CVSS: 7.0EPSS: 91%CPEs: 77EXPL: 12CVE-2020-9484 – tomcat: deserialization flaw in session persistence storage leading to RCE
https://notcve.org/view.php?id=CVE-2020-9484
When using Apache Tomcat versions 10.0.0-M1 to 10.0.0-M4, 9.0.0.M1 to 9.0.34, 8.5.0 to 8.5.54 and 7.0.0 to 7.0.103 if a) an attacker is able to control the contents and name of a file on the server; and b) the server is configured to use the PersistenceManager with a FileStore; and c) the PersistenceManager is configured with sessionAttributeValueClassNameFilter="null" (the default unless a SecurityManager is used) or a sufficiently lax filter to allow the attacker provided object to be deserialized; and d) the attacker knows the relative file path from the storage location used by FileStore to the file the attacker has control over; then, using a specifically crafted request, the attacker will be able to trigger remote code execution via deserialization of the file under their control. Note that all of conditions a) to d) must be true for the attack to succeed. Cuando se usa Apache Tomcat versiones 10.0.0-M1 hasta 10.0.0-M4, 9.0.0.M1 hasta 9.0.34, 8.5.0 hasta 8.5.54 y 7.0.0 hasta 7.0. 103, si a) un atacante es capaz de controlar el contenido y el nombre de un archivo en el servidor; y b) el servidor está configurado para usar el PersistenceManager con un FileStore; y c) el PersistenceManager está configurado con sessionAttributeValueClassNameFilter="null" (el valor predeterminado a menos que se utilice un SecurityManager) o un filtro lo suficientemente laxo como para permitir que el objeto proporcionado por el atacante sea deserializado; y d) el atacante conoce la ruta relativa del archivo desde la ubicación de almacenamiento usada por FileStore hasta el archivo sobre el que el atacante presenta control; entonces, mediante una petición específicamente diseñada, el atacante podrá ser capaz de desencadenar una ejecución de código remota mediante la deserialización del archivo bajo su control. Tome en cuenta que todas las condiciones desde la a) hasta la d) deben cumplirse para que el ataque tenga éxito. A deserialization flaw was discovered in Apache Tomcat's use of a FileStore. • https://github.com/masahiro331/CVE-2020-9484 https://github.com/IdealDreamLast/CVE-2020-9484 https://github.com/osamahamad/CVE-2020-9484-Mass-Scan https://github.com/PenTestical/CVE-2020-9484 https://github.com/AssassinUKG/CVE-2020-9484 https://github.com/RepublicR0K/CVE-2020-9484 https://github.com/anjai94/CVE-2020-9484-exploit https://github.com/ColdFusionX/CVE-2020-9484 https://github.com/VICXOR/CVE-2020-9484 https://github.com/seanachao/CVE-2020-9484 https://github& • CWE-502: Deserialization of Untrusted Data •
CVSS: 6.8EPSS: 0%CPEs: 4EXPL: 0CVE-2020-11078 – CRLF injection in httplib2
https://notcve.org/view.php?id=CVE-2020-11078
In httplib2 before version 0.18.0, an attacker controlling unescaped part of uri for `httplib2.Http.request()` could change request headers and body, send additional hidden requests to same server. This vulnerability impacts software that uses httplib2 with uri constructed by string concatenation, as opposed to proper urllib building with escaping. This has been fixed in 0.18.0. En httplib2 versiones anteriores a 0.18.0, un atacante controla una parte no escapada de un uri para la función "httplib2.Http.request()" podía cambiar los encabezados y el cuerpo de las peticiones, enviar peticiones ocultas adicionales hacia el mismo servidor. Esta vulnerabilidad impacta al software que usa httplib2 con un uri construido mediante una concatenación en cadena, a