bug in the x64_64 Montgomery squaring procedure used in OpenSSL during exponentiation with 512-bit moduli. OpenSSL notes no impact to EC, while DH512 attacks are only just feasible under certain conditions. Public disclosures and advisories confirm the issue an...
CVE-2019-17569
CVE-2019-17569: In Apache Tomcat, a regression from refactoring in 9.0.28–9.0.30, 8.5.48–8.5.50, and 7.0.98–7.0.99 caused invalid Transfer-Encoding header handling, enabling HTTP Request Smuggling behind a misconfigured reverse proxy. Connected advisories show mitigations: Amazon Linux 2 ALAS2TOM...
CVE-2019-0230
CVE-2019-0230 affects Apache Struts 2.0.0–2.5.20 and is caused by forced double OGNL evaluation on raw user input in tag attributes, potentially enabling remote code execution. Reported impact is remote code execution with high severity (CVE CVSSv3 9.8). Mitigation documented in the sources inclu...
CVE-2022-23181
CVE-2022-23181 is a TOCTTOU vulnerability introduced by the fix for CVE-2020-9484 in Apache Tomcat when the server persists sessions using FileStore. It is exploitable by a local attacker who can perform actions with the Tomcat process user privileges. Affected ranges (per the sources) include To...
CVE-2022-21824
CVE-2022-21824 is a prototype pollution vulnerability in Node.js linked to console.table properties. It affects Node.js prior to patched releases and can be triggered when user-controlled data is passed as the first parameter with a plain object containing an own property such as proto . Public a...
CVE-2022-22968
CVE-2022-22968 affects Spring Framework where DataBinder’s disallowedFields patterns are case sensitive in versions 5.3.0–5.3.18, 5.2.0–5.2.20, and older unsupported releases. The issue means a field is not fully protected unless every first character (and nested path) is listed in both uppercase...
CVE-2021-44531
CVE-2021-44531 affects Node.js and stems from improper handling of URI SAN types in X.509 certificate hostname verification. Older Node.js releases accepted URI SANs by default and could bypass name-constrained intermediates when PKIs aren’t defined for that SAN type; URI matching could also fail...
CVE-2021-22118
CVE-2021-22118 affects the Spring Framework WebFlux component. The vulnerability exists in Spring Framework versions: 5.2.x prior to 5.2.15 and 5.3.x prior to 5.3.7. An authenticated local attacker can exploit a flaw tied to (re)creating the temporary storage directory to read or modify files upl...
CVE-2020-5421
CVE-2020-5421 affects Spring Framework releases across multiple lines (5.2.x to 5.0.x, 4.3.x and older). The issue arises from improper input handling of the jsessionid path parameter, which may bypass RFD Protection and weaken security controls. Affected products reference VMware Tanzu Spring Fr...
CVE-2021-44533
CVE-2021-44533 affects Node.js by improper handling of multi-value Relative Distinguished Names, potentially allowing bypass of certificate subject verification. Affected are Node.js versions < 12.22.9, < 14.18.3, < 16.13.2, and
CVE-2021-44532
CVE-2021-44532 affects Node.js where SAN handling converts Subject Alternative Names to a string to validate hostnames. The vulnerability allows bypass of certificate name constraints when present in a certificate chain. Affected versions include Node.js <12.22.9, <14.18.3, <16.13.2, and
CVE-2018-1258
CVE-2018-1258 affects Spring Framework 5.0.5 when used with any Spring Security version, enabling an authorization bypass for method security. An unauthorized user could access restricted methods. The connected advisory from F5 reiterates the same vulnerability description and lists affected prod...
CVE-2020-5397
CVE-2020-5397 - Normal details Affected software: Spring Framework 5.2.x (prior to 5.2.3) where CSRF is possible via CORS preflight requests targeting Spring MVC (spring-webmvc) or Spring WebFlux (spring-webflux). Vulnerability and impact: Non-authenticated endpoints can be exploited through pref...
CVE-2018-15756
CVE-2018-15756 (Spring Framework) affects Spring Web MVC/WebFlux ranges handling: the ResourceHttpRequestHandler, or returning a Resource from an annotated controller, can be abused by a crafted Range header to trigger a denial-of-service. Affected versions include Spring Framework 5.1, 5.0.x bef...
CVE-2021-22112
CVE-2021-22112 involves Spring Security flaws that could enable privilege escalation when the SecurityContext is modified multiple times in a single request. Affected versions: Spring Security 5.4.x before 5.4.4, 5.3.x before 5.3.8.RELEASE, 5.2.x before 5.2.9.RELEASE (and older unsupported versio...
CVE-2020-26237
Highlight.js vulnerability CVE-2020-26237: Prototype Pollution in versions before 9.18.2 and 10.1.2 (and older); a malicious HTML block could pollute Object.prototype during highlighting. Upstream fixes exist in 9.18.2+, 10.1.2+, and newer. Debian/OSS advisories also reference updates; remediatio...
CVE-2018-11039
CVE-2018-11039 affects the Spring Framework, where the HiddenHttpMethodFilter in Spring MVC allows web apps to change the HTTP request method to any method (including TRACE). This can enable an attacker with an existing XSS vulnerability to escalate to an XST (Cross Site Tracing) attack. Affected...
CVE-2019-0233
CVE-2019-0233 is an Apache Struts vulnerability (affecting Struts 2.0.0–2.5.20) where an access-permission override during file uploads can cause a Denial of Service. Exploitation requires a crafted request, and the impact is DoS during subsequent uploads. Remediation is to upgrade to a fixed Str...