CVSS: 7.0EPSS: 0%CPEs: 17EXPL: 0CVE-2017-7536 – hibernate-validator: Privilege escalation when running under the security manager
https://notcve.org/view.php?id=CVE-2017-7536
26 Sep 2017 — In Hibernate Validator 5.2.x before 5.2.5 final, 5.3.x, and 5.4.x, it was found that when the security manager's reflective permissions, which allows it to access the private members of the class, are granted to Hibernate Validator, a potential privilege escalation can occur. By allowing the calling code to access those private members without the permission an attacker may be able to validate an invalid instance and access the private member value via ConstraintViolation#getInvalidValue(). En Hibernate Val... • http://www.securityfocus.com/bid/101048 • CWE-470: Use of Externally-Controlled Input to Select Classes or Code ('Unsafe Reflection') CWE-592: DEPRECATED: Authentication Bypass Issues •
CVSS: 5.9EPSS: 0%CPEs: 1EXPL: 1CVE-2015-1849
https://notcve.org/view.php?id=CVE-2015-1849
19 Sep 2017 — AdvancedLdapLodinMogule in Red Hat JBoss Enterprise Application Platform (EAP) before 6.4.1 allows attackers to obtain sensitive information via vectors involving logging the LDAP bind credential password when TRACE logging is enabled. AdvancedLdapLodinMogule en Red Hat JBoss Enterprise Application Platform (EAP) en versiones anteriores a la 6.4.1 permite que los atacantes obtengan información sensible mediante vectores que implican el registro de la contraseña de las credenciales asociadas al protocolo LDA... • https://bugzilla.redhat.com/show_bug.cgi?id=1199641 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 7.5EPSS: 0%CPEs: 14EXPL: 0CVE-2017-7561 – resteasy: Vary header not added by CORS filter leading to cache poisoning
https://notcve.org/view.php?id=CVE-2017-7561
13 Sep 2017 — Red Hat JBoss EAP version 3.0.7 through before 4.0.0.Beta1 is vulnerable to a server-side cache poisoning or CORS requests in the JAX-RS component resulting in a moderate impact. Red Hat JBoss EAP en su versión 3.0.7 hasta antes de la versión 4.0.0.Beta1 es vulnerable a un envenenamiento de la caché por parte del servidor o a peticiones CORS en el componente JAX-RS, resultando en un impacto moderado. It was discovered that the CORS Filter did not add an HTTP Vary header indicating that the response varies d... • http://www.securityfocus.com/bid/100465 • CWE-345: Insufficient Verification of Data Authenticity CWE-346: Origin Validation Error CWE-444: Inconsistent Interpretation of HTTP Requests ('HTTP Request/Response Smuggling') •
CVSS: 5.3EPSS: 0%CPEs: 1EXPL: 0CVE-2016-6311 – EAP7: Internal IP address disclosed on redirect when request header Host field is not set
https://notcve.org/view.php?id=CVE-2016-6311
22 Aug 2017 — Get requests in JBoss Enterprise Application Platform (EAP) 7 disclose internal IP addresses to remote attackers. Las peticiones Get en JBoss Enterprise Application Platform (EAP) 7 divulgan las direcciones IP internas a atacantes remotos. It was found that when issuing a GET request which results in a 302 redirect, and when the request header 'Host' field was not set, the response header field 'Location' contains the internal IP address of the server. An attacker could use this disclose information which t... • https://access.redhat.com/errata/RHSA-2017:3454 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 9.8EPSS: 82%CPEs: 52EXPL: 7CVE-2017-7525 – jackson-databind: Deserialization vulnerability via readValue method of ObjectMapper
https://notcve.org/view.php?id=CVE-2017-7525
31 Jul 2017 — A deserialization flaw was discovered in the jackson-databind, versions before 2.6.7.1, 2.7.9.1 and 2.8.9, which could allow an unauthenticated user to perform code execution by sending the maliciously crafted input to the readValue method of the ObjectMapper. Se ha descubierto un error de deserialización en jackson-databind, en versiones anteriores a la 2.6.7.1, 2.7.9.1 y a la 2.8.9, que podría permitir que un usuario no autenticado ejecute código enviando las entradas maliciosamente manipuladas al método ... • https://packetstorm.news/files/id/145805 • CWE-20: Improper Input Validation CWE-184: Incomplete List of Disallowed Inputs CWE-502: Deserialization of Untrusted Data •