diferencia de una construcción apropiada de urllib con escape. • https://github.com/httplib2/httplib2/commit/a1457cc31f3206cf691d11d2bf34e98865873e9e https://github.com/httplib2/httplib2/security/advisories/GHSA-gg84-qgv9-w4pq https://lists.apache.org/thread.html/r23711190c2e98152cb6f216b95090d5eeb978543bb7e0bad22ce47fc%40%3Cissues.beam.apache.org%3E https://lists.apache.org/thread.html/r4d35dac106fab979f0db75a07fc4e320ad848b722103e79667ff99e1%40%3Cissues.beam.apache.org%3E https://lists.apache.org/thread.html/r69a462e690b5f2c3d418a288a2c98ae764d58587bd0b5d6ab141f25f%40%3Cissues.beam.apache.org%3E https://lists.apache.org/thread.html • CWE-74: Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection') CWE-93: Improper Neutralization of CRLF Sequences ('CRLF Injection') CWE-113: Improper Neutralization of CRLF Sequences in HTTP Headers ('HTTP Request/Response Splitting') •
CVSS: 6.5EPSS: 0%CPEs: 3EXPL: 1CVE-2020-13231
https://notcve.org/view.php?id=CVE-2020-13231
In Cacti before 1.2.11, auth_profile.php?action=edit allows CSRF for an admin email change. En Cacti versiones anteriores a 1.2.11, auth_profile.php?action=edit permite un ataque de tipo CSRF para un cambio de correo electrónico de administrador. • https://github.com/Cacti/cacti/issues/3342 https://github.com/Cacti/cacti/releases/tag/release%2F1.2.11 https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/ICJMWSY77IIGZYR6FE6NAQZFBO42VECO https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/Q3PCDGNELH7HEBIXRNT5J5EWQEXQAU6B • CWE-352: Cross-Site Request Forgery (CSRF) •
CVSS: 4.3EPSS: 0%CPEs: 4EXPL: 1CVE-2020-13230
https://notcve.org/view.php?id=CVE-2020-13230
In Cacti before 1.2.11, disabling a user account does not immediately invalidate any permissions granted to that account (e.g., permission to view logs). En Cacti versiones anteriores a 1.2.11, deshabilita una cuenta de usuario que no invalida inmediatamente los permisos concedidos a dicha cuenta (por ejemplo, el permiso para visualizar los registros). • https://github.com/Cacti/cacti/issues/3343 https://github.com/Cacti/cacti/releases/tag/release%2F1.2.11 https://lists.debian.org/debian-lts-announce/2022/03/msg00038.html https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/ICJMWSY77IIGZYR6FE6NAQZFBO42VECO https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/Q3PCDGNELH7HEBIXRNT5J5EWQEXQAU6B • CWE-281: Improper Preservation of Permissions •
CVSS: 7.5EPSS: 0%CPEs: 8EXPL: 0CVE-2020-13164
https://notcve.org/view.php?id=CVE-2020-13164
In Wireshark 3.2.0 to 3.2.3, 3.0.0 to 3.0.10, and 2.6.0 to 2.6.16, the NFS dissector could crash. This was addressed in epan/dissectors/packet-nfs.c by preventing excessive recursion, such as for a cycle in the directory graph on a filesystem. En Wireshark versiones 3.2.0 hasta 3.2.3, 3.0.0 hasta 3.0.10 y 2.6.0 hasta 2.6.16, el disector NFS podría bloquearse. Esto se abordó en el archivo epan/dissectors/packet-nfs.c impidiendo la recurrencia excesiva, como por ejemplo, un ciclo en el gráfico de directorio en un sistema de archivos. • http://lists.opensuse.org/opensuse-security-announce/2020-08/msg00026.html http://lists.opensuse.org/opensuse-security-announce/2020-08/msg00038.html https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=16476 https://code.wireshark.org/review/gitweb?p=wireshark.git%3Ba=commit%3Bh=e6e98eab8e5e0bbc982cfdc808f2469d7cab6c5a https://lists.debian.org/debian-lts-announce/2021/02/msg00008.html https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/5UOISPQTRCZGQLKBVXEDL72AEXEHS425 https://lists • CWE-674: Uncontrolled Recursion •