Lucene search
Veracode Vulnerability DatabaseVERACODE:3671HistoryMar 17, 2017 - 1:15 a.m.
Unauthorized Access
2017-03-1701:15:40
Veracode Vulnerability Database
sca.analysiscenter.veracode.com
7
EPSS
0.001
Percentile
48.4%
karaf-webconsole is vulnerable to unauthorized access. The vulnerability exists when the gogo feature is installed with the webconsole feature, causing the /gogo endpoint to be accessed without authentication.
References
git-wip-us.apache.org/repos/asf?p=karaf.git;h=1fc60d7
git-wip-us.apache.org/repos/asf?p=karaf.git;h=434e525
git-wip-us.apache.org/repos/asf?p=karaf.git;h=cfa213a
github.com/apache/karaf/commit/1fc60d7792e1aa35970b8d967f88ca3381053172
github.com/apache/karaf/commit/cfa213ad680ded70b70bf0c648891a06386ef632
issues.apache.org/jira/browse/KARAF-4993
www.mail-archive.com/[email protected]/msg16123.html
Related
osv
osv
CVE-2018-11787
2018-09-18 14:29:00
Improper Authentication in Apache Karaf
2019-01-07 19:14:51
redhatcve
redhatcve
CVE-2018-11787
2018-09-20 09:20:19
cve
cve
CVE-2018-11787
2018-09-18 14:29:00
prion
prion
Authentication flaw
2018-09-18 14:29:00
cvelist
cvelist
CVE-2018-11787
2018-09-18 14:00:00
nvd
nvd
CVE-2018-11787
2018-09-18 14:29:00
github
github
Improper Authentication in Apache Karaf
2019-01-07 19:14:51