CVE-2017-7525 – jackson-databind: Deserialization vulnerability via readValue method of ObjectMapper
https://notcve.org/view.php?id=CVE-2017-7525
A deserialization flaw was discovered in the jackson-databind, versions before 2.6.7.1, 2.7.9.1 and 2.8.9, which could allow an unauthenticated user to perform code execution by sending the maliciously crafted input to the readValue method of the ObjectMapper. Se ha descubierto un error de deserialización en jackson-databind, en versiones anteriores a la 2.6.7.1, 2.7.9.1 y a la 2.8.9, que podría permitir que un usuario no autenticado ejecute código enviando las entradas maliciosamente manipuladas al método readValue de ObjectMapper. A deserialization flaw was discovered in the jackson-databind which could allow an unauthenticated user to perform code execution by sending the maliciously crafted input to the readValue method of the ObjectMapper. • https://github.com/Ingenuity-Fainting-Goats/CVE-2017-7525-Jackson-Deserialization-Lab http://www.oracle.com/technetwork/security-advisory/cpuapr2018-3678067.html http://www.oracle.com/technetwork/security-advisory/cpujul2018-4258247.html http://www.oracle.com/technetwork/security-advisory/cpuoct2018-4428296.html http://www.securityfocus.com/bid/99623 http://www.securitytracker.com/id/1039744 http://www.securitytracker.com/id/1039947 http://www.securitytracker.com/id/1040360 https://access.redhat.com/errat • CWE-20: Improper Input Validation CWE-184: Incomplete List of Disallowed Inputs CWE-502: Deserialization of Untrusted Data •
CVE-2015-7501 – apache-commons-collections: InvokerTransformer code execution during deserialisation
https://notcve.org/view.php?id=CVE-2015-7501
Red Hat JBoss A-MQ 6.x; BPM Suite (BPMS) 6.x; BRMS 6.x and 5.x; Data Grid (JDG) 6.x; Data Virtualization (JDV) 6.x and 5.x; Enterprise Application Platform 6.x, 5.x, and 4.3.x; Fuse 6.x; Fuse Service Works (FSW) 6.x; Operations Network (JBoss ON) 3.x; Portal 6.x; SOA Platform (SOA-P) 5.x; Web Server (JWS) 3.x; Red Hat OpenShift/xPAAS 3.x; and Red Hat Subscription Asset Manager 1.3 allow remote attackers to execute arbitrary commands via a crafted serialized Java object, related to the Apache Commons Collections (ACC) library. Red Hat JBoss A-MQ 6.x; BPM Suite (BPMS) 6.x; BRMS 6.x y 5.x; Data Grid (JDG) 6.x; Data Virtualization (JDV) 6.x y 5.x; Enterprise Application Platform 6.x, 5.x y 4.3.x; Fuse 6.x; Fuse Service Works (FSW) 6.x; Operations Network (JBoss ON) 3.x; Portal 6.x; SOA Platform (SOA-P) 5.x; Web Server (JWS) 3.x; Red Hat OpenShift/xPAAS 3.x y Red Hat Subscription Asset Manager 1.3 permiten que atacantes remotos ejecuten comandos arbitrarios mediante un objeto Java serializado manipulado. Esto está relacionado con la librería ACC (Apache Commons Collections). It was found that the Apache commons-collections library permitted code execution when deserializing objects involving a specially constructed chain of classes. A remote attacker could use this flaw to execute arbitrary code with the permissions of the application using the commons-collections library. • https://github.com/ianxtianxt/CVE-2015-7501 http://rhn.redhat.com/errata/RHSA-2015-2500.html http://rhn.redhat.com/errata/RHSA-2015-2501.html http://rhn.redhat.com/errata/RHSA-2015-2502.html http://rhn.redhat.com/errata/RHSA-2015-2514.html http://rhn.redhat.com/errata/RHSA-2015-2516.html http://rhn.redhat.com/errata/RHSA-2015-2517.html http://rhn.redhat.com/errata/RHSA-2015-2521.html http://rhn.redhat.com/errata/RHSA-2015-2522.html http://rhn.redhat. • CWE-284: Improper Access Control CWE-502: Deserialization of Untrusted Data •
CVE-2015-5176 – PortletBridge: information disclosure via auto-dispatching of non-JSF resources
https://notcve.org/view.php?id=CVE-2015-5176
