Page 33 of 184 results (0.009 seconds)

CVSS: 5.3EPSS: 0%CPEs: 1EXPL: 1

CVE-2018-12537 – vertx: Improper neutralization of CRLF sequences allows remote attackers to inject arbitrary HTTP response headers

https://notcve.org/view.php?id=CVE-2018-12537

In Eclipse Vert.x version 3.0 to 3.5.1, the HttpServer response headers and HttpClient request headers do not filter carriage return and line feed characters from the header value. This allow unfiltered values to inject a new header in the client request or server response. En Eclipse Vert.x, de la versión 3.0 a la 3.5.1, las cabeceras de respuesta HttpServer y las cabeceras de petición HttpClient no filtran los retornos de carro y los caracteres de avance de línea desde el valor de la cabecera. Esto permite que los valores no filtrados inyecten una nueva cabecera en la petición del cliente o la respuesta del servidor. • https://github.com/tafamace/CVE-2018-12537 https://access.redhat.com/errata/RHSA-2018:2371 https://access.redhat.com/errata/RHSA-2018:3768 https://bugs.eclipse.org/bugs/show_bug.cgi?id=536038 https://bugzilla.redhat.com/show_bug.cgi?id=1591072 https://github.com/eclipse/vert.x/commit/1bb6445226c39a95e7d07ce3caaf56828e8aab72 https://github.com/eclipse/vert.x/issues/2470 https://www.compass-security.com/fileadmin/Datein/Research/Advisories/CSNC-2018-021_vertx.txt https://access.redhat. • CWE-20: Improper Input Validation CWE-93: Improper Neutralization of CRLF Sequences ('CRLF Injection') CWE-113: Improper Neutralization of CRLF Sequences in HTTP Headers ('HTTP Request/Response Splitting') •

CVSS: 7.5EPSS: 0%CPEs: 1EXPL: 0

CVE-2018-14371 – mojarra: Path traversal in ResourceManager.java:getLocalePrefix() via the loc parameter

https://notcve.org/view.php?id=CVE-2018-14371

The getLocalePrefix function in ResourceManager.java in Eclipse Mojarra before 2.3.7 is affected by Directory Traversal via the loc parameter. A remote attacker can download configuration files or Java bytecodes from applications. La función getLocalePrefix en ResourceManager.java en Eclipse Mojarra en versiones anteriores a la 2.3.7 se ha visto afectada por un salto de directorio mediante el parámetro loc. Un atacante remoto puedes descargar archivos de configuración o bytecodes de Java desde las aplicaciones. • https://github.com/eclipse-ee4j/mojarra/commit/1b434748d9239f42eae8aa7d37d7a0930c061e24 https://github.com/javaserverfaces/mojarra/issues/4364 https://access.redhat.com/security/cve/CVE-2018-14371 https://bugzilla.redhat.com/show_bug.cgi?id=1607709 • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •

CVSS: 8.8EPSS: 1%CPEs: 1EXPL: 3

CVE-2018-12540 – vertx-web: Incomplete CSRF validation by CSRFHandler

https://notcve.org/view.php?id=CVE-2018-12540

In version from 3.0.0 to 3.5.2 of Eclipse Vert.x, the CSRFHandler do not assert that the XSRF Cookie matches the returned XSRF header/form parameter. This allows replay attacks with previously issued tokens which are not expired yet. Desde la versión 3.0.0 hasta la 3.5.2 de Eclipse Vert.x, CSRFHandler no aseveró que la cookie XSRF coincidía con la cabecera XSRF/ parámetro form. Esto permite ataques de reproducción con tokens previamente subidos que aún no han caducado. • https://github.com/tafamace/CVE-2018-12540 https://access.redhat.com/errata/RHSA-2018:2371 https://bugs.eclipse.org/bugs/show_bug.cgi?id=536948 https://lists.apache.org/thread.html/r10aef585c521f8ef603f5831f9d97a27d920624025131da950e0c62f%40%3Ccommits.pulsar.apache.org%3E https://lists.apache.org/thread.html/r3fffda8e947edaa359152c8dc4c4ea9c96fd8ced1999bbce92bc6b25%40%3Ccommits.pulsar.apache.org%3E https://lists.apache.org/thread.html/r59482ebed302aa49ac7e0c51737499746b0d086fcdeb8f90e705951f%40%3Ccommits.pulsar.apache.org%3E https://lists.apache • CWE-352: Cross-Site Request Forgery (CSRF) •

