CVSS: 5.3EPSS: 78%CPEs: 53EXPL: 2CVE-2018-11784 – Apache Tomcat 9.0.0.M1 - Open Redirect
https://notcve.org/view.php?id=CVE-2018-11784
When the default servlet in Apache Tomcat versions 9.0.0.M1 to 9.0.11, 8.5.0 to 8.5.33 and 7.0.23 to 7.0.90 returned a redirect to a directory (e.g. redirecting to '/foo/' when the user requested '/foo') a specially crafted URL could be used to cause the redirect to be generated to any URI of the attackers choice. Cuando el servlet por defecto en Apache Tomcat en versiones de la 9.0.0.M1 a la 9.0.11, de la 8.5.0 a la 8.5.33 y de la 7.0.23 a la 7.0.90 devolvía una redirección a un directorio (por ejemplo, redirigiendo a "/foo/'' cuando el usuario solicitó '"/foo") se pudo usar una URL especialmente manipulada para hacer que la redirección se generara a cualquier URI de la elección del atacante. These are details on an open redirection vulnerability in Apache Tomcat version 9.0.0M1 that was discovered in 2018. • https://www.exploit-db.com/exploits/50118 https://github.com/Cappricio-Securities/CVE-2018-11784 http://lists.opensuse.org/opensuse-security-announce/2019-06/msg00030.html http://lists.opensuse.org/opensuse-security-announce/2019-07/msg00056.html http://packetstormsecurity.com/files/163456/Apache-Tomcat-9.0.0M1-Open-Redirect.html http://www.securityfocus.com/bid/105524 https://access.redhat.com/errata/RHSA-2019:0130 https://access.redhat.com/errata/RHSA-2019:0131 https://access.redhat.c • CWE-99: Improper Control of Resource Identifiers ('Resource Injection') CWE-601: URL Redirection to Untrusted Site ('Open Redirect') •
CVSS: 9.8EPSS: 0%CPEs: 47EXPL: 0CVE-2018-1000613
https://notcve.org/view.php?id=CVE-2018-1000613
Legion of the Bouncy Castle Legion of the Bouncy Castle Java Cryptography APIs 1.58 up to but not including 1.60 contains a CWE-470: Use of Externally-Controlled Input to Select Classes or Code ('Unsafe Reflection') vulnerability in XMSS/XMSS^MT private key deserialization that can result in Deserializing an XMSS/XMSS^MT private key can result in the execution of unexpected code. This attack appear to be exploitable via A handcrafted private key can include references to unexpected classes which will be picked up from the class path for the executing application. This vulnerability appears to have been fixed in 1.60 and later. Las API Legion of the Bouncy Castle Java Cryptography de Legion of the Bouncy Castle en versiones hasta 1.58 pero sin incluir la versión 1.60, contiene una debilidad CWE-470: Use of Externally-Controlled Input to Select Classes or Code ('Unsafe Reflection'), vulnerabilidad en la deserialización de la clave privada XMSS/XMSS^MT que puede resultar en desrealizar una clave privada XMSS/XMSS^MT puede resultar en la ejecución de código inesperado. Este ataque parece ser explotable por medio de una clave privada artesanal que puede incluir referencias a clases inesperadas que se recogerán del class path para la aplicación en ejecución. • http://lists.opensuse.org/opensuse-security-announce/2020-05/msg00011.html https://github.com/bcgit/bc-java/commit/4092ede58da51af9a21e4825fbad0d9a3ef5a223#diff-2c06e2edef41db889ee14899e12bd574 https://github.com/bcgit/bc-java/commit/cd98322b171b15b3f88c5ec871175147893c31e6#diff-148a6c098af0199192d6aede960f45dc https://lists.apache.org/thread.html/rf1bbc0ea4a9f014cf94df9a12a6477d24a27f52741dbc87f2fd52ff2%40%3Cissues.geode.apache.org%3E https://security.netapp.com/advisory/ntap-20190204-0003 https://www.oracle.com/security-alerts/cpuApr2021.html https://www.or • CWE-470: Use of Externally-Controlled Input to Select Classes or Code ('Unsafe Reflection') •
CVSS: 7.5EPSS: 0%CPEs: 31EXPL: 0CVE-2018-1000180 – bouncycastle: flaw in the low-level interface to RSA key pair generator
https://notcve.org/view.php?id=CVE-2018-1000180
