CVE-2022-36364 – Apache Calcite Avatica JDBC driver `httpclient_impl` connection property can be used as an RCE vector
https://notcve.org/view.php?id=CVE-2022-36364
Apache Calcite Avatica JDBC driver creates HTTP client instances based on class names provided via `httpclient_impl` connection property; however, the driver does not verify if the class implements the expected interface before instantiating it, which can lead to code execution loaded via arbitrary classes and in rare cases remote code execution. To exploit the vulnerability: 1) the attacker needs to have privileges to control JDBC connection parameters; 2) and there should be a vulnerable class (constructor with URL parameter and ability to execute code) in the classpath. From Apache Calcite Avatica 1.22.0 onwards, it will be verified that the class implements the expected interface before invoking its constructor. El driver JDBC de Apache Calcite Avatica crea instancias de clientes HTTP basadas en nombres de clase proporcionados por medio de la propiedad de conexión "httpclient_impl"; sin embargo, el driver no verifica si la clase implementa la interfaz esperada antes de instanciarla, lo que puede conllevar a una ejecución de código cargado por medio de clases arbitrarias y, en casos raros, la ejecución de código remoto. Para explotar la vulnerabilidad: 1) el atacante necesita tener privilegios para controlar los parámetros de conexión JDBC; 2) y debe haber una clase vulnerable (constructor con parámetro URL y capacidad de ejecución de código) en el classpath. • http://www.openwall.com/lists/oss-security/2022/07/28/1 https://lists.apache.org/thread/5csdj8bv4h3hfgw27okm84jh1j2fyw0c • CWE-665: Improper Initialization •
CVE-2019-13990 – libquartz: XXE attacks via job description
https://notcve.org/view.php?id=CVE-2019-13990
initDocumentParser in xml/XMLSchedulingDataProcessor.java in Terracotta Quartz Scheduler through 2.3.0 allows XXE attacks via a job description. La función initDocumentParser en el archivo xml/XMLSchedulingDataProcessor.java en Quartz Scheduler de Terracotta hasta la versión 2.3.0, permite ataques de tipo XXE por medio de una descripción del trabajo. The Terracotta Quartz Scheduler is susceptible to an XML external entity attack (XXE) through a job description. This issue stems from inadequate handling of XML external entity (XXE) declarations in the initDocumentParser function within xml/XMLSchedulingDataProcessor.java. By enticing a victim to access a maliciously crafted job description (containing XML content), a remote attacker could exploit this vulnerability to execute an XXE attack on the targeted system. • https://confluence.atlassian.com/security/ssot-117-cve-2019-13990-xxe-xml-external-entity-injection-vulnerability-in-jira-service-management-data-center-and-jira-service-management-server-1295385959.html https://github.com/quartz-scheduler/quartz/issues/467 https://lists.apache.org/thread.html/172d405e556e2f1204be126bb3eb28c5115af91bcc1651b4e870bb82%40%3Cdev.tomee.apache.org%3E https://lists.apache.org/thread.html/1870324fea41ea68cff2fd1bf6ee2747432dc1d9d22a22cc681e0ec3%40%3Cdev.tomee.apache.org%3E https://lists.apache.org/thread.html/6b6e3480b19856365fb5e • CWE-611: Improper Restriction of XML External Entity Reference •
CVE-2010-3845
https://notcve.org/view.php?id=CVE-2010-3845
libapache-authenhook-perl 2.00-04 stores usernames and passwords in plaintext in the vhost error log. libapache-authenhook-perl 2.00-04 almacena nombres de usuario y contraseñas en texto plano en el archivo de log de errores vhost. • http://seclists.org/oss-sec/2010/q4/63 https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=599712 https://rt.cpan.org/Public/Bug/Display.html?id=62040 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVE-2015-5506
https://notcve.org/view.php?id=CVE-2015-5506
The Apache Solr Real-Time module 7.x-1.x before 7.x-1.2 for Drupal does not check the status of an entity when indexing, which allows remote attackers to obtain information about unpublished content via a search. Vulnerabilidad en el módulo Apache Solr Real-Time 7.x-1.x en versiones anteriores a 7.x-1.2 para Drupal, no comprueba el estado de una entidad cuando indexa, lo que permite a atacantes remotos obtener información sobre contenido no publicado a través de una búsqueda. • http://www.openwall.com/lists/oss-security/2015/07/04/4 http://www.securityfocus.com/bid/75275 https://www.drupal.org/node/2489890 https://www.drupal.org/node/2507581 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVE-2012-6107
https://notcve.org/view.php?id=CVE-2012-6107
Apache Axis2/C does not verify that the server hostname matches a domain name in the subject's Common Name (CN) or subjectAltName field of the X.509 certificate, which allows man-in-the-middle attackers to spoof SSL servers via an arbitrary valid certificate. Apache Axis2/C no verifica que el nombre del servidor coincide con un nombre de dominio en el campo del asunto Common Name (CN) o subjectAltName del certificado X.509, lo que permite a atacantes man-in-the-middle falsificar servidores SSL a través de un certificado válido arbitrario. • http://mail-archives.apache.org/mod_mbox/axis-c-dev/201301.mbox/browser http://www.securityfocus.com/bid/57267 https://bugzilla.redhat.com/show_bug.cgi?id=894372 https://exchange.xforce.ibmcloud.com/vulnerabilities/81211 https://issues.apache.org/jira/browse/AXIS2C-1619 https://lists.apache.org/thread.html/06e82460243af2ec9cc5a9af0a718943bc53c804b0a786ac61d518e4%40%3Cc-dev.axis.apache.org%3E https://lists.apache.org/thread.html/0e30b2b72099a995f6e91342b03d3e4b477677d0ea77e3ce55b53614%40%3Cc-dev.axis.apache.org%3E https:& • CWE-310: Cryptographic Issues •