Action not permitted
Modal body text goes here.
Modal Title
Modal Body
WID-SEC-W-2023-2368
Vulnerability from csaf_certbund
Published
2023-09-14 22:00
Modified
2024-01-07 23:00
Summary
IBM Operational Decision Manager: Mehrere Schwachstellen
Notes
Das BSI ist als Anbieter für die eigenen, zur Nutzung bereitgestellten Inhalte nach den allgemeinen Gesetzen verantwortlich. Nutzerinnen und Nutzer sind jedoch dafür verantwortlich, die Verwendung und/oder die Umsetzung der mit den Inhalten bereitgestellten Informationen sorgfältig im Einzelfall zu prüfen.
Produktbeschreibung
IBM Operational Decision Manager ist Software für die Integration von Geschäftsereignissen und Geschäftsregeln, um Entscheidungen über verschiedene Prozesse und Anwendungen hinweg zu automatisieren.
Angriff
Ein entfernter authentifizierter Angreifer kann mehrere Schwachstellen in IBM Operational Decision Manager ausnutzen, um Sicherheitsmaßnahmen zu umgehen, beliebigen Code auszuführen, einen Denial-of-Service-Zustand zu verursachen oder vertrauliche Informationen offenzulegen.
Betroffene Betriebssysteme
- Linux
{ "document": { "aggregate_severity": { "text": "hoch" }, "category": "csaf_base", "csaf_version": "2.0", "distribution": { "tlp": { "label": "WHITE", "url": "https://www.first.org/tlp/" } }, "lang": "de-DE", "notes": [ { "category": "legal_disclaimer", "text": "Das BSI ist als Anbieter f\u00fcr die eigenen, zur Nutzung bereitgestellten Inhalte nach den allgemeinen Gesetzen verantwortlich. Nutzerinnen und Nutzer sind jedoch daf\u00fcr verantwortlich, die Verwendung und/oder die Umsetzung der mit den Inhalten bereitgestellten Informationen sorgf\u00e4ltig im Einzelfall zu pr\u00fcfen." }, { "category": "description", "text": "IBM Operational Decision Manager ist Software f\u00fcr die Integration von Gesch\u00e4ftsereignissen und Gesch\u00e4ftsregeln, um Entscheidungen \u00fcber verschiedene Prozesse und Anwendungen hinweg zu automatisieren.", "title": "Produktbeschreibung" }, { "category": "summary", "text": "Ein entfernter authentifizierter Angreifer kann mehrere Schwachstellen in IBM Operational Decision Manager ausnutzen, um Sicherheitsma\u00dfnahmen zu umgehen, beliebigen Code auszuf\u00fchren, einen Denial-of-Service-Zustand zu verursachen oder vertrauliche Informationen offenzulegen.", "title": "Angriff" }, { "category": "general", "text": "- Linux", "title": "Betroffene Betriebssysteme" } ], "publisher": { "category": "other", "contact_details": "csaf-provider@cert-bund.de", "name": "Bundesamt f\u00fcr Sicherheit in der Informationstechnik", "namespace": "https://www.bsi.bund.de" }, "references": [ { "category": "self", "summary": "WID-SEC-W-2023-2368 - CSAF Version", "url": "https://wid.cert-bund.de/.well-known/csaf/white/2023/wid-sec-w-2023-2368.json" }, { "category": "self", "summary": "WID-SEC-2023-2368 - Portal Version", "url": "https://wid.cert-bund.de/portal/wid/securityadvisory?name=WID-SEC-2023-2368" }, { "category": "external", "summary": "IBM Security Bulletin - 7032928 vom 2023-09-14", "url": "https://www.ibm.com/support/pages/node/7032928" }, { "category": "external", "summary": "Red Hat Security Advisory RHSA-2023:6138 vom 2023-10-26", "url": "https://access.redhat.com/errata/RHSA-2023:6138" }, { "category": "external", "summary": "IBM Security Bulletin 7105614 vom 2024-01-08", "url": "https://www.ibm.com/support/pages/node/7105614" } ], "source_lang": "en-US", "title": "IBM Operational Decision Manager: Mehrere Schwachstellen", "tracking": { "current_release_date": "2024-01-07T23:00:00.000+00:00", "generator": { "date": "2024-02-15T17:44:18.727+00:00", "engine": { "name": "BSI-WID", "version": "1.3.0" } }, "id": "WID-SEC-W-2023-2368", "initial_release_date": "2023-09-14T22:00:00.000+00:00", "revision_history": [ { "date": "2023-09-14T22:00:00.000+00:00", "number": "1", "summary": "Initiale Fassung" }, { "date": "2023-10-26T22:00:00.000+00:00", "number": "2", "summary": "Neue Updates von Red Hat aufgenommen" }, { "date": "2024-01-07T23:00:00.000+00:00", "number": "3", "summary": "Neue Updates von IBM aufgenommen" } ], "status": "final", "version": "3" } }, "product_tree": { "branches": [ { "branches": [ { "branches": [ { "category": "product_name", "name": "IBM Operational Decision Manager \u003c 8.10.5.1", "product": { "name": "IBM Operational Decision Manager \u003c 8.10.5.1", "product_id": "T029909", "product_identification_helper": { "cpe": "cpe:/a:ibm:operational_decision_manager:8.10.5.1" } } }, { "category": "product_name", "name": "IBM Operational Decision Manager \u003c 8.11.0.1", "product": { "name": "IBM Operational Decision Manager \u003c 8.11.0.1", "product_id": "T029910", "product_identification_helper": { "cpe": "cpe:/a:ibm:operational_decision_manager:8.11.0.1" } } }, { "category": "product_name", "name": "IBM Operational Decision Manager \u003c 8.11.1", "product": { "name": "IBM Operational Decision Manager \u003c 8.11.1", "product_id": "T029911", "product_identification_helper": { "cpe": "cpe:/a:ibm:operational_decision_manager:8.11.1" } } }, { "category": "product_name", "name": "IBM Operational Decision Manager \u003c 8.12.0", "product": { "name": "IBM Operational Decision Manager \u003c 8.12.0", "product_id": "T029912", "product_identification_helper": { "cpe": "cpe:/a:ibm:operational_decision_manager:8.12.0" } } }, { "category": "product_name", "name": "IBM Operational Decision Manager 8.10.5.1 \u003c IF049", "product": { "name": "IBM Operational Decision Manager 8.10.5.1 \u003c IF049", "product_id": "T031894", "product_identification_helper": { "cpe": "cpe:/a:ibm:operational_decision_manager:8.10.5.1__if049" } } } ], "category": "product_name", "name": "Operational Decision Manager" } ], "category": "vendor", "name": "IBM" }, { "branches": [ { "category": "product_name", "name": "Red Hat Enterprise Linux", "product": { "name": "Red Hat Enterprise Linux", "product_id": "67646", "product_identification_helper": { "cpe": "cpe:/o:redhat:enterprise_linux:-" } } } ], "category": "vendor", "name": "Red Hat" } ] }, "vulnerabilities": [ { "cve": "CVE-2022-2047", "notes": [ { "category": "description", "text": "Es besteht eine Schwachstelle in IBM Operational Decision Manager. Dieser Fehler besteht in der HttpURI-Klasse der Eclipse Jetty-Komponente. Durch das Senden einer speziell gestalteten Anfrage kann ein Angreifer diese Schwachstelle ausnutzen, um die Sicherheitsma\u00dfnahmen zu umgehen." } ], "product_status": { "known_affected": [ "T031894", "67646" ] }, "release_date": "2023-09-14T22:00:00Z", "title": "CVE-2022-2047" }, { "cve": "CVE-2014-0107", "notes": [ { "category": "description", "text": "Es besteht eine Schwachstelle in IBM Operational Decision Manager. Dieser Fehler besteht in der Apache Xalan-Java-Komponente aufgrund einer unsachgem\u00e4\u00dfen Behandlung von Ausgabeeigenschaften. Ein entfernter Angreifer kann diese Schwachstelle zur Umgehung von Sicherheitsma\u00dfnahmen ausnutzen." } ], "product_status": { "known_affected": [ "T031894", "67646" ] }, "release_date": "2023-09-14T22:00:00Z", "title": "CVE-2014-0107" }, { "cve": "CVE-2022-25881", "notes": [ { "category": "description", "text": "Es besteht eine Schwachstelle in IBM Operational Decision Manager. Dieser Fehler besteht im Node.js http-cache-semantics-Modul aufgrund eines Denial of Service (ReDoS) durch regul\u00e4re Ausdr\u00fccke. Durch das Senden einer speziell gestalteten Regex-Eingabe unter Verwendung von