CVSS: 8.8EPSS: 1%CPEs: 81EXPL: 0CVE-2018-1258 – spring-security-core: Unauthorized Access with Spring Security Method Security
https://notcve.org/view.php?id=CVE-2018-1258
11 May 2018 — Spring Framework version 5.0.5 when used in combination with any versions of Spring Security contains an authorization bypass when using method security. An unauthorized malicious user can gain unauthorized access to methods that should be restricted. La versión 5.0.5 de Spring Framework, cuando se utiliza en combinación con cualquier versión de Spring Security, contiene un omisión de autorización cuando se utiliza la seguridad del método. Un usuario malicioso no autorizado puede obtener acceso no autorizad... • http://www.oracle.com/technetwork/security-advisory/cpujul2018-4258247.html • CWE-287: Improper Authentication CWE-863: Incorrect Authorization •
CVSS: 6.5EPSS: 0%CPEs: 71EXPL: 0CVE-2018-1257 – spring-framework: ReDoS Attack with spring-messaging
https://notcve.org/view.php?id=CVE-2018-1257
11 May 2018 — Spring Framework, versions 5.0.x prior to 5.0.6, versions 4.3.x prior to 4.3.17, and older unsupported versions allows applications to expose STOMP over WebSocket endpoints with a simple, in-memory STOMP broker through the spring-messaging module. A malicious user (or attacker) can craft a message to the broker that can lead to a regular expression, denial of service attack. Spring Framework, en versiones 5.0.x anteriores a la 5.0.6, versiones 4.3.x anteriores a la 4.3.17 y versiones antiguas no soportadas,... • http://www.oracle.com/technetwork/security-advisory/cpuoct2018-4428296.html • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 7.5EPSS: 0%CPEs: 67EXPL: 0CVE-2018-1272 – spring-framework: Multipart content pollution
https://notcve.org/view.php?id=CVE-2018-1272
06 Apr 2018 — Spring Framework, versions 5.0 prior to 5.0.5 and versions 4.3 prior to 4.3.15 and older unsupported versions, provide client-side support for multipart requests. When Spring MVC or Spring WebFlux server application (server A) receives input from a remote client, and then uses that input to make a multipart request to another server (server B), it can be exposed to an attack, where an extra multipart is inserted in the content of the request from server A, causing server B to use the wrong value for a part ... • http://www.oracle.com/technetwork/security-advisory/cpujul2018-4258247.html • CWE-88: Improper Neutralization of Argument Delimiters in a Command ('Argument Injection') •
CVSS: 6.5EPSS: 1%CPEs: 72EXPL: 0CVE-2018-1271 – spring-framework: Directory traversal vulnerability with static resources on Windows filesystems
https://notcve.org/view.php?id=CVE-2018-1271
06 Apr 2018 — Spring Framework, versions 5.0 prior to 5.0.5 and versions 4.3 prior to 4.3.15 and older unsupported versions, allow applications to configure Spring MVC to serve static resources (e.g. CSS, JS, images). When static resources are served from a file system on Windows (as opposed to the classpath, or the ServletContext), a malicious user can send a request using a specially crafted URL that can lead a directory traversal attack. Spring Framework, en versiones 5.0 anteriores a la 5.0.5 y versiones 4.3 anterior... • http://www.oracle.com/technetwork/security-advisory/cpujul2018-4258247.html • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •
CVSS: 9.8EPSS: 85%CPEs: 70EXPL: 6CVE-2018-1270 – spring-framework: Possible RCE via spring messaging
https://notcve.org/view.php?id=CVE-2018-1270
06 Apr 2018 — Spring Framework, versions 5.0 prior to 5.0.5 and versions 4.3 prior to 4.3.15 and older unsupported versions, allow applications to expose STOMP over WebSocket endpoints with a simple, in-memory STOMP broker through the spring-messaging module. A malicious user (or attacker) can craft a message to the broker that can lead to a remote code execution attack. Spring Framework, en versiones 5.0 anteriores a la 5.0.5 y versiones 4.3 anteriores a la 4.3.15, así como versiones más antiguas no soportadas, permite ... • https://packetstorm.news/files/id/147974 • CWE-20: Improper Input Validation CWE-94: Improper Control of Generation of Code ('Code Injection') CWE-358: Improperly Implemented Security Check for Standard •