CVSS: 5.3EPSS: 0%CPEs: 7EXPL: 0

CVE-2018-12536 – jetty: full server path revealed when using the default Error Handling

https://notcve.org/view.php?id=CVE-2018-12536

In Eclipse Jetty Server, all 9.x versions, on webapps deployed using default Error Handling, when an intentionally bad query arrives that doesn't match a dynamic url-pattern, and is eventually handled by the DefaultServlet's static file serving, the bad characters can trigger a java.nio.file.InvalidPathException which includes the full path to the base resource directory that the DefaultServlet and/or webapp is using. If this InvalidPathException is then handled by the default Error Handler, the InvalidPathException message is included in the error response, revealing the full server path to the requesting system. En Eclipse Jetty Server, en todas las versiones 9.x, en las webapps desplegadas utilizando un manejo de errores por defecto, cuando una mala consulta intencional llega y no coincide con un url-pattern dinámico y es finalmente gestionada por el servicio de archivos de DefaultServlet, los caracteres malos pueden desencadenar un java.nio.file.InvalidPathException que incluye la ruta completa al directorio base de recursos empleado por DefaultServlet y/o webapp. Si este InvalidPathException es gestionado por el manejador de errores por defecto, el mensaje InvalidPathException se incluye en la respuesta de error, revelando la ruta completa del servidor al sistema solicitante. • http://www.securitytracker.com/id/1041194 https://bugs.eclipse.org/bugs/show_bug.cgi?id=535670 https://lists.apache.org/thread.html/053d9ce4d579b02203db18545fee5e33f35f2932885459b74d1e4272%40%3Cissues.activemq.apache.org%3E https://lists.debian.org/debian-lts-announce/2021/05/msg00016.html https://security.netapp.com/advisory/ntap-20181014-0001 https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbst03953en_us https://www.oracle.com/security-alerts/cpuoct2020.html https://www&# • CWE-209: Generation of Error Message Containing Sensitive Information •

CVSS: 9.8EPSS: 1%CPEs: 29EXPL: 0

CVE-2017-7658 – jetty: Incorrect header handling

https://notcve.org/view.php?id=CVE-2017-7658

In Eclipse Jetty Server, versions 9.2.x and older, 9.3.x (all non HTTP/1.x configurations), and 9.4.x (all HTTP/1.x configurations), when presented with two content-lengths headers, Jetty ignored the second. When presented with a content-length and a chunked encoding header, the content-length was ignored (as per RFC 2616). If an intermediary decided on the shorter length, but still passed on the longer body, then body content could be interpreted by Jetty as a pipelined request. If the intermediary was imposing authorization, the fake pipelined request would bypass that authorization. En Eclipse Jetty Server, en versiones 9.2.x y anteriores, versiones 9.3.x (todas las configuraciones que no sean HTTP/1.x) y versiones 9.4.x (todas las configuraciones HTTP/1.x), cuando se presentan con dos cabeceras content-lengths, Jetty ignora la segunda. • http://www.securityfocus.com/bid/106566 http://www.securitytracker.com/id/1041194 https://bugs.eclipse.org/bugs/show_bug.cgi?id=535669 https://lists.apache.org/thread.html/053d9ce4d579b02203db18545fee5e33f35f2932885459b74d1e4272%40%3Cissues.activemq.apache.org%3E https://lists.apache.org/thread.html/708d94141126eac03011144a971a6411fcac16d9c248d1d535a39451%40%3Csolr-user.lucene.apache.org%3E https://lists.apache.org/thread.html/9317fd092b257a0815434b116a8af8daea6e920b6673f4fd5583d5fe%40%3Ccommits.druid.apache.org%3E https://lists.apache.org/thread& • CWE-444: Inconsistent Interpretation of HTTP Requests ('HTTP Request/Response Smuggling') •