CVE-2010-1622 – Spring Framework - Arbitrary code Execution
https://notcve.org/view.php?id=CVE-2010-1622
SpringSource Spring Framework 2.5.x before 2.5.6.SEC02, 2.5.7 before 2.5.7.SR01, and 3.0.x before 3.0.3 allows remote attackers to execute arbitrary code via an HTTP request containing class.classLoader.URLs[0]=jar: followed by a URL of a crafted .jar file. SpringSource Spring Framework v2.5.x anteriores a v2.5.6.SEC02, v2.5.7 anteriores a v2.5.7.SR01, y v3.0.x anteriores a v3.0.3 permite a atacantes remotos ejecutar código arbitrario a través de una petición HTTP que contenga class.classLoader.URLs[0]=jar: seguida por una URL de un fichero .jar modificado. • https://www.exploit-db.com/exploits/13918 https://github.com/HandsomeCat00/Spring-CVE-2010-1622 http://geronimo.apache.org/2010/07/21/apache-geronimo-v216-released.html http://geronimo.apache.org/21x-security-report.html http://geronimo.apache.org/22x-security-report.html http://secunia.com/advisories/41016 http://secunia.com/advisories/41025 http://secunia.com/advisories/43087 http://www.exploit-db.com/exploits/13918 http://www.oracle.com/technetwork/topics/security/cpuoct2015-236 • CWE-94: Improper Control of Generation of Code ('Code Injection') CWE-96: Improper Neutralization of Directives in Statically Saved Code ('Static Code Injection') •
CVE-2010-0853
https://notcve.org/view.php?id=CVE-2010-0853
Unspecified vulnerability in the Oracle Internet Directory component in Oracle Database 9.2.0.8, 9.2.0.8, and DV; and Oracle Fusion Middleware 10.1.2.3 and 10.1.4.0.1; allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors. Una vulnerabilidad no especificada en el componente de directorio de Internet (Oracle Internet Directory) en la base de datos Oracle v9.2.0.8, v9.2.0.8, y DV, y Oracle Fusion Middleware v10.1.2.3 y v10.1.4.0.1; permite a atacantes remotos afectar a la confidencialidad, integridad y disponibilidad de los datos a través de vectores desconocidos. • http://secunia.com/advisories/39438 http://secunia.com/advisories/39439 http://www.oracle.com/technetwork/topics/security/cpuapr2010-099504.html http://www.us-cert.gov/cas/techalerts/TA10-103B.html •
CVE-2010-0856
https://notcve.org/view.php?id=CVE-2010-0856
Unspecified vulnerability in the Portal component in Oracle Fusion Middleware 10.1.2.3 and 10.1.4.2 allows remote attackers to affect availability via unknown vectors. Una vulnerabilidad no especificada en el componente Portal de Oracle Fusion Middleware v10.1.2.3 y v10.1.4.2 permite a atacantes remotos afectar a la disponibilidad de los datos a través de vectores desconocidos. • http://secunia.com/advisories/39439 http://www.oracle.com/technetwork/topics/security/cpuapr2010-099504.html http://www.securityfocus.com/bid/39442 http://www.securitytracker.com/id?1023869 http://www.us-cert.gov/cas/techalerts/TA10-103B.html •
CVE-2010-0872
https://notcve.org/view.php?id=CVE-2010-0872
Unspecified vulnerability in the Oracle Internet Directory component in Oracle Fusion Middleware 10.1.2.3 and 10.1.4.3 allows remote attackers to affect availability via unknown vectors. Vulnerabilidad no especificada en el componente Oracle Internet Directory en Oracle Fusion Middleware 10.1.2.3 y 10.1.4.3 permite a atacantes remotos comprometer la disponibilidad mediante vectores desconocidos. • http://secunia.com/advisories/39439 http://www.oracle.com/technetwork/topics/security/cpuapr2010-099504.html http://www.us-cert.gov/cas/techalerts/TA10-103B.html •