It was discovered that the hawtio servlet 1.4 uses a single HttpClient instance to proxy requests with a persistent cookie store (cookies are stored locally and are not passed between the client and the end URL) which means all clients using that proxy…
[org.jbpm.jbpm5:jbpmmigration] XML External Entity Reference in jbpmmigration
It was discovered that the XmlUtils class in jbpmmigration performed expansion of external parameter entities while parsing XML files. A remote attacker could use this flaw to read files accessible to the user running the application server and, potent…
[io.undertow:undertow-core] Undertow vulnerable to Request Smuggling
In Undertow 2.x before 2.0.0.Alpha2, 1.4.x before 1.4.17.Final, and 1.3.x before 1.3.31.Final, it was found that the fix for CVE-2017-2666 was incomplete and invalid characters are still allowed in the query string and path parameters. This could be ex…
[io.hawt:project] Cross-Site Request Forgery in hawtio
It was found that hawtio contains a CSRF flaw that allows unrelated websites to perform actions as the authenticated user. Attackers could use this vulnerability to trick the user to visit his website that contains a malicious script which can be submi…
[org.elasticsearch.plugin:x-pack] Improper Privilege Management in X-Pack
The Reporting feature in X-Pack in versions prior to 5.5.2 and standalone Reporting plugin versions versions prior to 2.4.6 had an impersonation vulnerability. A user with the reporting_user role could execute a report with the permissions of another r…
[com.sonyericsson.jenkins.plugins.bfa:build-failure-analyzer] Cross-site Scripting in Jenkins Build Failure Analyzer plugin
Cross-site scripting (XSS) vulnerability in the Build Failure Analyzer plugin before 1.16.0 in Jenkins allows remote attackers to inject arbitrary web script or HTML via an unspecified parameter.
References
https://nvd.nist.gov/vuln/detail/CVE-2016-49…
[com.nimbusds:nimbus-jose-jwt] Nimbus JOSE+JWT missing overflow check
In Nimbus JOSE+JWT before 4.39, there is no integer-overflow check when converting length values from bytes to bits, which allows attackers to conduct HMAC bypass attacks by shifting Additional Authenticated Data (AAD) and ciphertext so that different …
[com.typesafe.play:play_2.12] Play Framework’s Assets controller vulnerable to directory traversal
A directory traversal vulnerability has been found in the Assets controller in Play Framework 2.6.12 through 2.6.15 (fixed in 2.6.16) when running on Windows. It allows a remote attacker to download arbitrary files from the target server via specially …
[org.apache.atlas:atlas-common] Cross-site Scripting in Apache Atlas
Apache Atlas versions 0.6.0-incubating and 0.7.0-incubating were found vulnerable to Stored Cross-Site Scripting in the edit-tag functionality.
References
https://nvd.nist.gov/vuln/detail/CVE-2017-3151
https://lists.apache.org/thread.html/4a4fef91e067…
[org.richfaces:richfaces] Remote code execution due to insecure deserialization
A flaw was found in the way JBoss RichFaces handled deserialization. A remote attacker could use this flaw to trigger the execution of the deserialization methods in any serializable class deployed on the server. This could lead to a variety of securit…