CVE-2022-46337 – Apache Derby: LDAP injection vulnerability in authenticator
https://notcve.org/view.php?id=CVE-2022-46337
A cleverly devised username might bypass LDAP authentication checks. In LDAP-authenticated Derby installations, this could let an attacker fill up the disk by creating junk Derby databases. In LDAP-authenticated Derby installations, this could also allow the attacker to execute malware which was visible to and executable by the account which booted the Derby server. In LDAP-protected databases which weren't also protected by SQL GRANT/REVOKE authorization, this vulnerability could also let an attacker view and corrupt sensitive data and run sensitive database functions and procedures. Mitigation: Users should upgrade to Java 21 and Derby 10.17.1.0. Alternatively, users who wish to remain on older Java versions should build their own Derby distribution from one of the release families to which the fix was backported: 10.16, 10.15, and 10.14. Those are the releases which correspond, respectively, with Java LTS versions 17, 11, and 8. • https://lists.apache.org/thread/q23kvvtoohgzwybxpwozmvvk17rp0td3 • CWE-74: Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection') •
CVE-2018-1313
https://notcve.org/view.php?id=CVE-2018-1313
In Apache Derby 10.3.1.4 to 10.14.1.0, a specially-crafted network packet can be used to request the Derby Network Server to boot a database whose location and contents are under the user's control. If the Derby Network Server is not running with a Java Security Manager policy file, the attack is successful. If the server is using a policy file, the policy file must permit the database location to be read for the attack to work. The default Derby Network Server policy file distributed with the affected releases includes a permissive policy as the default Network Server policy, which allows the attack to work. En Apache Derby 10.3.1.4 a 10.14.1.0, un paquete de red especialmente manipulado puede emplearse para solicitar que Derby Network Server cargue una base de datos cuya ubicación y contenido están bajo el control del usuario. • https://github.com/tafamace/CVE-2018-1313 http://www.securityfocus.com/bid/104140 https://lists.apache.org/thread.html/519eb0fd45642dcecd9ff74cb3e71c20a4753f7d82e2f07864b5108f%40%3Cdev.drill.apache.org%3E https://lists.apache.org/thread.html/b0656d359c7d40ec9f39c8cc61bca66802ef9a2a12ee199f5b0c1442%40%3Cdev.drill.apache.org%3E https://lists.apache.org/thread.html/f9bc3e55f4e28d1dcd1a69aae6d53e609a758e34d2869b4d798e13cc%40%3Cissues.drill.apache.org%3E https://lists.apache.org/thread.html/r437d94437e6aef31af689b1e7025d024d676fd1ea9901d74e3e9ae48%40%3Cissues.hive.apache.org •
CVE-2010-2232
https://notcve.org/view.php?id=CVE-2010-2232
In Apache Derby 10.1.2.1, 10.2.2.0, 10.3.1.4, and 10.4.1.3, Export processing may allow an attacker to overwrite an existing file. En Apache Derby 10.1.2.1, 10.2.2.0, 10.3.1.4 y 10.4.1.3, el procesamiento de Export puede permitir que un atacante sobrescriba un archivo existente. • http://db.apache.org/derby/releases/release-10.6.2.1.html#Note+for+DERBY-2925 http://www.securityfocus.com/bid/101562 https://issues.apache.org/jira/browse/DERBY-2925 • CWE-284: Improper Access Control •
CVE-2015-1832
https://notcve.org/view.php?id=CVE-2015-1832
XML external entity (XXE) vulnerability in the SqlXmlUtil code in Apache Derby before 10.12.1.1, when a Java Security Manager is not in place, allows context-dependent attackers to read arbitrary files or cause a denial of service (resource consumption) via vectors involving XmlVTI and the XML datatype. Vulnerabilidad de XXE en el código SqlXmlUtil en Apache Derby en versiones anteriores a 10.12.1.1, cuando un Java Security Manager no está en su lugar, permite a atacantes depedientes del contexto leer archivos arbitrarios o provocar una denegación de servicio (consumo de recursos) a través de vectores que implican XmlVTI y el tipo de datos XML. • http://www-01.ibm.com/support/docview.wss?uid=swg21990100 http://www.securityfocus.com/bid/93132 https://issues.apache.org/jira/browse/DERBY-6807 https://lists.apache.org/thread.html/519eb0fd45642dcecd9ff74cb3e71c20a4753f7d82e2f07864b5108f%40%3Cdev.drill.apache.org%3E https://lists.apache.org/thread.html/708d94141126eac03011144a971a6411fcac16d9c248d1d535a39451%40%3Csolr-user.lucene.apache.org%3E https://lists.apache.org/thread.html/b0656d359c7d40ec9f39c8cc61bca66802ef9a2a12ee199f5b0c1442%40%3Cdev.drill.apache.org%3E https://lists.apache.org • CWE-399: Resource Management Errors CWE-611: Improper Restriction of XML External Entity Reference •
CVE-2009-4269
https://notcve.org/view.php?id=CVE-2009-4269
The password hash generation algorithm in the BUILTIN authentication functionality for Apache Derby before 10.6.1.0 performs a transformation that reduces the size of the set of inputs to SHA-1, which produces a small search space that makes it easier for local and possibly remote attackers to crack passwords by generating hash collisions, related to password substitution. El algoritmo de generación del hash de la contraseña en la funcionalidad autenticación BUILTIN de Apache Derby en versiones anteriores a la v10.6.1.0 realiza una transformación que reduce el tamaño del conjunto de entrada a SHA-1, lo que produce un espacio de búsqueda pequeño que facilita a usuarios locales y, posiblemente, remotos romper contraseñas generando colisiones de hash, relacionado con la substitución de contraseña. • http://blogs.sun.com/kah/entry/derby_10_6_1_has http://db.apache.org/derby/releases/release-10.6.1.0.cgi#Fix+for+Security+Bug+CVE-2009-4269 http://marc.info/?l=apache-db-general&m=127428514905504&w=1 http://marcellmajor.com/derbyhash.html http://secunia.com/advisories/42948 http://secunia.com/advisories/42970 http://www.oracle.com/technetwork/topics/security/cpujan2011-194091.html http://www.securityfocus.com/bid/42637 http://www.securitytracker.com/id?1024977 http:& • CWE-310: Cryptographic Issues •