CVSS: 8.6EPSS: 0%CPEs: 1EXPL: 0CVE-2018-1048 – undertow: ALLOW_ENCODED_SLASH option not taken into account in the AjpRequestParser
https://notcve.org/view.php?id=CVE-2018-1048
It was found that the AJP connector in undertow, as shipped in Jboss EAP 7.1.0.GA, does not use the ALLOW_ENCODED_SLASH option and thus allow the the slash / anti-slash characters encoded in the url which may lead to path traversal and result in the information disclosure of arbitrary local files. Se ha descubierto que el conector AJP en undertow, tal y como se incluye en Jboss EAP 7.1.0.GA, no emplea la opción ALLOW_ENCODED_SLASH y, por lo tanto, permite que los caracteres barra diagonal / barra diagonal invertida se cifren en la url, lo que podría conducir a un salto de directorio y resulta en la revelación de información de archivos locales arbitrarios. It was found that the AJP connector in undertow does not use the ALLOW_ENCODED_SLASH option and thus allows the slash and anti-slash characters encoded in a URL. This may lead to path traversal and result in the information disclosure of arbitrary local files. • https://access.redhat.com/errata/RHSA-2018:0478 https://access.redhat.com/errata/RHSA-2018:0479 https://access.redhat.com/errata/RHSA-2018:0480 https://access.redhat.com/errata/RHSA-2018:0481 https://bugzilla.redhat.com/show_bug.cgi?id=1534343 https://access.redhat.com/security/cve/CVE-2018-1048 • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') CWE-116: Improper Encoding or Escaping of Output •
CVSS: 8.1EPSS: 9%CPEs: 17EXPL: 0CVE-2018-5968 – jackson-databind: unsafe deserialization due to incomplete blacklist (incomplete fix for CVE-2017-7525 and CVE-2017-17485)
https://notcve.org/view.php?id=CVE-2018-5968
FasterXML jackson-databind through 2.8.11 and 2.9.x through 2.9.3 allows unauthenticated remote code execution because of an incomplete fix for the CVE-2017-7525 and CVE-2017-17485 deserialization flaws. This is exploitable via two different gadgets that bypass a blacklist. FasterXML jackson-databind, hasta la versión 2.8.11 y las versiones 2.9.x hasta la 2.9.3, permite la ejecución remota de código sin autenticar debido a una solución incompleta para los errores de deserialización CVE-2017-7525 y CVE-2017-17485. Esto es explotable mediante dos gadgets diferentes que omiten una lista negra. A deserialization flaw was discovered in the jackson-databind that could allow an unauthenticated user to perform code execution by sending the maliciously crafted input to the readValue method of the ObjectMapper. • https://access.redhat.com/errata/RHSA-2018:0478 https://access.redhat.com/errata/RHSA-2018:0479 https://access.redhat.com/errata/RHSA-2018:0480 https://access.redhat.com/errata/RHSA-2018:0481 https://access.redhat.com/errata/RHSA-2018:1525 https://access.redhat.com/errata/RHSA-2019:2858 https://access.redhat.com/errata/RHSA-2019:3149 https://github.com/FasterXML/jackson-databind/issues/1899 https://security.netapp.com/advisory/ntap-20180423-0002 https://support.hpe.com/h • CWE-184: Incomplete List of Disallowed Inputs CWE-502: Deserialization of Untrusted Data •
CVSS: 9.8EPSS: 14%CPEs: 21EXPL: 2CVE-2017-17485 – jackson-databind: Unsafe deserialization due to incomplete black list (incomplete fix for CVE-2017-15095)
https://notcve.org/view.php?id=CVE-2017-17485
FasterXML jackson-databind through 2.8.10 and 2.9.x through 2.9.3 allows unauthenticated remote code execution because of an incomplete fix for the CVE-2017-7525 deserialization flaw. This is exploitable by sending maliciously crafted JSON input to the readValue method of the ObjectMapper, bypassing a blacklist that is ineffective if the Spring libraries are available in the classpath. FasterXML jackson-databind hasta la versión 2.8.10 y 2.9.x hasta la 2.9.3 permite que se ejecute código de manera remota y no autenticada debido a una solución incompleta de la vulnerabilidad de deserialización CVE-2017-7525. Esto es explotable enviando una entrada JSON manipulada maliciosamente al método readValue de ObjectMapper, omitiendo una lista negra que no es efectiva si las librerías Spring están disponibles en el classpath. A deserialization flaw was discovered in the jackson-databind which could allow an unauthenticated user to perform code execution by sending maliciously crafted input to the readValue method of ObjectMapper. • https://github.com/Al1ex/CVE-2017-17485 https://github.com/tafamace/CVE-2017-17485 http://www.securityfocus.com/archive/1/541652/100/0/threaded https://access.redhat.com/errata/RHSA-2018:0116 https://access.redhat.com/errata/RHSA-2018:0342 https://access.redhat.com/errata/RHSA-2018:0478 https://access.redhat.com/errata/RHSA-2018:0479 https://access.redhat.com/errata/RHSA-2018:0480 https://access.redhat.com/errata/RHSA-2018:0481 https://access.redhat.com/errata/RHS • CWE-502: Deserialization of Untrusted Data •
CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 0CVE-2016-7066 – admin-cli: Any local users can connect to jboss-cli
https://notcve.org/view.php?id=CVE-2016-7066
It was found that the improper default permissions on /tmp/auth directory in JBoss Enterprise Application Platform before 7.1.0 can allow any local user to connect to CLI and allow the user to execute any arbitrary operations. Se ha detectado que los permisos incorrectos por defecto en el directorio /tmp/auth en JBoss Enterprise Application Platform en versiones anteriores a la 7.1.0 pueden permitir que cualquier usuario local se conecte a la interfaz de línea de comandos y ejecute cualquier operación arbitraria. It was found that the improper default permissions on /tmp/auth directory in EAP 7 can allow any local user to connect to CLI and allow the user to execute any arbitrary operations. • https://access.redhat.com/errata/RHSA-2017:3456 https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2016-7066 https://access.redhat.com/security/cve/CVE-2016-7066 https://bugzilla.redhat.com/show_bug.cgi?id=1401661 • CWE-266: Incorrect Privilege Assignment CWE-275: Permission Issues •
CVSS: 7.5EPSS: 0%CPEs: 5EXPL: 0CVE-2017-12165 – undertow: improper whitespace parsing leading to potential HTTP request smuggling
https://notcve.org/view.php?id=CVE-2017-12165
It was discovered that Undertow before 1.4.17, 1.3.31 and 2.0.0 processes http request headers with unusual whitespaces which can cause possible http request smuggling. Se ha descubierto que Undertow en versiones anteriores a la 1.4.17, 1.3.31 y 2.0.0 procesa cabeceras de petición HTTP con espacios en blanco inusuales que pueden provocar HTTP Request Smuggling. It was discovered that Undertow processes http request headers with unusual whitespaces which can cause possible http request smuggling. • https://access.redhat.com/errata/RHSA-2017:3454 https://access.redhat.com/errata/RHSA-2017:3455 https://access.redhat.com/errata/RHSA-2017:3456 https://access.redhat.com/errata/RHSA-2017:3458 https://access.redhat.com/errata/RHSA-2018:0002 https://access.redhat.com/errata/RHSA-2018:0003 https://access.redhat.com/errata/RHSA-2018:0004 https://access.redhat.com/errata/RHSA-2018:0005 https://access.redhat.com/errata/RHSA-2018:1322 https://bugzilla.redhat.com/show_bug. • CWE-444: Inconsistent Interpretation of HTTP Requests ('HTTP Request/Response Smuggling') •