Request-Header-Werten kann ein entfernter Angreifer diese Schwachstelle ausnutzen, um einen Denial-of-Service-Zustand zu verursachen." } ], "product_status": { "known_affected": [ "T031894", "67646" ] }, "release_date": "2023-09-14T22:00:00Z", "title": "CVE-2022-25881" }, { "cve": "CVE-2022-34169", "notes": [ { "category": "description", "text": "Es besteht eine Schwachstelle in IBM Operational Decision Manager. Dieser Fehler besteht in der Apache Xalan Java XSLT Bibliothekskomponente aufgrund eines Integer Truncation Problems bei der Verarbeitung von b\u00f6sartigen XSLT Stylesheets. Ein entfernter Angreifer kann diese Schwachstelle zur Ausf\u00fchrung von beliebigem Code ausnutzen" } ], "product_status": { "known_affected": [ "T031894", "67646" ] }, "release_date": "2023-09-14T22:00:00Z", "title": "CVE-2022-34169" }, { "cve": "CVE-2022-41946", "notes": [ { "category": "description", "text": "Es besteht eine Schwachstelle in IBM Operational Decision Manager. Dieser Fehler besteht in der Postgresql JDBC-Komponente aufgrund eines nicht eingeschr\u00e4nkten Zugriffs zum Erstellen lesbarer Dateien im TemporaryFolder. Durch das Senden einer speziell gestalteten Anfrage kann ein Angreifer diese Schwachstelle ausnutzen, um vertrauliche Informationen offenzulegen." } ], "product_status": { "known_affected": [ "T031894", "67646" ] }, "release_date": "2023-09-14T22:00:00Z", "title": "CVE-2022-41946" }, { "cve": "CVE-2023-34034", "notes": [ { "category": "description", "text": "Es besteht eine Schwachstelle in IBM Operational Decision Manager. Dieser Fehler besteht in der Komponente VMware Tanzu Spring Security aufgrund einer unsachgem\u00e4\u00dfen Validierung von Benutzereingaben. Mit einer speziell gestalteten Konfiguration kann ein Angreifer diese Schwachstelle ausnutzen, um Sicherheitsma\u00dfnahmen zu umgehen." } ], "product_status": { "known_affected": [ "T031894", "67646" ] }, "release_date": "2023-09-14T22:00:00Z", "title": "CVE-2023-34034" }, { "cve": "CVE-2023-37460", "notes": [ { "category": "description", "text": "Es besteht eine Schwachstelle in IBM Operational Decision Manager. Dieser Fehler besteht in der Komponente Plexus Archiver aufgrund der Verfolgung eines symbolischen Links in der Funktion resolveFile(). Durch Extrahieren einer speziell gestalteten Archivdatei, die einen symbolischen Link enth\u00e4lt, mit AbstractUnArchiver kann ein Angreifer diese Schwachstelle ausnutzen, um beliebigen Code auszuf\u00fchren." } ], "product_status": { "known_affected": [ "T031894", "67646" ] }, "release_date": "2023-09-14T22:00:00Z", "title": "CVE-2023-37460" } ] }
cve-2014-0107
Vulnerability from cvelistv5
Published
2014-04-15 17:00
Modified
2024-08-06 09:05
Severity ?
EPSS score ?
Summary
The TransformerFactory in Apache Xalan-Java before 2.7.2 does not properly restrict access to certain properties when FEATURE_SECURE_PROCESSING is enabled, which allows remote attackers to bypass expected restrictions and load arbitrary classes or access external resources via a crafted (1) xalan:content-header, (2) xalan:entities, (3) xslt:content-header, or (4) xslt:entities property, or a Java property that is bound to the XSLT 1.0 system-property function.
References
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-06T09:05:38.816Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "name": "GLSA-201604-02", "tags": [ "vendor-advisory", "x_refsource_GENTOO", "x_transferred" ], "url": "https://security.gentoo.org/glsa/201604-02" }, { "name": "59291", "tags": [ "third-party-advisory", "x_refsource_SECUNIA", "x_transferred" ], "url": "http://secunia.com/advisories/59291" }, { "name": "59290", "tags": [ "third-party-advisory", "x_refsource_SECUNIA", "x_transferred" ], "url": "http://secunia.com/advisories/59290" }, { "name": "RHSA-2015:1888", "tags": [ "vendor-advisory", "x_refsource_REDHAT", "x_transferred" ], "url": "http://rhn.redhat.com/errata/RHSA-2015-1888.html" }, { "name": "59151", "tags": [ "third-party-advisory", "x_refsource_SECUNIA", "x_transferred" ], "url": "http://secunia.com/advisories/59151" }, { "name": "59247", "tags": [ "third-party-advisory", "x_refsource_SECUNIA", "x_transferred" ], "url": "http://secunia.com/advisories/59247" }, { "name": "59515", "tags": [ "third-party-advisory", "x_refsource_SECUNIA", "x_transferred" ], "url": "http://secunia.com/advisories/59515" }, { "name": "DSA-2886", "tags": [ "vendor-advisory", "x_refsource_DEBIAN", "x_transferred" ], "url": "http://www.debian.org/security/2014/dsa-2886" }, { "name": "60502", "tags": [ "third-party-advisory", "x_refsource_SECUNIA", "x_transferred" ], "url": "http://secunia.com/advisories/60502" }, { "name": "59369", "tags": [ "third-party-advisory", "x_refsource_SECUNIA", "x_transferred" ], "url": "http://secunia.com/advisories/59369" }, { "name": "59711", "tags": [ "third-party-advisory", "x_refsource_SECUNIA", "x_transferred" ], "url": "http://secunia.com/advisories/59711" }, { "name": "57563", "tags": [ "third-party-advisory", "x_refsource_SECUNIA", "x_transferred" ], "url": "http://secunia.com/advisories/57563" }, { "name": "66397", "tags": [ "vdb-entry", "x_refsource_BID", "x_transferred" ], "url": "http://www.securityfocus.com/bid/66397" }, { "name": "1034711", "tags": [ "vdb-entry", "x_refsource_SECTRACK", "x_transferred" ], "url": "http://www.securitytracker.com/id/1034711" }, { "name": "1034716", "tags": [ "vdb-entry", "x_refsource_SECTRACK", "x_transferred" ], "url": "http://www.securitytracker.com/id/1034716" }, { "name": "RHSA-2014:1351", "tags": [ "vendor-advisory", "x_refsource_REDHAT", "x_transferred" ], "url": "http://rhn.redhat.com/errata/RHSA-2014-1351.html" }, { "name": "RHSA-2014:0348", "tags": [ "vendor-advisory", "x_refsource_REDHAT", "x_transferred" ], "url": "http://rhn.redhat.com/errata/RHSA-2014-0348.html" }, { "name": "59036", "tags": [ "third-party-advisory", "x_refsource_SECUNIA", "x_transferred" ], "url": "http://secunia.com/advisories/59036" }, { "name": "apache-xalanjava-cve20140107-sec-bypass(92023)", "tags": [ "vdb-entry", "x_refsource_XF", "x_transferred" ], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/92023" }, { "name": "[drill-dev] 20191017 Dependencies used by Drill contain known vulnerabilities", "tags": [ "mailing-list", "x_refsource_MLIST", "x_transferred" ], "url": "https://lists.apache.org/thread.html/b0656d359c7d40ec9f39c8cc61bca66802ef9a2a12ee199f5b0c1442%40%3Cdev.drill.apache.org%3E" }, { "name": "[drill-dev] 20191021 [jira] [Created] (DRILL-7416) Updates required to dependencies to resolve potential security vulnerabilities", "tags": [ "mailing-list", "x_refsource_MLIST", "x_transferred" ], "url": "https://lists.apache.org/thread.html/519eb0fd45642dcecd9ff74cb3e71c20a4753f7d82e2f07864b5108f%40%3Cdev.drill.apache.org%3E" }, { "tags": [ "x_refsource_MISC", "x_transferred" ], "url": "https://www.oracle.com/technetwork/security-advisory/cpuapr2019-5072813.html" }, { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "http://www.oracle.com/technetwork/security-advisory/cpuoct2017-3236626.html" }, { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "http://www.oracle.com/technetwork/topics/security/cpujan2016-2367955.html" }, { "tags": [ "x_refsource_MISC", "x_transferred" ], "url": "https://www.oracle.com//security-alerts/cpujul2021.html" }, { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "https://issues.apache.org/jira/browse/XALANJ-2435" }, { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05324755" }, { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21676093" }, { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "http://www.ibm.com/support/docview.wss?uid=swg21677967" }, { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "https://www.tenable.com/security/tns-2018-15" }, { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21677145" }, { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21681933" }, { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21674334" }, { "tags": [ "x_refsource_MISC", "x_transferred" ], "url": "http://www.ocert.org/advisories/ocert-2014-002.html" }, { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "http://svn.apache.org/viewvc?view=revision\u0026revision=1581058" }, { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21680703" }, { "name": "[tomcat-dev] 20210823 [Bug 65516] New: upgrade to xalan 2.7.2 to address CVE-2014-0107", "tags": [ "mailing-list", "x_refsource_MLIST", "x_transferred" ], "url": "https://lists.apache.org/thread.html/r0c00afcab8f238562e27b3ae7b8af1913c62bc60838fb8b34c19e26b%40%3Cdev.tomcat.apache.org%3E" }, { "name": "[tomcat-dev] 20210823 [Bug 65516] upgrade to xalan 2.7.2 to address CVE-2014-0107", "tags": [ "mailing-list", "x_refsource_MLIST", "x_transferred" ], "url": "https://lists.apache.org/thread.html/r2900489bc665a2e32d021bb21f6ce2cb8e6bb5973490eebb9a346bca%40%3Cdev.tomcat.apache.org%3E" }, { "tags": [ "x_refsource_MISC", "x_transferred" ], "url": "https://www.oracle.com/security-alerts/cpuoct2021.html" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "n/a", "vendor": "n/a", "versions": [ { "status": "affected", "version": "n/a" } ] } ], "datePublic": "2014-03-24T00:00:00", "descriptions": [ { "lang": "en", "value": "The TransformerFactory in Apache Xalan-Java before 2.7.2 does not properly restrict access to certain properties when FEATURE_SECURE_PROCESSING is enabled, which allows remote attackers to bypass expected restrictions and load arbitrary classes or access external resources via a crafted (1) xalan:content-header, (2) xalan:entities, (3) xslt:content-header, or (4) xslt:entities property, or a Java property that is bound to the XSLT 1.0 system-property function." } ], "problemTypes": [ { "descriptions": [ { "description": "n/a", "lang": "en", "type": "text" } ] } ], "providerMetadata": { "dateUpdated": "2021-10-20T10:37:44", "orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749", "shortName": "redhat" }, "references": [ { "name": "GLSA-201604-02", "tags": [ "vendor-advisory", "x_refsource_GENTOO" ], "url": "https://security.gentoo.org/glsa/201604-02" }, { "name": "59291", "tags": [ "third-party-advisory", "x_refsource_SECUNIA" ], "url": "http://secunia.com/advisories/59291" }, { "name": "59290", "tags": [ "third-party-advisory", "x_refsource_SECUNIA" ], "url": "http://secunia.com/advisories/59290" }, { "name": "RHSA-2015:1888", "tags": [ "vendor-advisory", "x_refsource_REDHAT" ], "url": "http://rhn.redhat.com/errata/RHSA-2015-1888.html" }, { "name": "59151", "tags": [ "third-party-advisory", "x_refsource_SECUNIA" ], "url": "http://secunia.com/advisories/59151" }, { "name": "59247", "tags": [ "third-party-advisory", "x_refsource_SECUNIA" ], "url": "http://secunia.com/advisories/59247" }, { "name": "59515", "tags": [ "third-party-advisory", "x_refsource_SECUNIA" ], "url": "http://secunia.com/advisories/59515" }, { "name": "DSA-2886", "tags": [ "vendor-advisory", "x_refsource_DEBIAN" ], "url": "http://www.debian.org/security/2014/dsa-2886" }, { "name": "60502", "tags": [ "third-party-advisory", "x_refsource_SECUNIA" ], "url": "http://secunia.com/advisories/60502" }, { "name": "59369", "tags": [ "third-party-advisory", "x_refsource_SECUNIA" ], "url": "http://secunia.com/advisories/59369" }, { "name": "59711", "tags": [ "third-party-advisory", "x_refsource_SECUNIA" ], "url": "http://secunia.com/advisories/59711" }, { "name": "57563", "tags": [ "third-party-advisory", "x_refsource_SECUNIA" ], "url": "http://secunia.com/advisories/57563" }, { "name": "66397", "tags": [ "vdb-entry", "x_refsource_BID" ], "url": "http://www.securityfocus.com/bid/66397" }, { "name": "1034711", "tags": [ "vdb-entry", "x_refsource_SECTRACK" ], "url": "http://www.securitytracker.com/id/1034711" }, { "name": "1034716", "tags": [ "vdb-entry", "x_refsource_SECTRACK" ], "url": "http://www.securitytracker.com/id/1034716" }, { "name": "RHSA-2014:1351", "tags": [ "vendor-advisory", "x_refsource_REDHAT" ], "url": "http://rhn.redhat.com/errata/RHSA-2014-1351.html" }, { "name": "RHSA-2014:0348", "tags": [ "vendor-advisory", "x_refsource_REDHAT" ], "url": "http://rhn.redhat.com/errata/RHSA-2014-0348.html" }, { "name": "59036", "tags": [ "third-party-advisory", "x_refsource_SECUNIA" ], "url": "http://secunia.com/advisories/59036" }, { "name": "apache-xalanjava-cve20140107-sec-bypass(92023)", "tags": [ "vdb-entry", "x_refsource_XF" ], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/92023" }, { "name": "[drill-dev] 20191017 Dependencies used by Drill contain known vulnerabilities", "tags": [ "mailing-list", "x_refsource_MLIST" ], "url": "https://lists.apache.org/thread.html/b0656d359c7d40ec9f39c8cc61bca66802ef9a2a12ee199f5b0c1442%40%3Cdev.drill.apache.org%3E" }, { "name": "[drill-dev] 20191021 [jira] [Created] (DRILL-7416) Updates required to dependencies to resolve potential security vulnerabilities", "tags": [ "mailing-list", "x_refsource_MLIST" ], "url": "https://lists.apache.org/thread.html/519eb0fd45642dcecd9ff74cb3e71c20a4753f7d82e2f07864b5108f%40%3Cdev.drill.apache.org%3E" }, { "tags": [ "x_refsource_MISC" ], "url": "https://www.oracle.com/technetwork/security-advisory/cpuapr2019-5072813.html" }, { "tags": [ "x_refsource_CONFIRM" ], "url": "http://www.oracle.com/technetwork/security-advisory/cpuoct2017-3236626.html" }, { "tags": [ "x_refsource_CONFIRM" ], "url": "http://www.oracle.com/technetwork/topics/security/cpujan2016-2367955.html" }, { "tags": [ "x_refsource_MISC" ], "url": "https://www.oracle.com//security-alerts/cpujul2021.html" }, { "tags": [ "x_refsource_CONFIRM" ], "url": "https://issues.apache.org/jira/browse/XALANJ-2435" }, { "tags": [ "x_refsource_CONFIRM" ], "url": "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05324755" }, { "tags": [ "x_refsource_CONFIRM" ], "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21676093" }, { "tags": [ "x_refsource_CONFIRM" ], "url": "http://www.ibm.com/support/docview.wss?uid=swg21677967" }, { "tags": [ "x_refsource_CONFIRM" ], "url": "https://www.tenable.com/security/tns-2018-15" }, { "tags": [ "x_refsource_CONFIRM" ], "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21677145" }, { "tags": [ "x_refsource_CONFIRM" ], "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21681933" }, { "tags": [ "x_refsource_CONFIRM" ], "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21674334" }, { "tags": [ "x_refsource_MISC" ], "url": "http://www.ocert.org/advisories/ocert-2014-002.html" }, { "tags": [ "x_refsource_CONFIRM" ], "url": "http://svn.apache.org/viewvc?view=revision\u0026revision=1581058" }, { "tags": [ "x_refsource_CONFIRM" ], "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21680703" }, { "name": "[tomcat-dev] 20210823 [Bug 65516] New: upgrade to xalan 2.7.2 to address CVE-2014-0107", "tags": [ "mailing-list", "x_refsource_MLIST" ], "url": "https://lists.apache.org/thread.html/r0c00afcab8f238562e27b3ae7b8af1913c62bc60838fb8b34c19e26b%40%3Cdev.tomcat.apache.org%3E" }, { "name": "[tomcat-dev] 