CVSS: 9.1EPSS: 46%CPEs: 34EXPL: 0CVE-2017-9788 – httpd: Uninitialized memory reflection in mod_auth_digest
https://notcve.org/view.php?id=CVE-2017-9788
13 Jul 2017 — In Apache httpd before 2.2.34 and 2.4.x before 2.4.27, the value placeholder in [Proxy-]Authorization headers of type 'Digest' was not initialized or reset before or between successive key=value assignments by mod_auth_digest. Providing an initial key with no '=' assignment could reflect the stale value of uninitialized pool memory used by the prior request, leading to leakage of potentially confidential information, and a segfault in other cases resulting in denial of service. En Apache httpd, en versiones... • http://www.debian.org/security/2017/dsa-3913 • CWE-20: Improper Input Validation CWE-200: Exposure of Sensitive Information to an Unauthorized Actor CWE-456: Missing Initialization of a Variable •
CVSS: 9.8EPSS: 1%CPEs: 7EXPL: 0CVE-2016-3690
https://notcve.org/view.php?id=CVE-2016-3690
08 Jun 2017 — The PooledInvokerServlet in JBoss EAP 4.x and 5.x allows remote attackers to execute arbitrary code via a crafted serialized payload. El PooledInvokerServlet de Jboss EAP en sus versiones 4.x y 5.x permite a un atacante remoto la ejecución de un código aleatorio mediante un payload de diseño serializado. • http://www.securityfocus.com/bid/99079 • CWE-502: Deserialization of Untrusted Data •
CVSS: 7.5EPSS: 2%CPEs: 7EXPL: 0CVE-2017-2670 – undertow: IO thread DoS via unclean Websocket closing
https://notcve.org/view.php?id=CVE-2017-2670
07 Jun 2017 — It was found in Undertow before 1.3.28 that with non-clean TCP close, the Websocket server gets into infinite loop on every IO thread, effectively causing DoS. Se ha encontrado en Undertow en versiones anteriores a la 1.3.28 que con el cierre no seguro de TCP, el servidor Websocket entra en bucle infinito en cada hilo IO, provocando efectivamente una denegación de servicio (DoS). It was found that with non-clean TCP close, Websocket server gets into infinite loop on every IO thread, effectively causing DoS.... • http://rhn.redhat.com/errata/RHSA-2017-1409.html • CWE-835: Loop with Unreachable Exit Condition ('Infinite Loop') •
CVSS: 6.5EPSS: 0%CPEs: 9EXPL: 1CVE-2017-2666 – undertow: HTTP Request smuggling vulnerability due to permitting invalid characters in HTTP requests
https://notcve.org/view.php?id=CVE-2017-2666
07 Jun 2017 — It was discovered in Undertow that the code that parsed the HTTP request line permitted invalid characters. This could be exploited, in conjunction with a proxy that also permitted the invalid characters but with a different interpretation, to inject data into the HTTP response. By manipulating the HTTP response the attacker could poison a web-cache, perform an XSS attack, or obtain sensitive information from requests other than their own. Se ha descubierto en Undertow que el código que analizaba la línea d... • https://github.com/tafamace/CVE-2017-2666 • CWE-444: Inconsistent Interpretation of HTTP Requests ('HTTP Request/Response Smuggling') •
CVSS: 7.7EPSS: 0%CPEs: 6EXPL: 0CVE-2017-2595 – wildfly: Arbitrary file read via path traversal
https://notcve.org/view.php?id=CVE-2017-2595
07 Jun 2017 — It was found that the log file viewer in Red Hat JBoss Enterprise Application 6 and 7 allows arbitrary file read to authenticated user via path traversal. Se ha encontrado que el visor de archivos de log en Red Hat JBoss Enterprise Application 6 y 7 permite que un archivo arbitrario sea leído por el usuario autenticado a través de un salto de directorio. Red Hat JBoss Enterprise Application Platform is a platform for Java applications based on the JBoss Application Server. This release of Red Hat JBoss Ente... • http://rhn.redhat.com/errata/RHSA-2017-1409.html • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •