CVE-2019-12419 – cxf: OpenId Connect token service does not properly validate the clientId
https://notcve.org/view.php?id=CVE-2019-12419
Apache CXF before 3.3.4 and 3.2.11 provides all of the components that are required to build a fully fledged OpenId Connect service. There is a vulnerability in the access token services, where it does not validate that the authenticated principal is equal to that of the supplied clientId parameter in the request. If a malicious client was able to somehow steal an authorization code issued to another client, then they could exploit this vulnerability to obtain an access token for the other client. Apache CXF versiones anteriores a la versión 3.3.4 y 3.2.11, provee todos los componentes necesarios para construir un servicio OpenId Connect completamente desarrollado. Existe una vulnerabilidad en los servicios de token de acceso, donde no comprueba que el principal autenticado sea igual al del parámetro clientId proporcionado en la petición. • http://cxf.apache.org/security-advisories.data/CVE-2019-12419.txt.asc https://lists.apache.org/thread.html/r36e44ffc1a9b365327df62cdfaabe85b9a5637de102cea07d79b2dbf%40%3Ccommits.cxf.apache.org%3E https://lists.apache.org/thread.html/r861eb1a9e0250e9150215b17f0263edf62becd5e20fc96251cff59f6%40%3Cdev.cxf.apache.org%3E https://lists.apache.org/thread.html/rc774278135816e7afc943dc9fc78eb0764f2c84a2b96470a0187315c%40%3Ccommits.cxf.apache.org%3E https://lists.apache.org/thread.html/rd49aabd984ed540c8ff7916d4d79405f3fa311d2fdbcf9ed307839a6%40%3Ccommits.cxf.apache.org%3E https: • CWE-287: Improper Authentication CWE-863: Incorrect Authorization •
CVE-2019-12406 – cxf: does not restrict the number of message attachments
https://notcve.org/view.php?id=CVE-2019-12406
Apache CXF before 3.3.4 and 3.2.11 does not restrict the number of message attachments present in a given message. This leaves open the possibility of a denial of service type attack, where a malicious user crafts a message containing a very large number of message attachments. From the 3.3.4 and 3.2.11 releases, a default limit of 50 message attachments is enforced. This is configurable via the message property "attachment-max-count". Apache CXF versiones anteriores a la versión 3.3.4 y 3.2.11, no restringe el número de archivos adjuntos presentes en un mensaje dado. • http://cxf.apache.org/security-advisories.data/CVE-2019-12406.txt.asc https://lists.apache.org/thread.html/r36e44ffc1a9b365327df62cdfaabe85b9a5637de102cea07d79b2dbf%40%3Ccommits.cxf.apache.org%3E https://lists.apache.org/thread.html/r92238967ba2783d3ab5a483f2e17f5fdaa8ace98990f69f9e8e15de0%40%3Cissues.cxf.apache.org%3E https://lists.apache.org/thread.html/rabc395b38acb7f2465bfbf0bc16d6e1e95720c89bea87abe8808eeea%40%3Cissues.cxf.apache.org%3E https://lists.apache.org/thread.html/rb2a6dab1f781f55326543c56dc29ea677759439ddfeba920c83037e6%40%3Cissues.cxf.apache.org%3E https: • CWE-400: Uncontrolled Resource Consumption CWE-770: Allocation of Resources Without Limits or Throttling •
CVE-2016-5482
https://notcve.org/view.php?id=CVE-2016-5482
Unspecified vulnerability in the Oracle Commerce Guided Search component in Oracle Commerce 6.2.2, 6.3.0, 6.4.1.2, and 6.5.0 through 6.5.2 allows remote attackers to affect confidentiality and integrity via unknown vectors. Vulnerabilidad no especificada en el componente Oracle Commerce Guided Search en Oracle Commerce 6.2.2, 6.3.0, 6.4.1.2 y 6.5.0 hasta la versión 6.5.2 permite a atacantes remotos afectar la confidencialidad y la integridad a través de vectores desconocidos. • http://www.oracle.com/technetwork/security-advisory/cpuoct2016-2881722.html http://www.securityfocus.com/bid/93664 • CWE-284: Improper Access Control •
CVE-2015-0495 – Oracle Endeca Tools and Frameworks Script.action Remote Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2015-0495
Unspecified vulnerability in the Oracle Commerce Guided Search / Oracle Commerce Experience Manager component in Oracle Commerce Platform 3.x and 11.x allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Workbench. Vulnerabilidad no especificada en el componente Oracle Commerce Guided Search / Oracle Commerce Experience Manager en Oracle Commerce Platform 3.x y 11.x permite a atacantes remotos afectar la confidencialidad, la integridad y la disponibilidad a través de vectores desconocidos relacionados con Workbench. This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Oracle Endeca Tools and Frameworks. Authentication is required to exploit this vulnerability, but authentication is easily bypassed. This product installs a web application called Oracle Endeca Workbench, which includes a handler for requests to Script.action. This handler fails to properly authenticate the user, so that an attacker can access this handler using the built-in and undocumented "anonymous" user account. • http://www.oracle.com/technetwork/topics/security/cpuapr2015-2365600.html •