20210823 [Bug 65516] upgrade to xalan 2.7.2 to address CVE-2014-0107", "tags": [ "mailing-list", "x_refsource_MLIST" ], "url": "https://lists.apache.org/thread.html/r2900489bc665a2e32d021bb21f6ce2cb8e6bb5973490eebb9a346bca%40%3Cdev.tomcat.apache.org%3E" }, { "tags": [ "x_refsource_MISC" ], "url": "https://www.oracle.com/security-alerts/cpuoct2021.html" } ], "x_legacyV4Record": { "CVE_data_meta": { "ASSIGNER": "secalert@redhat.com", "ID": "CVE-2014-0107", "STATE": "PUBLIC" }, "affects": { "vendor": { "vendor_data": [ { "product": { "product_data": [ { "product_name": "n/a", "version": { "version_data": [ { "version_value": "n/a" } ] } } ] }, "vendor_name": "n/a" } ] } }, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", "value": "The TransformerFactory in Apache Xalan-Java before 2.7.2 does not properly restrict access to certain properties when FEATURE_SECURE_PROCESSING is enabled, which allows remote attackers to bypass expected restrictions and load arbitrary classes or access external resources via a crafted (1) xalan:content-header, (2) xalan:entities, (3) xslt:content-header, or (4) xslt:entities property, or a Java property that is bound to the XSLT 1.0 system-property function." } ] }, "problemtype": { "problemtype_data": [ { "description": [ { "lang": "eng", "value": "n/a" } ] } ] }, "references": { "reference_data": [ { "name": "GLSA-201604-02", "refsource": "GENTOO", "url": "https://security.gentoo.org/glsa/201604-02" }, { "name": "59291", "refsource": "SECUNIA", "url": "http://secunia.com/advisories/59291" }, { "name": "59290", "refsource": "SECUNIA", "url": "http://secunia.com/advisories/59290" }, { "name": "RHSA-2015:1888", "refsource": "REDHAT", "url": "http://rhn.redhat.com/errata/RHSA-2015-1888.html" }, { "name": "59151", "refsource": "SECUNIA", "url": "http://secunia.com/advisories/59151" }, { "name": "59247", "refsource": "SECUNIA", "url": "http://secunia.com/advisories/59247" }, { "name": "59515", "refsource": "SECUNIA", "url": "http://secunia.com/advisories/59515" }, { "name": "DSA-2886", "refsource": "DEBIAN", "url": "http://www.debian.org/security/2014/dsa-2886" }, { "name": "60502", "refsource": "SECUNIA", "url": "http://secunia.com/advisories/60502" }, { "name": "59369", "refsource": "SECUNIA", "url": "http://secunia.com/advisories/59369" }, { "name": "59711", "refsource": "SECUNIA", "url": "http://secunia.com/advisories/59711" }, { "name": "57563", "refsource": "SECUNIA", "url": "http://secunia.com/advisories/57563" }, { "name": "66397", "refsource": "BID", "url": "http://www.securityfocus.com/bid/66397" }, { "name": "1034711", "refsource": "SECTRACK", "url": "http://www.securitytracker.com/id/1034711" }, { "name": "1034716", "refsource": "SECTRACK", "url": "http://www.securitytracker.com/id/1034716" }, { "name": "RHSA-2014:1351", "refsource": "REDHAT", "url": "http://rhn.redhat.com/errata/RHSA-2014-1351.html" }, { "name": "RHSA-2014:0348", "refsource": "REDHAT", "url": "http://rhn.redhat.com/errata/RHSA-2014-0348.html" }, { "name": "59036", "refsource": "SECUNIA", "url": "http://secunia.com/advisories/59036" }, { "name": "apache-xalanjava-cve20140107-sec-bypass(92023)", "refsource": "XF", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/92023" }, { "name": "[drill-dev] 20191017 Dependencies used by Drill contain known vulnerabilities", "refsource": "MLIST", "url": "https://lists.apache.org/thread.html/b0656d359c7d40ec9f39c8cc61bca66802ef9a2a12ee199f5b0c1442@%3Cdev.drill.apache.org%3E" }, { "name": "[drill-dev] 20191021 [jira] [Created] (DRILL-7416) Updates required to dependencies to resolve potential security vulnerabilities", "refsource": "MLIST", "url": "https://lists.apache.org/thread.html/519eb0fd45642dcecd9ff74cb3e71c20a4753f7d82e2f07864b5108f@%3Cdev.drill.apache.org%3E" }, { "name": "https://www.oracle.com/technetwork/security-advisory/cpuapr2019-5072813.html", "refsource": "MISC", "url": "https://www.oracle.com/technetwork/security-advisory/cpuapr2019-5072813.html" }, { "name": "http://www.oracle.com/technetwork/security-advisory/cpuoct2017-3236626.html", "refsource": "CONFIRM", "url": "http://www.oracle.com/technetwork/security-advisory/cpuoct2017-3236626.html" }, { "name": "http://www.oracle.com/technetwork/topics/security/cpujan2016-2367955.html", "refsource": "CONFIRM", "url": "http://www.oracle.com/technetwork/topics/security/cpujan2016-2367955.html" }, { "name": "https://www.oracle.com//security-alerts/cpujul2021.html", "refsource": "MISC", "url": "https://www.oracle.com//security-alerts/cpujul2021.html" }, { "name": "https://issues.apache.org/jira/browse/XALANJ-2435", "refsource": "CONFIRM", "url": "https://issues.apache.org/jira/browse/XALANJ-2435" }, { "name": "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05324755", "refsource": "CONFIRM", "url": "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05324755" }, { "name": "http://www-01.ibm.com/support/docview.wss?uid=swg21676093", "refsource": "CONFIRM", "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21676093" }, { "name": "http://www.ibm.com/support/docview.wss?uid=swg21677967", "refsource": "CONFIRM", "url": "http://www.ibm.com/support/docview.wss?uid=swg21677967" }, { "name": "https://www.tenable.com/security/tns-2018-15", "refsource": "CONFIRM", "url": "https://www.tenable.com/security/tns-2018-15" }, { "name": "http://www-01.ibm.com/support/docview.wss?uid=swg21677145", "refsource": "CONFIRM", "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21677145" }, { "name": "http://www-01.ibm.com/support/docview.wss?uid=swg21681933", "refsource": "CONFIRM", "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21681933" }, { "name": "http://www-01.ibm.com/support/docview.wss?uid=swg21674334", "refsource": "CONFIRM", "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21674334" }, { "name": "http://www.ocert.org/advisories/ocert-2014-002.html", "refsource": "MISC", "url": "http://www.ocert.org/advisories/ocert-2014-002.html" }, { "name": "http://svn.apache.org/viewvc?view=revision\u0026revision=1581058", "refsource": "CONFIRM", "url": "http://svn.apache.org/viewvc?view=revision\u0026revision=1581058" }, { "name": "http://www-01.ibm.com/support/docview.wss?uid=swg21680703", "refsource": "CONFIRM", "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21680703" }, { "name": "[tomcat-dev] 20210823 [Bug 65516] New: upgrade to xalan 2.7.2 to address CVE-2014-0107", "refsource": "MLIST", "url": "https://lists.apache.org/thread.html/r0c00afcab8f238562e27b3ae7b8af1913c62bc60838fb8b34c19e26b@%3Cdev.tomcat.apache.org%3E" }, { "name": "[tomcat-dev] 20210823 [Bug 65516] upgrade to xalan 2.7.2 to address CVE-2014-0107", "refsource": "MLIST", "url": "https://lists.apache.org/thread.html/r2900489bc665a2e32d021bb21f6ce2cb8e6bb5973490eebb9a346bca@%3Cdev.tomcat.apache.org%3E" }, { "name": "https://www.oracle.com/security-alerts/cpuoct2021.html", "refsource": "MISC", "url": "https://www.oracle.com/security-alerts/cpuoct2021.html" } ] } } } }, "cveMetadata": { "assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749", "assignerShortName": "redhat", "cveId": "CVE-2014-0107", "datePublished": "2014-04-15T17:00:00", "dateReserved": "2013-12-03T00:00:00", "dateUpdated": "2024-08-06T09:05:38.816Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2022-34169
Vulnerability from cvelistv5
Published
2022-07-19 00:00
Modified
2024-08-03 08:16
Severity ?
