CVE-2017-5645 – log4j: Socket receiver deserialization vulnerability
https://notcve.org/view.php?id=CVE-2017-5645
In Apache Log4j 2.x before 2.8.2, when using the TCP socket server or UDP socket server to receive serialized log events from another application, a specially crafted binary payload can be sent that, when deserialized, can execute arbitrary code. En Apache Log4j 2.x en versiones anteriores a 2.8.2, cuando se utiliza el servidor de socket TCP o el servidor de socket UDP para recibir sucesos de registro serializados de otra aplicación, puede enviarse una carga binaria especialmente diseñada que, cuando se deserializa, puede ejecutar código arbitrario. It was found that when using remote logging with log4j socket server the log4j server would deserialize any log event received via TCP or UDP. An attacker could use this flaw to send a specially crafted log event that, during deserialization, would execute arbitrary code in the context of the logger application. • https://github.com/pimps/CVE-2017-5645 http://www.openwall.com/lists/oss-security/2019/12/19/2 http://www.oracle.com/technetwork/security-advisory/cpuapr2018-3678067.html http://www.oracle.com/technetwork/security-advisory/cpujan2018-3236628.html http://www.oracle.com/technetwork/security-advisory/cpujul2018-4258247.html http://www.oracle.com/technetwork/security-advisory/cpuoct2018-4428296.html http://www.securityfocus.com/bid/97702 http://www.securitytracker.com/id/1040200 http://www.securit • CWE-502: Deserialization of Untrusted Data •
CVE-2016-5506
https://notcve.org/view.php?id=CVE-2016-5506
Unspecified vulnerability in the Oracle Identity Manager component in Oracle Fusion Middleware allows local users to affect confidentiality and integrity via vectors related to App Server. Vulnerabilidad no especificada en el componente Oracle Identity Manager en Oracle Fusion Middleware permite a usuarios locales afectar la confidencialidad y la integridad a través de vectores relacionados con App Server. • http://www.oracle.com/technetwork/security-advisory/cpuoct2016-2881722.html http://www.securityfocus.com/bid/93648 http://www.securitytracker.com/id/1037051 • CWE-284: Improper Access Control •
CVE-2014-2880 – Oracle Identity Manager 11g R2 SP1 (11.1.2.1.0) - Unvalidated Redirects
https://notcve.org/view.php?id=CVE-2014-2880
Open redirect vulnerability in the Oracle Identity Manager component in Oracle Fusion Middleware 11.1.1.5, 11.1.1.7, 11.1.2.1, and 11.1.2.2 allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via a URL in the backUrl parameter in a changepwd action to identity/faces/firstlogin. Una vulnerabilidad de redireccionamiento abierto en el componente Oracle Identity Manager en Oracle Fusion Middleware versiones 11.1.1.5, 11.1.1.7, 11.1.2.1 y 11.1.2.2, permite a los atacantes remotos redireccionar a los usuarios a sitios web arbitrarios y realizar ataques de phishing mediante una URL en el parámetro backUrl en una acción changepwd en el archivo identity/faces/firstlogin. • https://www.exploit-db.com/exploits/32670 http://packetstormsecurity.com/files/125992/Oracle-Identity-Manager-11g-R2-SP1-Unvalidated-Redirect.html http://www.exploit-db.com/exploits/32670 http://www.oracle.com/technetwork/topics/security/cpuoct2014-1972960.html http://www.osvdb.org/105384 http://www.securityfocus.com/bid/66615 • CWE-20: Improper Input Validation •
CVE-2014-2411
https://notcve.org/view.php?id=CVE-2014-2411
Unspecified vulnerability in the Oracle Identity Analytics component in Oracle Fusion Middleware Oracle Identity Analytics 11.1.1.5 and Sun Role Manager 5.0 allows remote authenticated users to affect confidentiality, integrity, and availability via unknown vectors related to Security. Vulnerabilidad no especificada en el componente Oracle Identity Analytics en Oracle Fusion Middleware Oracle Identity Analytics 11.1.1.5 y Sun Role Manager 5.0 permite a usuarios remotos autenticados afectar la confidencialidad, integridad y disponibilidad a través de vectores desconocidos relacionados con la seguridad. • http://www.oracle.com/technetwork/topics/security/cpuapr2014-1972952.html •
CVE-2013-5815
https://notcve.org/view.php?id=CVE-2013-5815
Unspecified vulnerability in the Oracle Identity Analytics component in Oracle Fusion Middleware Oracle Identity Analytics 11.1.1.5 and Sun Role Manager 4.1 and 5.0 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Security. Vulnerabilidad no especificada en el componente Oracle Identiy Analytics Oracle Identity Analytics 11.1.1.5 y Sun Role Manager 4.1 y 5.0 permite a atacantes remotos afectar la confidencialidad, integridad y disponibilidad a través de vectores desconocidos relativos a Security. • http://www.oracle.com/technetwork/topics/security/cpuoct2013-1899837.html http://www.securitytracker.com/id/1029190 •