Lucene search

Veracode Vulnerability DatabaseVERACODE:7868

HistoryNov 21, 2018 - 6:37 a.m.

Remote Code Execution (RCE)

2018-11-2106:37:28

Veracode Vulnerability Database

sca.analysiscenter.veracode.com

4.2 Medium

CVSS3

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

HIGH

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

LOW

Integrity Impact

LOW

Availability Impact

LOW

CVSS:3.0/AV:L/AC:L/PR:H/UI:N/S:U/C:L/I:L/A:L

4.6 Medium

CVSS2

Access Vector

LOCAL

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:L/AC:L/Au:N/C:P/I:P/A:P

JSON

catalina is vulnerable to a remote code execution (RCE) attack. The library allows the replacement of the XML parser used for other web applications, allowing a malicious user to gain access to the applications’ web.xml, context.xml or tld files.

CPENameOperatorVersion
catalinaeq6.0.18
catalinale6.0.17
catalinale4.1.36
catalinale5.5.23
jakarta-slide-webdavclienteq2.1__3jpp.ep1.3.el5.1
hibernate3-annotationseq3.2.1__1.patch02.1jpp.ep1.2.el5.1
hibernate3-annotationseq3.2.1__1.patch01.1jpp.ep1.3.el5
hibernate3-annotationseq3.2.1__1.patch02.1jpp.ep1.2.el4
jgroupseq2.4.1__1.SP4.0jpp.ep1.2.el5
jgroupseq2.4.1.3__1jpp.ep1.1.el5

Name	Operator	Version
catalina	eq	6.0.18
catalina	le	6.0.17
catalina	le	4.1.36
catalina	le	5.5.23
jakarta-slide-webdavclient	eq	2.1__3jpp.ep1.3.el5.1
hibernate3-annotations	eq	3.2.1__1.patch02.1jpp.ep1.2.el5.1
hibernate3-annotations	eq	3.2.1__1.patch01.1jpp.ep1.3.el5
hibernate3-annotations	eq	3.2.1__1.patch02.1jpp.ep1.2.el4
jgroups	eq	2.4.1__1.SP4.0jpp.ep1.2.el5
jgroups	eq	2.4.1.3__1jpp.ep1.1.el5

Rows per page:

1-10 of 981

References

lists.apple.com/archives/security-announce/2010//Mar/msg00001.html

lists.opensuse.org/opensuse-security-announce/2009-07/msg00002.html

marc.info/?l=bugtraq&m=127420533226623&w=2

marc.info/?l=bugtraq&m=129070310906557&w=2

marc.info/?l=bugtraq&m=136485229118404&w=2

secunia.com/advisories/35685

secunia.com/advisories/35788

secunia.com/advisories/37460

secunia.com/advisories/42368

sunsolve.sun.com/search/document.do?assetkey=1-26-263529-1

support.apple.com/kb/HT4077

svn.apache.org/viewvc?rev=652592&view=rev

svn.apache.org/viewvc?rev=681156&view=rev

svn.apache.org/viewvc?rev=739522&view=rev

svn.apache.org/viewvc?rev=781542&view=rev

svn.apache.org/viewvc?rev=781708&view=rev

svn.apache.org/viewvc?view=revision&revision=652592

svn.apache.org/viewvc?view=revision&revision=739522

tomcat.apache.org/security-4.html

tomcat.apache.org/security-5.html

tomcat.apache.org/security-6.html

www.debian.org/security/2011/dsa-2207

www.mandriva.com/security/advisories?name=MDVSA-2009:136

www.mandriva.com/security/advisories?name=MDVSA-2009:138

www.mandriva.com/security/advisories?name=MDVSA-2010:176

www.securityfocus.com/archive/1/504090/100/0/threaded

www.securityfocus.com/archive/1/507985/100/0/threaded

www.securityfocus.com/bid/35416

www.securitytracker.com/id?1022336

www.vmware.com/security/advisories/VMSA-2009-0016.html

www.vupen.com/english/advisories/2009/1856

www.vupen.com/english/advisories/2009/3316

www.vupen.com/english/advisories/2010/3056

bz.apache.org/bugzilla/show_bug.cgi?id=45933

exchange.xforce.ibmcloud.com/vulnerabilities/51195

issues.apache.org/bugzilla/show_bug.cgi?id=29936

issues.apache.org/bugzilla/show_bug.cgi?id=45933

lists.apache.org/thread.html/06cfb634bc7bf37af7d8f760f118018746ad8efbd519c4b789ac9c2e%40%3Cdev.tomcat.apache.org%3E

lists.apache.org/thread.html/06cfb634bc7bf37af7d8f760f118018746ad8efbd519c4b789ac9c2e@%3Cdev.tomcat.apache.org%3E

lists.apache.org/thread.html/29dc6c2b625789e70a9c4756b5a327e6547273ff8bde7e0327af48c5%40%3Cdev.tomcat.apache.org%3E

lists.apache.org/thread.html/29dc6c2b625789e70a9c4756b5a327e6547273ff8bde7e0327af48c5@%3Cdev.tomcat.apache.org%3E

lists.apache.org/thread.html/8dcaf7c3894d66cb717646ea1504ea6e300021c85bb4e677dc16b1aa%40%3Cdev.tomcat.apache.org%3E

lists.apache.org/thread.html/8dcaf7c3894d66cb717646ea1504ea6e300021c85bb4e677dc16b1aa@%3Cdev.tomcat.apache.org%3E

lists.apache.org/thread.html/c62b0e3a7bf23342352a5810c640a94b6db69957c5c19db507004d74%40%3Cdev.tomcat.apache.org%3E

lists.apache.org/thread.html/c62b0e3a7bf23342352a5810c640a94b6db69957c5c19db507004d74@%3Cdev.tomcat.apache.org%3E

lists.apache.org/thread.html/r3aacc40356defc3f248aa504b1e48e819dd0471a0a83349080c6bcbf%40%3Cdev.tomcat.apache.org%3E

lists.apache.org/thread.html/r584a714f141eff7b1c358d4679288177bd4ca4558e9999d15867d4b5%40%3Cdev.tomcat.apache.org%3E

lists.apache.org/thread.html/rb71997f506c6cc8b530dd845c084995a9878098846c7b4eacfae8db3%40%3Cdev.tomcat.apache.org%3E

oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10716

oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A18913

oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6450

www.redhat.com/archives/fedora-package-announce/2009-November/msg01156.html

www.redhat.com/archives/fedora-package-announce/2009-November/msg01216.html

www.redhat.com/archives/fedora-package-announce/2009-November/msg01246.html

4.2 Medium

CVSS3

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

HIGH

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

LOW

Integrity Impact

LOW

Availability Impact

LOW

CVSS:3.0/AV:L/AC:L/PR:H/UI:N/S:U/C:L/I:L/A:L

4.6 Medium

CVSS2

Access Vector

LOCAL

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:L/AC:L/Au:N/C:P/I:P/A:P

JSON

Related for VERACODE:7868