EPSS score ?
Summary
The Apache Xalan Java XSLT library is vulnerable to an integer truncation issue when processing malicious XSLT stylesheets. This can be used to corrupt Java class files generated by the internal XSLTC compiler and execute arbitrary Java bytecode. Users are recommended to update to version 2.7.3 or later. Note: Java runtimes (such as OpenJDK) include repackaged copies of Xalan.
References
Impacted products
Vendor | Product | Version | |
---|---|---|---|
▼ | Apache Software Foundation | Apache Xalan-J |
Version: Xalan-J < |
|
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-03T08:16:17.277Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_transferred" ], "url": "https://lists.apache.org/thread/2qvl7r43wb4t8p9dd9om1bnkssk07sn8" }, { "tags": [ "x_transferred" ], "url": "https://lists.apache.org/thread/12pxy4phsry6c34x2ol4fft6xlho4kyw" }, { "name": "[oss-security] 20220719 CVE-2022-34169: Apache Xalan Java XSLT library is vulnerable to an integer truncation issue when processing malicious XSLT stylesheets", "tags": [ "mailing-list", "x_transferred" ], "url": "http://www.openwall.com/lists/oss-security/2022/07/19/5" }, { "tags": [ "x_transferred" ], "url": "https://www.oracle.com/security-alerts/cpujul2022.html" }, { "name": "[oss-security] 20220719 Re: CVE-2022-34169: Apache Xalan Java XSLT library is vulnerable to an integer truncation issue when processing malicious XSLT stylesheets", "tags": [ "mailing-list", "x_transferred" ], "url": "http://www.openwall.com/lists/oss-security/2022/07/19/6" }, { "name": "[oss-security] 20220719 Re: CVE-2022-34169: Apache Xalan Java XSLT library is vulnerable to an integer truncation issue when processing malicious XSLT stylesheets", "tags": [ "mailing-list", "x_transferred" ], "url": "http://www.openwall.com/lists/oss-security/2022/07/20/2" }, { "name": "[oss-security] 20220720 Re: CVE-2022-34169: Apache Xalan Java XSLT library is vulnerable to an integer truncation issue when processing malicious XSLT stylesheets", "tags": [ "mailing-list", "x_transferred" ], "url": "http://www.openwall.com/lists/oss-security/2022/07/20/3" }, { "name": "DSA-5188", "tags": [ "vendor-advisory", "x_transferred" ], "url": "https://www.debian.org/security/2022/dsa-5188" }, { "name": "DSA-5192", "tags": [ "vendor-advisory", "x_transferred" ], "url": "https://www.debian.org/security/2022/dsa-5192" }, { "tags": [ "x_transferred" ], "url": "https://security.netapp.com/advisory/ntap-20220729-0009/" }, { "name": "FEDORA-2022-19b6f21746", "tags": [ "vendor-advisory", "x_transferred" ], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/KO3DXNKZ4EU3UZBT6AAR4XRKCD73KLMO/" }, { "name": "FEDORA-2022-ae563934f7", "tags": [ "vendor-advisory", "x_transferred" ], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/JN3EVGR7FD3ZLV5SBTJXUIDCMSK4QUE2/" }, { "name": "FEDORA-2022-e573851f56", "tags": [ "vendor-advisory", "x_transferred" ], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/YULPNO3PAWMEQQZV2C54I3H3ZOXFZUTB/" }, { "name": "FEDORA-2022-d26586b419", "tags": [ "vendor-advisory", "x_transferred" ], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/I5OZNAZJ4YHLOKRRRZSWRT5OJ25E4XLM/" }, { "name": "FEDORA-2022-80afe2304a", "tags": [ "vendor-advisory", "x_transferred" ], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/L3XPOTPPBZIPFBZHQE5E7OW6PDACUMCJ/" }, { "name": "FEDORA-2022-b76ab52e73", "tags": [ "vendor-advisory", "x_transferred" ], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/H4YNJSJ64NPCNKFPNBYITNZU5H3L4D6L/" }, { "tags": [ "x_transferred" ], "url": "http://packetstormsecurity.com/files/168186/Xalan-J-XSLTC-Integer-Truncation.html" }, { "name": "[oss-security] 20221017 Re: CVE-2022-34169: Apache Xalan Java XSLT library is vulnerable to an integer truncation issue when processing malicious XSLT stylesheets", "tags": [ "mailing-list", "x_transferred" ], "url": "http://www.openwall.com/lists/oss-security/2022/10/18/2" }, { "name": "[debian-lts-announce] 20221018 [SECURITY] [DLA 3155-1] bcel security update", "tags": [ "mailing-list", "x_transferred" ], "url": "https://lists.debian.org/debian-lts-announce/2022/10/msg00024.html" }, { "name": "DSA-5256", "tags": [ "vendor-advisory", "x_transferred" ], "url": "https://www.debian.org/security/2022/dsa-5256" }, { "name": "[oss-security] 20221104 Re: CVE-2022-42920: Apache Commons BCEL prior to 6.6.0 allows producing arbitrary bytecode via out-of-bounds writing", "tags": [ "mailing-list", "x_transferred" ], "url": "http://www.openwall.com/lists/oss-security/2022/11/04/8" }, { "name": "[oss-security] 20221107 Re: CVE-2022-42920: Apache Commons BCEL prior to 6.6.0 allows producing arbitrary bytecode via out-of-bounds writing", "tags": [ "mailing-list", "x_transferred" ], "url": "http://www.openwall.com/lists/oss-security/2022/11/07/2" }, { "tags": [ "x_transferred" ], "url": "https://security.gentoo.org/glsa/202401-25" }, { "tags": [ "x_transferred" ], "url": "https://security.netapp.com/advisory/ntap-20240621-0006/" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "Apache Xalan-J", "vendor": "Apache Software Foundation", "versions": [ { "lessThanOrEqual": "2.7.2", "status": "affected", "version": "Xalan-J", "versionType": "custom" } ] } ], "credits": [ { "lang": "en", "value": "Reported by Felix Wilhelm, Google Project Zero" } ], "descriptions": [ { "lang": "en", "value": "The Apache