Bouncy Castle BC 1.54 - 1.59, BC-FJA 1.0.0, BC-FJA 1.0.1 and earlier have a flaw in the Low-level interface to RSA key pair generator, specifically RSA Key Pairs generated in low-level API with added certainty may have less M-R tests than expected. This appears to be fixed in versions BC 1.60 beta 4 and later, BC-FJA 1.0.2 and later. Bouncy Castle BC 1.54 - 1.59, BC-FJA 1.0.0, BC-FJA 1.0.1 y anteriores tiene un vulnerabilidad en la interfaz de bajo nivel del generador de claves RSA; específicamente, los pares de claves RSA generados en la API de bajo nivel con un valor certainty añadido pueden tener menos tests M-R de lo esperado. Parece que se ha resuelto en versiones BC 1.60 beta 4 y posteriores y BC-FJA 1.0.2 y posteriores. A vulnerability was found in BouncyCastle. • http://www.securityfocus.com/bid/106567 https://access.redhat.com/errata/RHSA-2018:2423 https://access.redhat.com/errata/RHSA-2018:2424 https://access.redhat.com/errata/RHSA-2018:2425 https://access.redhat.com/errata/RHSA-2018:2428 https://access.redhat.com/errata/RHSA-2018:2643 https://access.redhat.com/errata/RHSA-2018:2669 https://access.redhat.com/errata/RHSA-2019:0877 https://github.com/bcgit/bc-java/commit/22467b6e8fe19717ecdf201c0cf91bacf04a55ad https://github.com/bcgit/ • CWE-325: Missing Cryptographic Step CWE-327: Use of a Broken or Risky Cryptographic Algorithm •
CVSS: 7.5EPSS: 95%CPEs: 18EXPL: 2CVE-2017-3730 – Bad (EC)DHE parameters cause a client crash
https://notcve.org/view.php?id=CVE-2017-3730
In OpenSSL 1.1.0 before 1.1.0d, if a malicious server supplies bad parameters for a DHE or ECDHE key exchange then this can result in the client attempting to dereference a NULL pointer leading to a client crash. This could be exploited in a Denial of Service attack. En OpenSSL versión 1.1.0 anterior a 1.1.0d, si un servidor malicioso suministra parámetros incorrectos para un intercambio de claves DHE o ECDHE, entonces esto puede resultar en que el cliente intente desreferenciar un puntero NULL que conduce a un bloqueo del cliente. Esto podría ser explotado en un ataque de denegación de servicio. • https://www.exploit-db.com/exploits/41192 https://github.com/guidovranken/CVE-2017-3730 http://www.oracle.com/technetwork/security-advisory/cpujan2018-3236628.html http://www.oracle.com/technetwork/security-advisory/cpuoct2017-3236626.html http://www.securityfocus.com/bid/95812 http://www.securitytracker.com/id/1037717 https://github.com/openssl/openssl/commit/efbe126e3ebb9123ac9d058aa2bb044261342aaa https://security.gentoo.org/glsa/201702-07 https://support.hpe.com/hpsc/doc/public/display?docLocale=en • CWE-476: NULL Pointer Dereference •
CVSS: 9.8EPSS: 73%CPEs: 56EXPL: 0CVE-2016-8735 – Apache Tomcat Remote Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2016-8735
Remote code execution is possible with Apache Tomcat before 6.0.48, 7.x before 7.0.73, 8.x before 8.0.39, 8.5.x before 8.5.7, and 9.x before 9.0.0.M12 if JmxRemoteLifecycleListener is used and an attacker can reach JMX ports. The issue exists because this listener wasn't updated for consistency with the CVE-2016-3427 Oracle patch that affected credential types. La ejecución remota de código es posible con Apache Tomcat en versiones anteriores a 6.0.48, 7.x en versiones anteriores a 7.0.73, 8.x en versiones anteriores a 8.0.39, 8.5.x en versiones anteriores a 8.5.7 y 9.x en versiones anteriores a 9.0.0.M12 si JmxRemoteLifecycleListener es utilizado y un atacante puede llegar a los puertos JMX. El problema existe porque este oyente no se actualizó por coherencia con el parche de Oracle CVE-2016-3427 que afectó a los tipos de credenciales. The JmxRemoteLifecycleListener was not updated to take account of Oracle's fix for CVE-2016-3427. • http://rhn.redhat.com/errata/RHSA-2017-0457.html http://seclists.org/oss-sec/2016/q4/502 http://svn.apache.org/viewvc?view=revision&revision=1767644 http://svn.apache.org/viewvc?view=revision&revision=1767656 http://svn.apache.org/viewvc?view=revision&revision=1767676 http://svn.apache.org/viewvc?view=revision&revision=1767684 http://tomcat.apache.org/security-6.html http://tomcat.apache.org/security-7.html http://tomcat.apache.org/security-8.html http://tomcat.apache.org&#x • CWE-502: Deserialization of Untrusted Data •