CVSS: 5.5EPSS: 0%CPEs: 7EXPL: 0CVE-2017-12167 – EAP-7: Wrong privileges on multiple property files
https://notcve.org/view.php?id=CVE-2017-12167
14 Dec 2017 — It was found in EAP 7 before 7.0.9 that properties based files of the management and the application realm configuration that contain user to role mapping are world readable allowing access to users and roles information to all the users logged in to the system. Se ha detectado en EAP 7 en versiones anteriores a la 7.0.9 que los archivos basados en propiedades de la administración y la configuración del dominio de la aplicación que contienen mapeo de usuario a rol son legibles para todos los usuarios, permi... • http://www.securityfocus.com/bid/100903 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor CWE-732: Incorrect Permission Assignment for Critical Resource •
CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 0CVE-2016-7066 – admin-cli: Any local users can connect to jboss-cli
https://notcve.org/view.php?id=CVE-2016-7066
14 Dec 2017 — It was found that the improper default permissions on /tmp/auth directory in JBoss Enterprise Application Platform before 7.1.0 can allow any local user to connect to CLI and allow the user to execute any arbitrary operations. Se ha detectado que los permisos incorrectos por defecto en el directorio /tmp/auth en JBoss Enterprise Application Platform en versiones anteriores a la 7.1.0 pueden permitir que cualquier usuario local se conecte a la interfaz de línea de comandos y ejecute cualquier operación arbit... • https://access.redhat.com/errata/RHSA-2017:3456 • CWE-266: Incorrect Privilege Assignment CWE-275: Permission Issues •
CVSS: 9.8EPSS: 7%CPEs: 58EXPL: 0CVE-2017-15095 – jackson-databind: Unsafe deserialization due to incomplete black list (incomplete fix for CVE-2017-7525)
https://notcve.org/view.php?id=CVE-2017-15095
13 Nov 2017 — A deserialization flaw was discovered in the jackson-databind in versions before 2.8.10 and 2.9.1, which could allow an unauthenticated user to perform code execution by sending the maliciously crafted input to the readValue method of the ObjectMapper. This issue extends the previous flaw CVE-2017-7525 by blacklisting more classes that could be used maliciously. Se ha descubierto un error de deserialización en jackson-databind, en versiones anteriores a la 2.8.10 y a la 2.9.1, que podría permitir que un usu... • http://www.oracle.com/technetwork/security-advisory/cpuapr2018-3678067.html • CWE-184: Incomplete List of Disallowed Inputs CWE-502: Deserialization of Untrusted Data •
CVSS: 10.0EPSS: 93%CPEs: 11EXPL: 3CVE-2017-12629 – Apache Solr 7.0.1 - XML External Entity Expansion / Remote Code Execution
https://notcve.org/view.php?id=CVE-2017-12629
14 Oct 2017 — Remote code execution occurs in Apache Solr before 7.1 with Apache Lucene before 7.1 by exploiting XXE in conjunction with use of a Config API add-listener command to reach the RunExecutableListener class. Elasticsearch, although it uses Lucene, is NOT vulnerable to this. Note that the XML external entity expansion vulnerability occurs in the XML Query Parser which is available, by default, for any query request with parameters deftype=xmlparser and can be exploited to upload malicious data to the /upload r... • https://packetstorm.news/files/id/144678 • CWE-138: Improper Neutralization of Special Elements CWE-611: Improper Restriction of XML External Entity Reference •
CVSS: 6.5EPSS: 0%CPEs: 8EXPL: 0CVE-2017-2582 – keycloak: SAML request parser replaces special strings with system properties
https://notcve.org/view.php?id=CVE-2017-2582
26 Sep 2017 — It was found that while parsing the SAML messages the StaxParserUtil class of keycloak before 2.5.1 replaces special strings for obtaining attribute values with system property. This could allow an attacker to determine values of system properties at the attacked system by formatting the SAML request ID field to be the chosen system property which could be obtained in the "InResponseTo" field in the response. Se ha descubierto que cuando se analizan los mensajes SAML, la clase StaxParserUtil de keycloak en ... • http://www.securityfocus.com/bid/101046 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor CWE-201: Insertion of Sensitive Information Into Sent Data •
