CVSS: 7.5EPSS: 0%CPEs: 34EXPL: 0CVE-2021-40690 – Bypass of the secureValidation property
https://notcve.org/view.php?id=CVE-2021-40690
All versions of Apache Santuario - XML Security for Java prior to 2.2.3 and 2.1.7 are vulnerable to an issue where the "secureValidation" property is not passed correctly when creating a KeyInfo from a KeyInfoReference element. This allows an attacker to abuse an XPath Transform to extract any local .xml files in a RetrievalMethod element. Todas las versiones de Apache Santuario - XML Security for Java anteriores a 2.2.3 y 2.1.7 son vulnerables a un problema donde la propiedad "secureValidation" no es pasada correctamente cuando es creado un KeyInfo a partir de un elemento KeyInfoReference. Esto permite a un atacante abusar de una transformación XPath para extraer cualquier archivo local .xml en un elemento RetrievalMethod • https://lists.apache.org/thread.html/r3b3f5ba9b0de8c9c125077b71af06026d344a709a8ba67db81ee9faa%40%3Ccommits.tomee.apache.org%3E https://lists.apache.org/thread.html/r401ecb7274794f040cd757b259ebe3e8c463ae74f7961209ccad3c59%40%3Cissues.cxf.apache.org%3E https://lists.apache.org/thread.html/r8848751b6a5dd78cc9e99d627e74fecfaffdfa1bb615dce827aad633%40%3Cdev.santuario.apache.org%3E https://lists.apache.org/thread.html/r8a5c0ce9014bd07303aec1e5eed55951704878016465d3dae00e0c28%40%3Ccommits.tomee.apache.org%3E https://lists.apache.org/thread.html/r9c100d53c84d54cf71975e3f0cfcc2856a8846554a04c99390156ce4% • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 9.8EPSS: 0%CPEs: 8EXPL: 0CVE-2020-13931
https://notcve.org/view.php?id=CVE-2020-13931
If Apache TomEE 8.0.0-M1 - 8.0.3, 7.1.0 - 7.1.3, 7.0.0-M1 - 7.0.8, 1.0.0 - 1.7.5 is configured to use the embedded ActiveMQ broker, and the broker config is misconfigured, a JMX port is opened on TCP port 1099, which does not include authentication. CVE-2020-11969 previously addressed the creation of the JMX management interface, however the incomplete fix did not cover this edge case. Si Apache TomEE versiones 8.0.0-M1 - 8.0.3, 7.1.0 - 7.1.3, 7.0.0-M1 - 7.0.8, 1.0.0 - 1.7.5 está configurado para utilizar el broker ActiveMQ insertado y el broker config está configurado inapropiadamente, un puerto JMX es abierto en el puerto TCP 1099, que no incluye autenticación. CVE-2020-11969 abordó previamente la creación de la interfaz de administración JMX, sin embargo, una corrección incompleta no cubrió este caso extremo • https://lists.apache.org/thread.html/r7f98907165b355dc65f28a57f15103a06173ce03261115fa46d569b4%40%3Cdev.tomee.apache.org%3E https://lists.apache.org/thread.html/r85b87478f8aa4751aa3a06e88622e80ffabae376ee7283e147ee56b9%40%3Cdev.tomee.apache.org%3E https://lists.apache.org/thread.html/ref088c4732e1a8dd0bbbb96e13ffafcfe65f984238ffa55f438d78fe%40%3Cdev.tomee.apache.org%3E •
CVSS: 9.8EPSS: 4%CPEs: 8EXPL: 0CVE-2020-11969
https://notcve.org/view.php?id=CVE-2020-11969
If Apache TomEE is configured to use the embedded ActiveMQ broker, and the broker URI includes the useJMX=true parameter, a JMX port is opened on TCP port 1099, which does not include authentication. This affects Apache TomEE 8.0.0-M1 - 8.0.1, Apache TomEE 7.1.0 - 7.1.2, Apache TomEE 7.0.0-M1 - 7.0.7, Apache TomEE 1.0.0 - 1.7.5. Si Apache TomEE está configurado para usar un broker ActiveMQ incorporado, y el URI del broker incluye el parámetro useJMX=true, se abre un puerto JMX en el puerto TCP 1099, que no incluye la autenticación. Esto afecta a Apache TomEE versiones 8.0.0-M1 - 8.0.1, Apache TomEE versiones 7.1.0 - 7.1.2, Apache TomEE versiones 7.0.0-M1 - 7.0.7, Apache TomEE versiones 1.0.0 - 1.7.5 • http://www.openwall.com/lists/oss-security/2020/12/16/2 https://lists.apache.org/thread.html/r85b87478f8aa4751aa3a06e88622e80ffabae376ee7283e147ee56b9%40%3Cdev.tomee.apache.org%3E https://lists.apache.org/thread.html/rbd23418646dedda70a546331ea1c1d115b8975b7e7dc452d10e2e773%40%3Cannounce.apache.org%3E https://lists.apache.org/thread.html/rbd23418646dedda70a546331ea1c1d115b8975b7e7dc452d10e2e773%40%3Cdev.tomee.apache.org%3E https://lists.apache.org/thread.html/ref088c4732e1a8dd0bbbb96e13ffafcfe65f984238ffa55f438d78fe%40%3Cdev.tomee.apache.org%3E https://lists.apach • CWE-306: Missing Authentication for Critical Function •
CVSS: 6.1EPSS: 0%CPEs: 1EXPL: 0CVE-2018-8031
https://notcve.org/view.php?id=CVE-2018-8031
The Apache TomEE console (tomee-webapp) has a XSS vulnerability which could allow javascript to be executed if the user is given a malicious URL. This web application is typically used to add TomEE features to a Tomcat installation. The TomEE bundles do not ship with this application included. This issue can be mitigated by removing the application after TomEE is setup (if using the application to install TomEE), using one of the provided pre-configured bundles, or by upgrading to TomEE 7.0.5. This issue is resolve in this commit: b8bbf50c23ce97dd64f3a5d77f78f84e47579863. • https://lists.apache.org/thread.html/c4b0d83a534d6cdf2de54dbbd00e3538072ac2e360781b784608ed0d%40%3Cdev.tomee.apache.org%3E • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 9.8EPSS: 4%CPEs: 2EXPL: 0CVE-2016-0779
https://notcve.org/view.php?id=CVE-2016-0779
The EjbObjectInputStream class in Apache TomEE before 1.7.4 and 7.x before 7.0.0-M3 allows remote attackers to execute arbitrary code via a crafted serialized object. La clase EjbObjectInputStream en Apache TomEE en versiones anteriores a 1.7.4 y 7.x en versiones anteriores a 7.0.0-M3 permite a atacantes remotos ejecutar código arbitrario a través de un objeto serializado manipulado. • http://packetstormsecurity.com/files/136256/Apache-TomEE-Patched.html http://tomee-openejb.979440.n4.nabble.com/Document-resolved-vulnerability-CVE-2015-8581-td4678073.html http://tomee.apache.org/security/tomee.html http://www.securityfocus.com/archive/1/537806/100/0/threaded http://www.securityfocus.com/bid/79204 http://www.zerodayinitiative.com/advisories/ZDI-15-638 • CWE-502: Deserialization of Untrusted Data •