CVSS: 6.5EPSS: 0%CPEs: 50EXPL: 1CVE-2018-1305 – tomcat: Late application of security constraints can lead to resource exposure for unauthorised users
https://notcve.org/view.php?id=CVE-2018-1305
Security constraints defined by annotations of Servlets in Apache Tomcat 9.0.0.M1 to 9.0.4, 8.5.0 to 8.5.27, 8.0.0.RC1 to 8.0.49 and 7.0.0 to 7.0.84 were only applied once a Servlet had been loaded. Because security constraints defined in this way apply to the URL pattern and any URLs below that point, it was possible - depending on the order Servlets were loaded - for some security constraints not to be applied. This could have exposed resources to users who were not authorised to access them. Las restricciones de seguridad definidas por anotaciones en Servlets en Apache Tomcat 9.0.0.M1 a 9.0.4, 8.5.0 a 8.5.27, 8.0.0.RC1 a 8.0.49 y 7.0.0 a 7.0.84 solo se aplicaban una vez se haya cargado el Servlet. Debido a que las restricciones de seguridad definidas de esta forma se aplican al patrón URL y a cualquier URL bajo ese punto, era posible (dependiendo del orden en el qe se cargan los Servlets) que no se aplicasen algunas restricciones de seguridad. • https://github.com/Pa55w0rd/CVE-2018-1305 http://www.oracle.com/technetwork/security-advisory/cpujul2018-4258247.html http://www.oracle.com/technetwork/security-advisory/cpuoct2018-4428296.html http://www.securityfocus.com/bid/103144 http://www.securitytracker.com/id/1040428 https://access.redhat.com/errata/RHSA-2018:0465 https://access.redhat.com/errata/RHSA-2018:0466 https://access.redhat.com/errata/RHSA-2018:1320 https://access.redhat.com/errata/RHSA-2018:2939 https://access.redha • CWE-284: Improper Access Control •
CVSS: 4.3EPSS: 0%CPEs: 3EXPL: 0CVE-2016-0464
https://notcve.org/view.php?id=CVE-2016-0464
Unspecified vulnerability in the Oracle WebLogic Server component in Oracle Fusion Middleware 10.3.6, 12.1.2, and 12.1.3 allows remote attackers to affect integrity via vectors related to WLS-Console. Vulnerabilidad no especificada en el componente Oracle WebLogic Server en Oracle Fusion Middleware 10.3.6, 12.1.2 y 12.1.3 permite a atacantes remotos afectar a la integridad a través de vectores relacionados con WLS-Console. • http://www.oracle.com/technetwork/topics/security/cpujan2016-2367955.html http://www.securityfocus.com/bid/81185 http://www.securitytracker.com/id/1034716 •
CVSS: 4.0EPSS: 0%CPEs: 1EXPL: 0CVE-2016-0413
https://notcve.org/view.php?id=CVE-2016-0413
Unspecified vulnerability in the Oracle Identity Federation component in Oracle Fusion Middleware 11.1.1.7 allows remote authenticated users to affect integrity via vectors related to Federation protocol support. Vulnerabilidad no especificada en el componente Oracle Identity Federation en Oracle Fusion Middleware 11.1.1.7 permite a usuarios remotos autenticados afectar a la integridad a través de vectores relacionados con el soporte del protocolo Federation. • http://www.oracle.com/technetwork/topics/security/cpujan2016-2367955.html http://www.securitytracker.com/id/1034711 •
CVSS: 5.0EPSS: 0%CPEs: 2EXPL: 0CVE-2016-0439
https://notcve.org/view.php?id=CVE-2016-0439
Unspecified vulnerability in the Web Cache component in Oracle Fusion Middleware 11.1.1.7.0 and 11.1.1.9.0 allows remote attackers to affect confidentiality via vectors related to SSL support, a different vulnerability than CVE-2016-0430. Vulnerabilidad no especificada en el componente Web Cache en Oracle Fusion Middleware 11.1.1.7.0 y 11.1.1.9.0 permite a atacantes remotos afectar a la confidencialidad a través de vectores relacionados con el soporte SSL, una vulnerabilidad diferente a CVE-2016-0430. • http://www.oracle.com/technetwork/topics/security/cpujan2016-2367955.html http://www.securitytracker.com/id/1034711 •
CVSS: 1.9EPSS: 0%CPEs: 3EXPL: 0CVE-2015-4808
https://notcve.org/view.php?id=CVE-2015-4808
Unspecified vulnerability in the Oracle Outside In Technology component in Oracle Fusion Middleware 8.5.0, 8.5.1, and 8.5.2 allows local users to affect availability via vectors related to Outside In Filters, a different vulnerability than CVE-2015-6013, CVE-2015-6014, CVE-2015-6015, and CVE-2016-0432. Vulnerabilidad no especificada en el componente Oracle Outside In Technology en Oracle Fusion Middleware 8.5.0, 8.5.1 y 8.5.2 permite a usuarios locales afectar a la disponibilidad a través de vectores relacionados con Outside In Filters, una vulnerabilidad diferente a CVE-2015-6013, CVE-2015-6014, CVE-2015-6015 y CVE-2016-0432. • http://www.oracle.com/technetwork/topics/security/cpujan2016-2367955.html http://www.securitytracker.com/id/1034711 •