CVSS: 7.0EPSS: 0%CPEs: 17EXPL: 0CVE-2017-7536 – hibernate-validator: Privilege escalation when running under the security manager
https://notcve.org/view.php?id=CVE-2017-7536
26 Sep 2017 — In Hibernate Validator 5.2.x before 5.2.5 final, 5.3.x, and 5.4.x, it was found that when the security manager's reflective permissions, which allows it to access the private members of the class, are granted to Hibernate Validator, a potential privilege escalation can occur. By allowing the calling code to access those private members without the permission an attacker may be able to validate an invalid instance and access the private member value via ConstraintViolation#getInvalidValue(). En Hibernate Val... • http://www.securityfocus.com/bid/101048 • CWE-470: Use of Externally-Controlled Input to Select Classes or Code ('Unsafe Reflection') CWE-592: DEPRECATED: Authentication Bypass Issues •
CVSS: 9.8EPSS: 78%CPEs: 52EXPL: 7CVE-2017-7525 – jackson-databind: Deserialization vulnerability via readValue method of ObjectMapper
https://notcve.org/view.php?id=CVE-2017-7525
31 Jul 2017 — A deserialization flaw was discovered in the jackson-databind, versions before 2.6.7.1, 2.7.9.1 and 2.8.9, which could allow an unauthenticated user to perform code execution by sending the maliciously crafted input to the readValue method of the ObjectMapper. Se ha descubierto un error de deserialización en jackson-databind, en versiones anteriores a la 2.6.7.1, 2.7.9.1 y a la 2.8.9, que podría permitir que un usuario no autenticado ejecute código enviando las entradas maliciosamente manipuladas al método ... • https://packetstorm.news/files/id/145805 • CWE-20: Improper Input Validation CWE-184: Incomplete List of Disallowed Inputs CWE-502: Deserialization of Untrusted Data •
CVSS: 7.7EPSS: 0%CPEs: 6EXPL: 0CVE-2017-2595 – wildfly: Arbitrary file read via path traversal
https://notcve.org/view.php?id=CVE-2017-2595
07 Jun 2017 — It was found that the log file viewer in Red Hat JBoss Enterprise Application 6 and 7 allows arbitrary file read to authenticated user via path traversal. Se ha encontrado que el visor de archivos de log en Red Hat JBoss Enterprise Application 6 y 7 permite que un archivo arbitrario sea leído por el usuario autenticado a través de un salto de directorio. Red Hat JBoss Enterprise Application Platform is a platform for Java applications based on the JBoss Application Server. This release of Red Hat JBoss Ente... • http://rhn.redhat.com/errata/RHSA-2017-1409.html • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •
CVSS: 6.5EPSS: 3%CPEs: 9EXPL: 1CVE-2017-2666 – undertow: HTTP Request smuggling vulnerability due to permitting invalid characters in HTTP requests
https://notcve.org/view.php?id=CVE-2017-2666
07 Jun 2017 — It was discovered in Undertow that the code that parsed the HTTP request line permitted invalid characters. This could be exploited, in conjunction with a proxy that also permitted the invalid characters but with a different interpretation, to inject data into the HTTP response. By manipulating the HTTP response the attacker could poison a web-cache, perform an XSS attack, or obtain sensitive information from requests other than their own. Se ha descubierto en Undertow que el código que analizaba la línea d... • https://github.com/tafamace/CVE-2017-2666 • CWE-444: Inconsistent Interpretation of HTTP Requests ('HTTP Request/Response Smuggling') •
CVSS: 7.5EPSS: 8%CPEs: 7EXPL: 0CVE-2017-2670 – undertow: IO thread DoS via unclean Websocket closing
https://notcve.org/view.php?id=CVE-2017-2670
07 Jun 2017 — It was found in Undertow before 1.3.28 that with non-clean TCP close, the Websocket server gets into infinite loop on every IO thread, effectively causing DoS. Se ha encontrado en Undertow en versiones anteriores a la 1.3.28 que con el cierre no seguro de TCP, el servidor Websocket entra en bucle infinito en cada hilo IO, provocando efectivamente una denegación de servicio (DoS). It was found that with non-clean TCP close, Websocket server gets into infinite loop on every IO thread, effectively causing DoS.... • http://rhn.redhat.com/errata/RHSA-2017-1409.html • CWE-835: Loop with Unreachable Exit Condition ('Infinite Loop') •