CVSS: 9.8EPSS: 0%CPEs: 12EXPL: 0CVE-2015-3153 – Debian Security Advisory 3240-1
https://notcve.org/view.php?id=CVE-2015-3153
30 Apr 2015 — The default configuration for cURL and libcurl before 7.42.1 sends custom HTTP headers to both the proxy and destination server, which might allow remote proxy servers to obtain sensitive information by reading the header contents. La configuración por defecto para cURL y libcurl anterior a 7.42.1 envía cabeceras HTTP personalizadas tanto al servidor proxy como al de destinación, lo que podría permitir a servidores proxy remotos obtener información sensible mediante la lectura de los contenidos de cabeceras... • http://curl.haxx.se/docs/adv_20150429.html • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 7.5EPSS: 0%CPEs: 17EXPL: 0CVE-2014-8109 – Ubuntu Security Notice USN-2523-1
https://notcve.org/view.php?id=CVE-2014-8109
29 Dec 2014 — mod_lua.c in the mod_lua module in the Apache HTTP Server 2.3.x and 2.4.x through 2.4.10 does not support an httpd configuration in which the same Lua authorization provider is used with different arguments within different contexts, which allows remote attackers to bypass intended access restrictions in opportunistic circumstances by leveraging multiple Require directives, as demonstrated by a configuration that specifies authorization for one group to access a certain directory, and authorization for a se... • http://advisories.mageia.org/MGASA-2015-0011.html • CWE-863: Incorrect Authorization •
CVSS: 7.5EPSS: 13%CPEs: 31EXPL: 0CVE-2014-3581 – httpd: NULL pointer dereference in mod_cache if Content-Type has empty value
https://notcve.org/view.php?id=CVE-2014-3581
10 Oct 2014 — The cache_merge_headers_out function in modules/cache/cache_util.c in the mod_cache module in the Apache HTTP Server before 2.4.11 allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) via an empty HTTP Content-Type header. La función cache_merge_headers_out en modules/cache/cache_util.c en el módulo mod_cache en el servidor Apache HTTP anterior a 2.4.11 permite a atacantes remotos causar una denegación de servicio (referencia a puntero nulo y caída de la apli... • http://lists.apple.com/archives/security-announce/2015/Aug/msg00001.html • CWE-476: NULL Pointer Dereference •
CVSS: 7.5EPSS: 25%CPEs: 76EXPL: 1CVE-2013-5704 – httpd: bypass of mod_headers rules via chunked requests
https://notcve.org/view.php?id=CVE-2013-5704
15 Apr 2014 — The mod_headers module in the Apache HTTP Server 2.2.22 allows remote attackers to bypass "RequestHeader unset" directives by placing a header in the trailer portion of data sent with chunked transfer coding. NOTE: the vendor states "this is not a security issue in httpd as such." El módulo mod_headers en el servidor de Apache HTTP 2.2.22 permite a atacantes remotos evadir directivas "RequestHeader unset" mediante la colocación de una cabera en la porción "trailer" de datos enviados con codificación de tran... • http://lists.apple.com/archives/security-announce/2015/Apr/msg00001.html • CWE-287: Improper Authentication •
CVSS: 7.5EPSS: 1%CPEs: 24EXPL: 1CVE-2014-1491 – nss: Do not allow p-1 as a public DH value (MFSA 2014-12)
https://notcve.org/view.php?id=CVE-2014-1491
06 Feb 2014 — Mozilla Network Security Services (NSS) before 3.15.4, as used in Mozilla Firefox before 27.0, Firefox ESR 24.x before 24.3, Thunderbird before 24.3, SeaMonkey before 2.24, and other products, does not properly restrict public values in Diffie-Hellman key exchanges, which makes it easier for remote attackers to bypass cryptographic protection mechanisms in ticket handling by leveraging use of a certain value. Mozilla Network Security Services (NSS) anterior a 3.15.4, utilizado en Mozilla Firefox anterior a ... • http://hg.mozilla.org/projects/nss/rev/12c42006aed8 • CWE-326: Inadequate Encryption Strength CWE-358: Improperly Implemented Security Check for Standard •