Xalan Java XSLT library is vulnerable to an integer truncation issue when processing malicious XSLT stylesheets. This can be used to corrupt Java class files generated by the internal XSLTC compiler and execute arbitrary Java bytecode. Users are recommended to update to version 2.7.3 or later. Note: Java runtimes (such as OpenJDK) include repackaged copies of Xalan." } ], "problemTypes": [ { "descriptions": [ { "description": "integer truncation", "lang": "en", "type": "text" } ] } ], "providerMetadata": { "dateUpdated": "2023-05-05T07:29:25.615Z", "orgId": "f0158376-9dc2-43b6-827c-5f631a4d8d09", "shortName": "apache" }, "references": [ { "url": "https://lists.apache.org/thread/2qvl7r43wb4t8p9dd9om1bnkssk07sn8" }, { "url": "https://lists.apache.org/thread/12pxy4phsry6c34x2ol4fft6xlho4kyw" }, { "name": "[oss-security] 20220719 CVE-2022-34169: Apache Xalan Java XSLT library is vulnerable to an integer truncation issue when processing malicious XSLT stylesheets", "tags": [ "mailing-list" ], "url": "http://www.openwall.com/lists/oss-security/2022/07/19/5" }, { "url": "https://www.oracle.com/security-alerts/cpujul2022.html" }, { "name": "[oss-security] 20220719 Re: CVE-2022-34169: Apache Xalan Java XSLT library is vulnerable to an integer truncation issue when processing malicious XSLT stylesheets", "tags": [ "mailing-list" ], "url": "http://www.openwall.com/lists/oss-security/2022/07/19/6" }, { "name": "[oss-security] 20220719 Re: CVE-2022-34169: Apache Xalan Java XSLT library is vulnerable to an integer truncation issue when processing malicious XSLT stylesheets", "tags": [ "mailing-list" ], "url": "http://www.openwall.com/lists/oss-security/2022/07/20/2" }, { "name": "[oss-security] 20220720 Re: CVE-2022-34169: Apache Xalan Java XSLT library is vulnerable to an integer truncation issue when processing malicious XSLT stylesheets", "tags": [ "mailing-list" ], "url": "http://www.openwall.com/lists/oss-security/2022/07/20/3" }, { "name": "DSA-5188", "tags": [ "vendor-advisory" ], "url": "https://www.debian.org/security/2022/dsa-5188" }, { "name": "DSA-5192", "tags": [ "vendor-advisory" ], "url": "https://www.debian.org/security/2022/dsa-5192" }, { "url": "https://security.netapp.com/advisory/ntap-20220729-0009/" }, { "name": "FEDORA-2022-19b6f21746", "tags": [ "vendor-advisory" ], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/KO3DXNKZ4EU3UZBT6AAR4XRKCD73KLMO/" }, { "name": "FEDORA-2022-ae563934f7", "tags": [ "vendor-advisory" ], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/JN3EVGR7FD3ZLV5SBTJXUIDCMSK4QUE2/" }, { "name": "FEDORA-2022-e573851f56", "tags": [ "vendor-advisory" ], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/YULPNO3PAWMEQQZV2C54I3H3ZOXFZUTB/" }, { "name": "FEDORA-2022-d26586b419", "tags": [ "vendor-advisory" ], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/I5OZNAZJ4YHLOKRRRZSWRT5OJ25E4XLM/" }, { "name": "FEDORA-2022-80afe2304a", "tags": [ "vendor-advisory" ], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/L3XPOTPPBZIPFBZHQE5E7OW6PDACUMCJ/" }, { "name": "FEDORA-2022-b76ab52e73", "tags": [ "vendor-advisory" ], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/H4YNJSJ64NPCNKFPNBYITNZU5H3L4D6L/" }, { "url": "http://packetstormsecurity.com/files/168186/Xalan-J-XSLTC-Integer-Truncation.html" }, { "name": "[oss-security] 20221017 Re: CVE-2022-34169: Apache Xalan Java XSLT library is vulnerable to an integer truncation issue when processing malicious XSLT stylesheets", "tags": [ "mailing-list" ], "url": "http://www.openwall.com/lists/oss-security/2022/10/18/2" }, { "name": "[debian-lts-announce] 20221018 [SECURITY] [DLA 3155-1] bcel security update", "tags": [ "mailing-list" ], "url": "https://lists.debian.org/debian-lts-announce/2022/10/msg00024.html" }, { "name": "DSA-5256", "tags": [ "vendor-advisory" ], "url": "https://www.debian.org/security/2022/dsa-5256" }, { "name": "[oss-security] 20221104 Re: CVE-2022-42920: Apache Commons BCEL prior to 6.6.0 allows producing arbitrary bytecode via out-of-bounds writing", "tags": [ "mailing-list" ], "url": "http://www.openwall.com/lists/oss-security/2022/11/04/8" }, { "name": "[oss-security] 20221107 Re: CVE-2022-42920: Apache Commons BCEL prior to 6.6.0 allows producing arbitrary bytecode via out-of-bounds writing", "tags": [ "mailing-list" ], "url": "http://www.openwall.com/lists/oss-security/2022/11/07/2" }, { "url": "https://security.gentoo.org/glsa/202401-25" }, { "url": "https://security.netapp.com/advisory/ntap-20240621-0006/" } ], "source": { "discovery": "UNKNOWN" }, "title": "Apache Xalan Java XSLT library is vulnerable to an integer truncation issue when processing malicious XSLT stylesheets", "x_generator": { "engine": "Vulnogram 0.0.9" } } }, "cveMetadata": { "assignerOrgId": "f0158376-9dc2-43b6-827c-5f631a4d8d09", "assignerShortName": "apache", "cveId": "CVE-2022-34169", "datePublished": "2022-07-19T00:00:00", "dateReserved": "2022-06-21T00:00:00", "dateUpdated": "2024-08-03T08:16:17.277Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2022-25881
Vulnerability from cvelistv5
Published
2023-01-31 05:00
Modified
2024-08-03 04:49
Severity ?
EPSS score ?
Summary
This affects versions of the package http-cache-semantics before 4.1.1. The issue can be exploited via malicious request header values sent to a server, when that server reads the cache policy from the request using this library.
