CVSS: 6.5EPSS: 6%CPEs: 50EXPL: 1CVE-2018-1305 – tomcat: Late application of security constraints can lead to resource exposure for unauthorised users
https://notcve.org/view.php?id=CVE-2018-1305
23 Feb 2018 — Security constraints defined by annotations of Servlets in Apache Tomcat 9.0.0.M1 to 9.0.4, 8.5.0 to 8.5.27, 8.0.0.RC1 to 8.0.49 and 7.0.0 to 7.0.84 were only applied once a Servlet had been loaded. Because security constraints defined in this way apply to the URL pattern and any URLs below that point, it was possible - depending on the order Servlets were loaded - for some security constraints not to be applied. This could have exposed resources to users who were not authorised to access them. Las restricc... • https://github.com/Pa55w0rd/CVE-2018-1305 • CWE-284: Improper Access Control •
CVSS: 4.7EPSS: 0%CPEs: 1EXPL: 0CVE-2016-0404
https://notcve.org/view.php?id=CVE-2016-0404
21 Jan 2016 — Unspecified vulnerability in the Oracle Identity Federation component in Oracle Fusion Middleware 11.1.2.2 allows remote attackers to affect integrity via vectors related to Admin. Vulnerabilidad no especificada en el componente Oracle Identity Federation en Oracle Fusion Middleware 11.1.2.2 permite a atacantes remotos afectar a la integridad a través de vectores relacionados con Admin. • http://www.oracle.com/technetwork/topics/security/cpujan2016-2367955.html •
CVSS: 4.0EPSS: 0%CPEs: 1EXPL: 0CVE-2016-0413
https://notcve.org/view.php?id=CVE-2016-0413
21 Jan 2016 — Unspecified vulnerability in the Oracle Identity Federation component in Oracle Fusion Middleware 11.1.1.7 allows remote authenticated users to affect integrity via vectors related to Federation protocol support. Vulnerabilidad no especificada en el componente Oracle Identity Federation en Oracle Fusion Middleware 11.1.1.7 permite a usuarios remotos autenticados afectar a la integridad a través de vectores relacionados con el soporte del protocolo Federation. • http://www.oracle.com/technetwork/topics/security/cpujan2016-2367955.html •
CVSS: 5.3EPSS: 0%CPEs: 2EXPL: 0CVE-2016-0430
https://notcve.org/view.php?id=CVE-2016-0430
21 Jan 2016 — Unspecified vulnerability in the Web Cache component in Oracle Fusion Middleware 11.1.1.7.0 and 11.1.1.9.0 allows remote attackers to affect confidentiality via vectors related to SSL support, a different vulnerability than CVE-2016-0439. Vulnerabilidad no especificada en el componente Web Cache en Oracle Fusion Middleware 11.1.1.7.0 y 11.1.1.9.0 permite a atacantes remotos afectar a la confidencialidad a través de vectores relacionados con el soporte SSL, una vulnerabilidad diferente a CVE-2016-0439. • http://www.oracle.com/technetwork/topics/security/cpujan2016-2367955.html •
CVSS: 1.9EPSS: 0%CPEs: 3EXPL: 0CVE-2016-0432
https://notcve.org/view.php?id=CVE-2016-0432
21 Jan 2016 — Unspecified vulnerability in the Oracle Outside In Technology component in Oracle Fusion Middleware 8.5.0, 8.5.1, and 8.5.2 allows local users to affect availability via unknown vectors related to Outside In Filters, a different vulnerability than CVE-2015-4808, CVE-2015-6013, CVE-2015-6014, and CVE-2015-6015. Vulnerabilidad no especificada en el componente Oracle Outside In Technology en Oracle Fusion Middleware 8.5.0, 8.5.1 y 8.5.2 permite a usuarios locales afectar a la disponibilidad a través de vectore... • http://www.oracle.com/technetwork/topics/security/cpujan2016-2367955.html •
CVSS: 5.3EPSS: 0%CPEs: 1EXPL: 0CVE-2016-0433
https://notcve.org/view.php?id=CVE-2016-0433
21 Jan 2016 — Unspecified vulnerability in the Web Cache component in Oracle Fusion Middleware 11.1.1.9.0 allows remote attackers to affect confidentiality via vectors related to SSL support. Vulnerabilidad no especificada en el componente Web Cache en Oracle Fusion Middleware 11.1.1.9.0 permite a atacantes remotos afectar a la confidencialidad a través de vectores relacionados con el soporte SSL. • http://www.oracle.com/technetwork/topics/security/cpujan2016-2367955.html •
CVSS: 5.3EPSS: 0%CPEs: 2EXPL: 0CVE-2016-0439
https://notcve.org/view.php?id=CVE-2016-0439
21 Jan 2016 — Unspecified vulnerability in the Web Cache component in Oracle Fusion Middleware 11.1.1.7.0 and 11.1.1.9.0 allows remote attackers to affect confidentiality via vectors related to SSL support, a different vulnerability than CVE-2016-0430. Vulnerabilidad no especificada en el componente Web Cache en Oracle Fusion Middleware 11.1.1.7.0 y 11.1.1.9.0 permite a atacantes remotos afectar a la confidencialidad a través de vectores relacionados con el soporte SSL, una vulnerabilidad diferente a CVE-2016-0430. • http://www.oracle.com/technetwork/topics/security/cpujan2016-2367955.html •
CVSS: 8.8EPSS: 0%CPEs: 1EXPL: 0CVE-2016-0441
https://notcve.org/view.php?id=CVE-2016-0441
21 Jan 2016 — Unspecified vulnerability in the Oracle GlassFish Server component in Oracle Fusion Middleware 3.1.2 allows remote authenticated users to affect confidentiality, integrity, and availability via unknown vectors related to Embedded Server. Vulnerabilidad no especificada en el componente Oracle GlassFish Server en Oracle Fusion Middleware 3.1.2 permite a usuarios remotos autenticados afectar a la confidencialidad, la integridad y la disponibilidad a través de vectores desconocidos relacionados con Embedded Ser... • http://www.oracle.com/technetwork/topics/security/cpujan2016-2367955.html •
CVSS: 7.5EPSS: 0%CPEs: 1EXPL: 0CVE-2016-0453
https://notcve.org/view.php?id=CVE-2016-0453
21 Jan 2016 — Unspecified vulnerability in the Oracle GlassFish Server component in Oracle Fusion Middleware 3.1.2 allows remote attackers to affect integrity via unknown vectors related to Embedded Server. Vulnerabilidad no especificada en el componente Oracle GlassFish Server en Oracle Fusion Middleware 3.1.2 permite a atacantes remotos afectar a la integridad a través de vectores desconocidos relacionados con Embedded Server. • http://www.oracle.com/technetwork/topics/security/cpujan2016-2367955.html •
CVSS: 4.7EPSS: 0%CPEs: 3EXPL: 0CVE-2016-0464
https://notcve.org/view.php?id=CVE-2016-0464
21 Jan 2016 — Unspecified vulnerability in the Oracle WebLogic Server component in Oracle Fusion Middleware 10.3.6, 12.1.2, and 12.1.3 allows remote attackers to affect integrity via vectors related to WLS-Console. Vulnerabilidad no especificada en el componente Oracle WebLogic Server en Oracle Fusion Middleware 10.3.6, 12.1.2 y 12.1.3 permite a atacantes remotos afectar a la integridad a través de vectores relacionados con WLS-Console. • http://www.oracle.com/technetwork/topics/security/cpujan2016-2367955.html •