Page 3 of 306 results (0.047 seconds)

CVSS: 6.5EPSS: 0%CPEs: 50EXPL: 1

Security constraints defined by annotations of Servlets in Apache Tomcat 9.0.0.M1 to 9.0.4, 8.5.0 to 8.5.27, 8.0.0.RC1 to 8.0.49 and 7.0.0 to 7.0.84 were only applied once a Servlet had been loaded. Because security constraints defined in this way apply to the URL pattern and any URLs below that point, it was possible - depending on the order Servlets were loaded - for some security constraints not to be applied. This could have exposed resources to users who were not authorised to access them. Las restricciones de seguridad definidas por anotaciones en Servlets en Apache Tomcat 9.0.0.M1 a 9.0.4, 8.5.0 a 8.5.27, 8.0.0.RC1 a 8.0.49 y 7.0.0 a 7.0.84 solo se aplicaban una vez se haya cargado el Servlet. Debido a que las restricciones de seguridad definidas de esta forma se aplican al patrón URL y a cualquier URL bajo ese punto, era posible (dependiendo del orden en el qe se cargan los Servlets) que no se aplicasen algunas restricciones de seguridad. • https://github.com/Pa55w0rd/CVE-2018-1305 http://www.oracle.com/technetwork/security-advisory/cpujul2018-4258247.html http://www.oracle.com/technetwork/security-advisory/cpuoct2018-4428296.html http://www.securityfocus.com/bid/103144 http://www.securitytracker.com/id/1040428 https://access.redhat.com/errata/RHSA-2018:0465 https://access.redhat.com/errata/RHSA-2018:0466 https://access.redhat.com/errata/RHSA-2018:1320 https://access.redhat.com/errata/RHSA-2018:2939 https://access.redha • CWE-284: Improper Access Control •

CVSS: 1.9EPSS: 0%CPEs: 3EXPL: 0

Unspecified vulnerability in the Oracle Outside In Technology component in Oracle Fusion Middleware 8.5.0, 8.5.1, and 8.5.2 allows local users to affect availability via vectors related to Outside In Filters, a different vulnerability than CVE-2015-6013, CVE-2015-6014, CVE-2015-6015, and CVE-2016-0432. Vulnerabilidad no especificada en el componente Oracle Outside In Technology en Oracle Fusion Middleware 8.5.0, 8.5.1 y 8.5.2 permite a usuarios locales afectar a la disponibilidad a través de vectores relacionados con Outside In Filters, una vulnerabilidad diferente a CVE-2015-6013, CVE-2015-6014, CVE-2015-6015 y CVE-2016-0432. • http://www.oracle.com/technetwork/topics/security/cpujan2016-2367955.html http://www.securitytracker.com/id/1034711 •

CVSS: 4.3EPSS: 0%CPEs: 3EXPL: 0

Unspecified vulnerability in the Oracle WebLogic Server component in Oracle Fusion Middleware 10.3.6, 12.1.2, and 12.1.3 allows remote attackers to affect integrity via vectors related to WLS-Console. Vulnerabilidad no especificada en el componente Oracle WebLogic Server en Oracle Fusion Middleware 10.3.6, 12.1.2 y 12.1.3 permite a atacantes remotos afectar a la integridad a través de vectores relacionados con WLS-Console. • http://www.oracle.com/technetwork/topics/security/cpujan2016-2367955.html http://www.securityfocus.com/bid/81185 http://www.securitytracker.com/id/1034716 •

CVSS: 6.8EPSS: 0%CPEs: 1EXPL: 0

Unspecified vulnerability in the Oracle GlassFish Server component in Oracle Fusion Middleware 3.1.2 allows remote authenticated users to affect confidentiality, integrity, and availability via unknown vectors related to Embedded Server. Vulnerabilidad no especificada en el componente Oracle GlassFish Server en Oracle Fusion Middleware 3.1.2 permite a usuarios remotos autenticados afectar a la confidencialidad, la integridad y la disponibilidad a través de vectores desconocidos relacionados con Embedded Server. • http://www.oracle.com/technetwork/topics/security/cpujan2016-2367955.html http://www.securitytracker.com/id/1034712 •

CVSS: 4.3EPSS: 0%CPEs: 2EXPL: 0

Unspecified vulnerability in the Oracle BI Publisher component in Oracle Fusion Middleware 11.1.1.7.0 and 11.1.1.9.0 allows remote attackers to affect integrity via unknown vectors related to Scheduler, a different vulnerability than CVE-2016-0429. Vulnerabilidad no especificada en el componente Oracle BI Publisher en Oracle Fusion Middleware 11.1.1.7.0 y 11.1.1.9.0 permite a atacantes remotos afectar a la integridad a través de vectores desconocidos relacionados con Scheduler, una vulnerabilidad diferente a CVE-2016-0429. • http://www.oracle.com/technetwork/topics/security/cpujan2016-2367955.html http://www.securitytracker.com/id/1034711 •