References
Impacted products
Vendor | Product | Version | |||||
---|---|---|---|---|---|---|---|
▼ | n/a | http-cache-semantics |
Version: 0 ≤ |
||||
|
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-03T04:49:44.438Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_transferred" ], "url": "https://security.snyk.io/vuln/SNYK-JS-HTTPCACHESEMANTICS-3248783" }, { "tags": [ "x_transferred" ], "url": "https://security.snyk.io/vuln/SNYK-JAVA-ORGWEBJARSNPM-3253332" }, { "tags": [ "x_transferred" ], "url": "https://github.com/kornelski/http-cache-semantics/blob/master/index.js%23L83" }, { "tags": [ "x_transferred" ], "url": "https://security.netapp.com/advisory/ntap-20230622-0008/" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "http-cache-semantics", "vendor": "n/a", "versions": [ { "lessThan": "4.1.1", "status": "affected", "version": "0", "versionType": "semver" } ] }, { "product": "org.webjars.npm:http-cache-semantics", "vendor": "n/a", "versions": [ { "lessThan": "4.1.1", "status": "affected", "version": "0", "versionType": "semver" } ] } ], "credits": [ { "lang": "en", "value": "Carter Snook" } ], "descriptions": [ { "lang": "en", "value": "This affects versions of the package http-cache-semantics before 4.1.1. The issue can be exploited via malicious request header values sent to a server, when that server reads the cache policy from the request using this library.\r\r" } ], "metrics": [ { "cvssV3_1": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "LOW", "baseScore": 5.3, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", "version": "3.1" } } ], "problemTypes": [ { "descriptions": [ { "cweId": "CWE-1333", "description": "Regular Expression Denial of Service (ReDoS)", "lang": "en" } ] } ], "providerMetadata": { "dateUpdated": "2023-01-31T05:00:01.220Z", "orgId": "bae035ff-b466-4ff4-94d0-fc9efd9e1730", "shortName": "snyk" }, "references": [ { "url": "https://security.snyk.io/vuln/SNYK-JS-HTTPCACHESEMANTICS-3248783" }, { "url": "https://security.snyk.io/vuln/SNYK-JAVA-ORGWEBJARSNPM-3253332" }, { "url": "https://github.com/kornelski/http-cache-semantics/blob/master/index.js%23L83" }, { "url": "https://security.netapp.com/advisory/ntap-20230622-0008/" } ] } }, "cveMetadata": { "assignerOrgId": "bae035ff-b466-4ff4-94d0-fc9efd9e1730", "assignerShortName": "snyk", "cveId": "CVE-2022-25881", "datePublished": "2023-01-31T05:00:01.220Z", "dateReserved": "2022-02-24T11:58:26.944Z", "dateUpdated": "2024-08-03T04:49:44.438Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2023-34034
Vulnerability from cvelistv5
Published
2023-07-19 14:16
Modified
2024-10-28 14:40
Severity ?
EPSS score ?
Summary
Using "**" as a pattern in Spring Security configuration
for WebFlux creates a mismatch in pattern matching between Spring
Security and Spring WebFlux, and the potential for a security bypass.
References
Impacted products
Vendor | Product | Version | |
---|---|---|---|
▼ | n/a | Spring Security |
Version: Spring Security 6.1.0 Version: Spring Security 6.0.0 Version: Spring Security 5.8.0 Version: Spring Security 5.7.0 Version: Spring Security 5.6.0 |
|
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-02T15:54:14.118Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_transferred" ], "url": "https://spring.io/security/cve-2023-34034" }, { "tags": [ "x_transferred" ], "url": "https://security.netapp.com/advisory/ntap-20230814-0008/" } ], "title": "CVE Program Container" }, { "metrics": [ { "other": { "content": { "id": "CVE-2023-34034", "options": [ { "Exploitation": "none" }, { "Automatable": "yes" }, { "Technical Impact": "total" } ], "role": "CISA Coordinator", "timestamp": "2024-10-28T14:34:24.503021Z", "version": "2.0.3" }, "type": "ssvc" } } ], "problemTypes": [ { "descriptions": [ { "cweId": "CWE-281", "description": "CWE-281 Improper Preservation of Permissions", "lang": "en", "type": "CWE" } ] } ], "providerMetadata": { "dateUpdated": "2024-10-28T14:40:32.304Z", "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP" }, "title": "CISA ADP Vulnrichment" } ], "cna": { "affected": [ { "defaultStatus": "unaffected", "product": "Spring Security", "vendor": "n/a", "versions": [ { "lessThanOrEqual": "6.1.1", "status": "affected", "version": "Spring Security 6.1.0", "versionType": " " }, { "lessThanOrEqual": "6.0.4", "status": "affected", "version": "Spring Security 6.0.0 ", "versionType": " " }, { "lessThanOrEqual": "5.8.4", "status": "affected", "version": "Spring Security 5.8.0", "versionType": " " }, { "lessThanOrEqual": "5.7.9 ", "status": "affected", "version": "Spring Security 5.7.0 ", "versionType": " " }, { "lessThanOrEqual": "5.6.11", "status": "affected", "version": "Spring Security 5.6.0", "versionType": " " } ] } ], "descriptions": [ { "lang": "en", "supportingMedia": [ { "base64": false, "type": "text/html", "value": "\nUsing \u003ccode\u003e\"**\"\u003c/code\u003e as a pattern in Spring Security configuration \nfor WebFlux creates a mismatch in pattern matching between Spring \nSecurity and Spring WebFlux, and the potential for a security bypass.\n\n" } ], "value": "Using \"**\" as a pattern in Spring Security configuration \nfor WebFlux creates a mismatch in pattern matching between Spring \nSecurity and Spring WebFlux, and the potential for a security bypass.\n\n" } ], "metrics": [ { "cvssV3_1": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 9.1, "baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N", "version": "3.1" }, "format": "CVSS", "scenarios": [ { "lang": "en", "value": "GENERAL" } ] } ], "problemTypes": [ { "descriptions": [ { "description": "potential for a security bypass", "lang": "en" } ] } ], "providerMetadata": { "dateUpdated": "2023-07-19T14:16:12.150Z", "orgId": "dcf2e128-44bd-42ed-91e8-88f912c1401d", "shortName": "vmware" }, "references": [ { "url": "https://spring.io/security/cve-2023-34034" }, { "url": "https://security.netapp.com/advisory/ntap-20230814-0008/" } ], "source": { "discovery": "UNKNOWN" }, "x_generator": { "engine": "Vulnogram 0.1.0-dev" } } }, "cveMetadata": { "assignerOrgId": "dcf2e128-44bd-42ed-91e8-88f912c1401d", "assignerShortName": "vmware", "cveId": "CVE-2023-34034", "datePublished": "2023-07-19T14:16:12.150Z", "dateReserved": "2023-05-25T17:21:56.199Z", "dateUpdated": "2024-10-28T14:40:32.304Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2022-2047
Vulnerability from cvelistv5
Published
2022-07-07 20:45
Modified
2024-08-03 00:24
Severity ?
EPSS score ?
Summary
In Eclipse Jetty versions 9.4.0 thru 9.4.46, and 10.0.0 thru 10.0.9, and 11.0.0 thru 11.0.9 versions, the parsing of the authority segment of an http scheme URI, the Jetty HttpURI class improperly detects an invalid input as a hostname. This can lead to failures in a Proxy scenario.
