The readObject method in the DiskFileItem class in Apache Tomcat and JBoss Web, as used in Red Hat JBoss Enterprise Application Platform 6.1.0 and Red Hat JBoss Portal 6.0.0, allows remote attackers to write to arbitrary files via a NULL byte in a file…
[org.apache.struts:struts2-core] Remote Code Execution in Apache Struts
XSLTResult allows for the location of a stylesheet being passed as a request parameter. In some circumstances this can be used to inject remotely executable code.
References
https://nvd.nist.gov/vuln/detail/CVE-2016-3082
http://struts.apache.org/docs/…
[org.apache.struts:struts2-core] Code injection in Apache Struts
Apache Struts 2.0.0 through 2.3.15.1 enables Dynamic Method Invocation by default, which has unknown impact and attack vectors.
References
https://nvd.nist.gov/vuln/detail/CVE-2013-4316
http://archives.neohapsis.com/archives/bugtraq/2013-09/0107.html
…
[org.jruby:jruby] Ruby vulnerable to denial of service
When reading text nodes from an XML document, the REXML parser can be coerced in to allocating extremely large string objects which can consume all of the memory on a machine, causing a denial of service.
Jruby resolves this bug in version 1.7.3 as not…
[org.apache.geode:geode-core] Apache Geode information disclosure vulnerability
Apache Geode before 1.1.1, when a cluster has enabled security by setting the security-manager property, allows remote authenticated users with CLUSTER:READ but not DATA:READ permission to access the data browser page in Pulse and consequently execute …
[org.apache.sling:org.apache.sling.xss] XML External Entity Reference in Apache Sling
In the XSS Protection API module before 1.0.12 in Apache Sling, the method XSS.getValidXML() uses an insecure SAX parser to validate the input string, which allows for XXE attacks in all scripts which use this method to validate user input, potentially…
[org.apache.struts:struts2-core] Possible DoS attack when using URLValidator
The URLValidator class in Apache Struts 2 2.3.20 through 2.3.28.1 and 2.5.x before 2.5.1 allows remote attackers to cause a denial of service via a null value for a URL field.
References
https://nvd.nist.gov/vuln/detail/CVE-2016-4465
https://bugzilla….
[org.apache.struts:struts2-core] Cross-Site Request Forgery in Apache Struts
The token check mechanism in Apache Struts 2.0.0 through 2.3.4 does not properly validate the token name configuration parameter, which allows remote attackers to perform cross-site request forgery (CSRF) attacks by setting the token name configuration…
[org.apache.struts:struts2-core] Denial of service in Apache Struts
Apache Struts 2.0.0 through 2.3.4 allows remote attackers to cause a denial of service (CPU consumption) via a long parameter name, which is processed as an OGNL expression.
References
https://nvd.nist.gov/vuln/detail/CVE-2012-4387
https://exchange.xf…
[org.apache.atlas:atlas-common] Insecure cookie storage in Apache Atlas
Apache Atlas versions 0.6.0-incubating and 0.7.0-incubating use cookies that could be accessible to client-side script.
References
https://nvd.nist.gov/vuln/detail/CVE-2017-3150
https://lists.apache.org/thread.html/4a4fef91e067fd0d9da569e30867c1fa65e2…