The PortletRequestDispatcher in PortletBridge, as used in Red Hat JBoss Portal 6.2.0, does not properly enforce the security constraints of servlets, which allows remote attackers to gain access to resources via a request that asks to render a non-JSF resource. Vulnerabilidad en PortletRequestDispatcher en PortletBridge, tal como se utiliza en Red Hat JBoss Portal versión 6.2.0, no hace cumplir adecuadamente las restricciones de seguridad de servlets, lo que permite a atacantes remotos obtener el acceso a los recursos a través de una petición que solicita hacer uso de un recurso no JSF. It was found that PortletBridge PortletRequestDispatcher did not respect security constraints set by the servlet if a portlet request asked for rendering of a non-JSF resource such as JSP or HTML. A remote attacker could use this flaw to potentially bypass certain security constraints and gain access to restricted resources. • http://rhn.redhat.com/errata/RHSA-2015-1543.html https://access.redhat.com/security/cve/CVE-2015-5176 https://bugzilla.redhat.com/show_bug.cgi?id=1244835 • CWE-17: DEPRECATED: Code CWE-284: Improper Access Control •
CVE-2015-3244 – JSF: Information disclosure due to missing access restriction in portlet resource dispatching
https://notcve.org/view.php?id=CVE-2015-3244
The Portlet Bridge for JavaServer Faces in Red Hat JBoss Portal 6.2.0, when used in portlets with the default resource serving for GenericPortlet, does not properly restrict access to restricted resources, which allows remote attackers to obtain sensitive information via a URL with a modified resource ID. El Portlet Bridge para JavaServer Faces en Red Hat JBoss Portal 6.2.0, cuando se utiliza en portlets con el recurso estándar funcionando para el GenericPortlet, no restringe adecuadamente el acceso a los recursos limitados, lo que permite a atacantes remotos obtener información sensible a través de una URL con un recurso ID modificado. It was found that JavaServer Faces PortletBridge-based portlets using GenericPortlet's default resource serving did not restrict access to resources within the web application. An attacker could set the resource ID field of a URL to potentially bypass security constraints and gain access to restricted resources. • http://rhn.redhat.com/errata/RHSA-2015-1226.html http://www.oracle.com/technetwork/topics/security/cpujul2015-2367936.html http://www.securityfocus.com/bid/75941 https://bugzilla.redhat.com/show_bug.cgi?id=1232908 https://access.redhat.com/security/cve/CVE-2015-3244 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor CWE-264: Permissions, Privileges, and Access Controls •
CVE-2014-7852 – RichFaces: Cross-site scripting due to incomplete URL sanitization
https://notcve.org/view.php?id=CVE-2014-7852
Cross-site scripting (XSS) vulnerability in JBoss RichFaces, as used in JBoss Portal 6.1.1, allows remote attackers to inject arbitrary web script or HTML via crafted URL, which is not properly handled in a CSS file. Vulnerabilidad de XSS en JBoss RichFaces, utilizado en JBoss Portal 6.1.1, permite a atacantes remotos inyectar secuencias de comandos web o HTML arbitrarios a través de una URL manipulada, lo cual no se maneja correctamente en un fichero CSS. It was found that RichFaces accepted arbitrary strings included in a URL and returned them unencoded in a CSS file. A remote attacker could use this flaw to perform cross-site scripting (XSS) attacks against a user running a RichFaces application. • http://rhn.redhat.com/errata/RHSA-2014-1973.html http://www.securitytracker.com/id/1031363 https://access.redhat.com/security/cve/CVE-2014-7852 https://bugzilla.redhat.com/show_bug.cgi?id=1164024 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •