CVE-2016-5710
https://notcve.org/view.php?id=CVE-2016-5710
NetApp Snap Creator Framework before 4.3P1 allows remote authenticated users to conduct clickjacking attacks via unspecified vectors. NetApp Snap Creator Framework versiones anteriores a 4.3P1, permite a usuarios autenticados remotos llevar a cabo ataques de secuestro de cliqueo por medio de vectores no especificados. • https://kb.netapp.com/support/s/article/cve-2016-5710-clickjacking-vulnerability-in-snap-creator-framework • CWE-1021: Improper Restriction of Rendered UI Layers or Frames •
CVE-2017-7657 – jetty: HTTP request smuggling
https://notcve.org/view.php?id=CVE-2017-7657
In Eclipse Jetty, versions 9.2.x and older, 9.3.x (all configurations), and 9.4.x (non-default configuration with RFC2616 compliance enabled), transfer-encoding chunks are handled poorly. The chunk length parsing was vulnerable to an integer overflow. Thus a large chunk size could be interpreted as a smaller chunk size and content sent as chunk body could be interpreted as a pipelined request. If Jetty was deployed behind an intermediary that imposed some authorization and that intermediary allowed arbitrarily large chunks to be passed on unchanged, then this flaw could be used to bypass the authorization imposed by the intermediary as the fake pipelined request would not be interpreted by the intermediary as a request. En Eclipse Jetty, en versiones 9.2.x y anteriores, versiones 9.3.x (todas las configuraciones) y versiones 9.4.x (configuración personalizada con el cumplimiento RFC2616 habilitado), los fragmentos transfer-encoding se gestionan de forma incorrecta. • http://www.securitytracker.com/id/1041194 https://access.redhat.com/errata/RHSA-2019:0910 https://bugs.eclipse.org/bugs/show_bug.cgi?id=535668 https://lists.apache.org/thread.html/053d9ce4d579b02203db18545fee5e33f35f2932885459b74d1e4272%40%3Cissues.activemq.apache.org%3E https://lists.apache.org/thread.html/708d94141126eac03011144a971a6411fcac16d9c248d1d535a39451%40%3Csolr-user.lucene.apache.org%3E https://lists.apache.org/thread.html/9317fd092b257a0815434b116a8af8daea6e920b6673f4fd5583d5fe%40%3Ccommits.druid.apache.org%3E https://lists.apache. • CWE-190: Integer Overflow or Wraparound CWE-444: Inconsistent Interpretation of HTTP Requests ('HTTP Request/Response Smuggling') •
CVE-2016-5372
https://notcve.org/view.php?id=CVE-2016-5372
Cross-site request forgery (CSRF) vulnerability in NetApp Snap Creator Framework before 4.3.0P1 allows remote attackers to hijack the authentication of users for requests that have unspecified impact via unknown vectors. Vulnerabilidad de CSRF en NetApp Snap Creator Framework en versiones anteriores a 4.3.0P1 permite a atacantes remotos secuestrar la autenticación de usuarios para peticiones que tienen un impacto no especificado a través de vectores desconocidos. • https://kb.netapp.com/support/s/article/cve-2016-5372-cross-site-request-forgery-vulnerability-in-snap-creator-framework https://security.netapp.com/advisory/ntap-20160622-0001 • CWE-352: Cross-Site Request Forgery (CSRF) •
CVE-2016-7172
https://notcve.org/view.php?id=CVE-2016-7172
NetApp Snap Creator Framework before 4.3.1 discloses sensitive information which could be viewed by an unauthorized user. NetApp Snap Creator Framework en versiones anteriores a 4.3.1 revela información sensible que pude ser vista por un usuario no autorizado. • http://www.securityfocus.com/bid/95069 http://www.securitytracker.com/id/1037530 https://kb.netapp.com/support/s/article/NTAP-20161220-0001 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •