romeara

22 exploits Active since Jan 2008
CVE-2014-8110 NOMISEC STUB
Apache ActiveMQ 5.x < 5.10.1 - Cross-Site Scripting in Web Administration Console
Multiple cross-site scripting (XSS) vulnerabilities in the web based administration console in Apache ActiveMQ 5.x before 5.10.1 allow remote attackers to inject arbitrary web script or HTML via unspecified vectors.
1 stars
CVE-2018-8039 NOMISEC HIGH STUB
Apache CXF < 3.1.16 and 3.2.0-3.2.5 - Improper TLS Hostname Verification
It is possible to configure Apache CXF to use the com.sun.net.ssl implementation via 'System.setProperty("java.protocol.handler.pkgs", "com.sun.net.ssl.internal.www.protocol");'. When this system property is set, CXF uses some reflection to try to make the HostnameVerifier work with the old com.sun.net.ssl.HostnameVerifier interface. However, the default HostnameVerifier implementation in CXF does not implement the method in this interface, and an exception is thrown. However, in Apache CXF prior to 3.2.5 and 3.1.16 the exception is caught in the reflection code and not properly propagated. What this means is that if you are using the com.sun.net.ssl stack with CXF, an error with TLS hostname verification will not be thrown, leaving a CXF client subject to man-in-the-middle attacks.
CVSS 8.1
CVE-2018-12537 NOMISEC MEDIUM STUB
Eclipse Vert.x <3.5.1 - Code Injection
In Eclipse Vert.x version 3.0 to 3.5.1, the HttpServer response headers and HttpClient request headers do not filter carriage return and line feed characters from the header value. This allow unfiltered values to inject a new header in the client request or server response.
CVSS 5.3
CVE-2018-12540 NOMISEC HIGH STUB
Eclipse Vert.x 3.0.0-3.5.2 - Cross-Site Request Forgery via XSRF Token Replay
In version from 3.0.0 to 3.5.2 of Eclipse Vert.x, the CSRFHandler do not assert that the XSRF Cookie matches the returned XSRF header/form parameter. This allows replay attacks with previously issued tokens which are not expired yet.
CVSS 8.8
CVE-2018-1259 NOMISEC HIGH STUB
Spring Data Commons 1.13-1.13.11 & 2.0-2.0.6 - XXE via Projection-Based Request Binding
Spring Data Commons, versions 1.13 prior to 1.13.12 and 2.0 prior to 2.0.7, used in combination with XMLBeam 1.4.14 or earlier versions, contains a property binder vulnerability caused by improper restriction of XML external entity references as underlying library XMLBeam does not restrict external reference expansion. An unauthenticated remote malicious user can supply specially crafted request parameters against Spring Data's projection-based request payload binding to access arbitrary files on the system.
CVSS 7.5
CVE-2018-1270 NOMISEC CRITICAL STUB
Spring Framework < 4.3.16 and 5.0 < 5.0.5 - Remote Code Execution via STOMP over WebSocket
Spring Framework, versions 5.0 prior to 5.0.5 and versions 4.3 prior to 4.3.15 and older unsupported versions, allow applications to expose STOMP over WebSocket endpoints with a simple, in-memory STOMP broker through the spring-messaging module. A malicious user (or attacker) can craft a message to the broker that can lead to a remote code execution attack.
CVSS 9.8
CVE-2018-1313 NOMISEC MEDIUM STUB
Apache Derby 10.3.1.4-10.14.1.0 - Info Disclosure
In Apache Derby 10.3.1.4 to 10.14.1.0, a specially-crafted network packet can be used to request the Derby Network Server to boot a database whose location and contents are under the user's control. If the Derby Network Server is not running with a Java Security Manager policy file, the attack is successful. If the server is using a policy file, the policy file must permit the database location to be read for the attack to work. The default Derby Network Server policy file distributed with the affected releases includes a permissive policy as the default Network Server policy, which allows the attack to work.
CVSS 5.3
CVE-2018-1324 NOMISEC MEDIUM STUB
Apache Commons Compress 1.11-1.15 - Denial of Service via ZIP Extra Field Parser
A specially crafted ZIP archive can be used to cause an infinite loop inside of Apache Commons Compress' extra field parser used by the ZipFile and ZipArchiveInputStream classes in versions 1.11 to 1.15. This can be used to mount a denial of service attack against services that use Compress' zip package.
CVSS 5.5
CVE-2018-13864 NOMISEC HIGH STUB
Play Framework 2.6.12-2.6.15 - Path Traversal via Assets Controller
A directory traversal vulnerability has been found in the Assets controller in Play Framework 2.6.12 through 2.6.15 (fixed in 2.6.16) when running on Windows. It allows a remote attacker to download arbitrary files from the target server via specially crafted HTTP requests.
CVSS 7.5
CVE-2018-7489 NOMISEC CRITICAL STUB
jackson-databind < 2.7.9.3, 2.8.0-2.8.11.1, < 2.9.5 - Remote Code Execution via Deserialization Bypass
FasterXML jackson-databind before 2.7.9.3, 2.8.x before 2.8.11.1 and 2.9.x before 2.9.5 allows unauthenticated remote code execution because of an incomplete fix for the CVE-2017-7525 deserialization flaw. This is exploitable by sending maliciously crafted JSON input to the readValue method of the ObjectMapper, bypassing a blacklist that is ineffective if the c3p0 libraries are available in the classpath.
CVSS 9.8
CVE-2018-8038 NOMISEC HIGH STUB
Apache CXF Fediz <1.4.4 - Info Disclosure
Versions of Apache CXF Fediz prior to 1.4.4 do not fully disable Document Type Declarations (DTDs) when either parsing the Identity Provider response in the application plugins, or in the Identity Provider itself when parsing certain XML-based parameters.
CVSS 7.5
CVE-2018-10936 NOMISEC HIGH STUB
postgresql-jdbc <42.2.5 - SSL Man-In-The-Middle
A weakness was found in postgresql-jdbc before version 42.2.5. It was possible to provide an SSL Factory and not check the host name if a host name verifier was not provided to the driver. This could lead to a condition where a man-in-the-middle attacker could masquerade as a trusted server by providing a certificate for the wrong host, as long as it was signed by a trusted CA.
CVSS 8.1
CVE-2018-12418 NOMISEC MEDIUM STUB
junrar < 1.0.1 - Denial of Service via Corrupt RAR File Handling
Archive.java in Junrar before 1.0.1, as used in Apache Tika and other products, is affected by a denial of service vulnerability due to an infinite loop when handling corrupt RAR files.
CVSS 5.5
CVE-2017-17485 NOMISEC CRITICAL STUB
jackson-databind < 2.6.7.3, 2.9.0-2.9.3 - Unauthenticated Remote Code Execution via Malicious JSON Input
FasterXML jackson-databind through 2.8.10 and 2.9.x through 2.9.3 allows unauthenticated remote code execution because of an incomplete fix for the CVE-2017-7525 deserialization flaw. This is exploitable by sending maliciously crafted JSON input to the readValue method of the ObjectMapper, bypassing a blacklist that is ineffective if the Spring libraries are available in the classpath.
CVSS 9.8
CVE-2017-2666 NOMISEC MEDIUM STUB
Undertow < 1.3.31 - HTTP Request Smuggling via Invalid Request Line Characters
It was discovered in Undertow that the code that parsed the HTTP request line permitted invalid characters. This could be exploited, in conjunction with a proxy that also permitted the invalid characters but with a different interpretation, to inject data into the HTTP response. By manipulating the HTTP response the attacker could poison a web-cache, perform an XSS attack, or obtain sensitive information from requests other than their own.
CVSS 6.5
CVE-2016-0793 NOMISEC HIGH STUB
WildFly <10.0.0.Final - Info Disclosure
Incomplete blacklist vulnerability in the servlet filter restriction mechanism in WildFly (formerly JBoss Application Server) before 10.0.0.Final on Windows allows remote attackers to read the sensitive files in the (1) WEB-INF or (2) META-INF directory via a request that contains (a) lowercase or (b) "meaningless" characters.
CVSS 7.5
CVE-2016-4438 NOMISEC CRITICAL STUB
Apache Struts 2.3.19-2.3.28.1 - Remote Code Execution via REST Plugin
The REST plugin in Apache Struts 2 2.3.19 through 2.3.28.1 allows remote attackers to execute arbitrary code via a crafted expression.
CVSS 9.8
CVE-2016-6798 NOMISEC CRITICAL STUB
Apache Sling XSS Protection API < 1.0.12 - XML External Entity Injection via Insecure SAX Parser
In the XSS Protection API module before 1.0.12 in Apache Sling, the method XSS.getValidXML() uses an insecure SAX parser to validate the input string, which allows for XXE attacks in all scripts which use this method to validate user input, potentially allowing an attacker to read sensitive data on the filesystem, perform same-site-request-forgery (SSRF), port-scanning behind the firewall or DoS the application.
CVSS 9.8
CVE-2017-12624 NOMISEC MEDIUM STUB
Apache CXF 3.0.0-3.0.15, 3.1.0-3.1.13, 3.2.0 - Denial of Service via Large Message Attachment Header
Apache CXF supports sending and receiving attachments via either the JAX-WS or JAX-RS specifications. It is possible to craft a message attachment header that could lead to a Denial of Service (DoS) attack on a CXF web service provider. Both JAX-WS and JAX-RS services are vulnerable to this attack. From Apache CXF 3.2.1 and 3.1.14, message attachment headers that are greater than 300 characters will be rejected by default. This value is configurable via the property "attachment-max-header-size".
CVSS 5.5
CVE-2008-0128 NOMISEC STUB
Apache Tomcat <5.5.21 - Info Disclosure
The SingleSignOn Valve (org.apache.catalina.authenticator.SingleSignOn) in Apache Tomcat before 5.5.21 does not set the secure flag for the JSESSIONIDSSO cookie in an https session, which can cause the cookie to be sent in http requests and make it easier for remote attackers to capture this cookie.
CVE-2012-5575 NOMISEC STUB
Apache CXF Cryptographic Downgrade via WS-SecurityPolicy AlgorithmSuite Bypass
Apache CXF 2.5.x before 2.5.10, 2.6.x before CXF 2.6.7, and 2.7.x before CXF 2.7.4 does not verify that a specified cryptographic algorithm is allowed by the WS-SecurityPolicy AlgorithmSuite definition before decrypting, which allows remote attackers to force CXF to use weaker cryptographic algorithms than intended and makes it easier to decrypt communications, aka "XML Encryption backwards compatibility attack."
CVE-2013-4002 NOMISEC STUB
IBM Java - Denial of Service via XML Attribute Names
XMLscanner.java in Apache Xerces2 Java Parser before 2.12.0, as used in the Java Runtime Environment (JRE) in IBM Java 5.0 before 5.0 SR16-FP3, 6 before 6 SR14, 6.0.1 before 6.0.1 SR6, and 7 before 7 SR5 as well as Oracle Java SE 7u40 and earlier, Java SE 6u60 and earlier, Java SE 5.0u51 and earlier, JRockit R28.2.8 and earlier, JRockit R27.7.6 and earlier, Java SE Embedded 7u40 and earlier, and possibly other products allows remote attackers to cause a denial of service via vectors related to XML attribute names.