References
▼ | URL | Tags |
---|---|---|
https://github.com/eclipse/jetty.project/security/advisories/GHSA-cj7v-27pg-wf7q | x_refsource_CONFIRM | |
https://www.debian.org/security/2022/dsa-5198 | vendor-advisory, x_refsource_DEBIAN | |
https://lists.debian.org/debian-lts-announce/2022/08/msg00011.html | mailing-list, x_refsource_MLIST | |
https://security.netapp.com/advisory/ntap-20220901-0006/ | x_refsource_CONFIRM |
Impacted products
Vendor | Product | Version | |
---|---|---|---|
▼ | The Eclipse Foundation | Eclipse Jetty |
Version: 9.4.0 < unspecified Version: unspecified < Version: 10.0.0 < unspecified Version: unspecified < Version: 11.0.0 < unspecified Version: unspecified < |
|
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-03T00:24:44.138Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "https://github.com/eclipse/jetty.project/security/advisories/GHSA-cj7v-27pg-wf7q" }, { "name": "DSA-5198", "tags": [ "vendor-advisory", "x_refsource_DEBIAN", "x_transferred" ], "url": "https://www.debian.org/security/2022/dsa-5198" }, { "name": "[debian-lts-announce] 20220821 [SECURITY] [DLA 3079-1] jetty9 security update", "tags": [ "mailing-list", "x_refsource_MLIST", "x_transferred" ], "url": "https://lists.debian.org/debian-lts-announce/2022/08/msg00011.html" }, { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "https://security.netapp.com/advisory/ntap-20220901-0006/" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "Eclipse Jetty", "vendor": "The Eclipse Foundation", "versions": [ { "lessThan": "unspecified", "status": "affected", "version": "9.4.0", "versionType": "custom" }, { "lessThanOrEqual": "9.4.46", "status": "affected", "version": "unspecified", "versionType": "custom" }, { "lessThan": "unspecified", "status": "affected", "version": "10.0.0", "versionType": "custom" }, { "lessThanOrEqual": "10.0.9", "status": "affected", "version": "unspecified", "versionType": "custom" }, { "lessThan": "unspecified", "status": "affected", "version": "11.0.0", "versionType": "custom" }, { "lessThanOrEqual": "11.0.9", "status": "affected", "version": "unspecified", "versionType": "custom" } ] } ], "descriptions": [ { "lang": "en", "value": "In Eclipse Jetty versions 9.4.0 thru 9.4.46, and 10.0.0 thru 10.0.9, and 11.0.0 thru 11.0.9 versions, the parsing of the authority segment of an http scheme URI, the Jetty HttpURI class improperly detects an invalid input as a hostname. This can lead to failures in a Proxy scenario." } ], "metrics": [ { "cvssV3_1": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 2.7, "baseSeverity": "LOW", "confidentialityImpact": "NONE", "integrityImpact": "LOW", "privilegesRequired": "HIGH", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:L/A:N", "version": "3.1" } } ], "problemTypes": [ { "descriptions": [ { "cweId": "CWE-20", "description": "CWE-20", "lang": "en", "type": "CWE" } ] } ], "providerMetadata": { "dateUpdated": "2022-09-01T13:06:30", "orgId": "e51fbebd-6053-4e49-959f-1b94eeb69a2c", "shortName": "eclipse" }, "references": [ { "tags": [ "x_refsource_CONFIRM" ], "url": "https://github.com/eclipse/jetty.project/security/advisories/GHSA-cj7v-27pg-wf7q" }, { "name": "DSA-5198", "tags": [ "vendor-advisory", "x_refsource_DEBIAN" ], "url": "https://www.debian.org/security/2022/dsa-5198" }, { "name": "[debian-lts-announce] 20220821 [SECURITY] [DLA 3079-1] jetty9 security update", "tags": [ "mailing-list", "x_refsource_MLIST" ], "url": "https://lists.debian.org/debian-lts-announce/2022/08/msg00011.html" }, { "tags": [ "x_refsource_CONFIRM" ], "url": "https://security.netapp.com/advisory/ntap-20220901-0006/" } ], "x_legacyV4Record": { "CVE_data_meta": { "ASSIGNER": "security@eclipse.org", "ID": "CVE-2022-2047", "STATE": "PUBLIC" }, "affects": { "vendor": { "vendor_data": [ { "product": { "product_data": [ { "product_name": "Eclipse Jetty", "version": { "version_data": [ { "version_affected": "\u003e=", "version_value": "9.4.0" }, { "version_affected": "\u003c=", "version_value": "9.4.46" }, { "version_affected": "\u003e=", "version_value": "10.0.0" }, { "version_affected": "\u003c=", "version_value": "10.0.9" }, { "version_affected": "\u003e=", "version_value": "11.0.0" }, { "version_affected": "\u003c=", "version_value": "11.0.9" } ] } } ] }, "vendor_name": "The Eclipse Foundation" } ] } }, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", "value": "In Eclipse Jetty versions 9.4.0 thru 9.4.46, and 10.0.0 thru 10.0.9, and 11.0.0 thru 11.0.9 versions, the parsing of the authority segment of an http scheme URI, the Jetty HttpURI class improperly detects an invalid input as a hostname. This can lead to failures in a Proxy scenario." } ] }, "impact": { "cvss": { "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:L/A:N", "version": "3.1" } }, "problemtype": { "problemtype_data": [ { "description": [ { "lang": "eng", "value": "CWE-20" } ] } ] }, "references": { "reference_data": [ { "name": "https://github.com/eclipse/jetty.project/security/advisories/GHSA-cj7v-27pg-wf7q", "refsource": "CONFIRM", "url": "https://github.com/eclipse/jetty.project/security/advisories/GHSA-cj7v-27pg-wf7q" }, { "name": "DSA-5198", "refsource": "DEBIAN", "url": "https://www.debian.org/security/2022/dsa-5198" }, { "name": "[debian-lts-announce] 20220821 [SECURITY] [DLA 3079-1] jetty9 security update", "refsource": "MLIST", "url": "https://lists.debian.org/debian-lts-announce/2022/08/msg00011.html" }, { "name": "https://security.netapp.com/advisory/ntap-20220901-0006/", "refsource": "CONFIRM", "url": "https://security.netapp.com/advisory/ntap-20220901-0006/" } ] } } } }, "cveMetadata": { "assignerOrgId": "e51fbebd-6053-4e49-959f-1b94eeb69a2c", "assignerShortName": "eclipse", "cveId": "CVE-2022-2047", "datePublished": "2022-07-07T20:45:12", "dateReserved": "2022-06-09T00:00:00", "dateUpdated": "2024-08-03T00:24:44.138Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2022-41946
Vulnerability from cvelistv5
Published
2022-11-23 00:00
Modified
2024-08-03 12:56
Severity ?
EPSS score ?
Summary
pgjdbc is an open source postgresql JDBC Driver. In affected versions a prepared statement using either `PreparedStatement.setText(int, InputStream)` or `PreparedStatemet.setBytea(int, InputStream)` will create a temporary file if the InputStream is larger than 2k. This will create a temporary file which is readable by other users on Unix like systems, but not MacOS. On Unix like systems, the system's temporary directory is shared between all users on that system. Because of this, when files and directories are written into this directory they are, by default, readable by other users on that same system. This vulnerability does not allow other users to overwrite the contents of these directories or files. This is purely an information disclosure vulnerability. Because certain JDK file system APIs were only added in JDK 1.7, this this fix is dependent upon the version of the JDK you are using. Java 1.7 and higher users: this vulnerability is fixed in 4.5.0. Java 1.6 and lower users: no patch is available. If you are unable to patch, or are stuck running on Java 1.6, specifying the java.io.tmpdir system environment variable to a directory that is exclusively owned by the executing user will mitigate this vulnerability.
References
Impacted products
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-03T12:56:38.648Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_transferred" ], "url": "https://github.com/pgjdbc/pgjdbc/security/advisories/GHSA-562r-vg33-8x8h" }, { "tags": [ "x_transferred" ], "url": "https://github.com/pgjdbc/pgjdbc/commit/9008dc9aade6dbfe4efafcd6872ebc55f4699cf5" }, { "name": "[debian-lts-announce] 20221202 [SECURITY] [DLA 3218-1] libpgjava security update", "tags": [ "mailing-list", "x_transferred" ], "url": "https://lists.debian.org/debian-lts-announce/2022/12/msg00003.html" }, { "name": "FEDORA-2023-42d6ba9bd6", "tags": [ "vendor-advisory", "x_transferred" ], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/25TY2L3RMVNOC7VAHJEAO7PTT6M6JJAD/" }, { "tags": [ "x_transferred" ], "url": "https://security.netapp.com/advisory/ntap-20240329-0003/" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "pgjdbc", "vendor": "pgjdbc", "versions": [ { "status": "affected", "version": "\u003e= 42.2.0, \u003c 42.2.27" }, { "status": "affected", "version": "\u003e 42.3.0, \u003c 42.3.8" }, { "status": "affected", "version": "\u003e= 42.4.0, \u003c 42.4.3" }, { "status": "affected", "version": "\u003e= 42.5.0, \u003c 42.5.1" } ] } ], "descriptions": [ { "lang": "en", "value": "pgjdbc is an open source postgresql JDBC Driver. In affected versions a prepared statement using either `PreparedStatement.setText(int, InputStream)` or `PreparedStatemet.setBytea(int, InputStream)` will create a temporary file if the InputStream is larger than 2k. This will create a temporary file which is readable by other users on Unix like systems, but not MacOS. On Unix like systems, the system\u0027s temporary directory is shared between all users on that system. Because of this, when files and directories are written into this directory they are, by default, readable by other users on that same system. This vulnerability does not allow other users to overwrite the contents of these directories or files. This is purely an information disclosure vulnerability. Because certain JDK file system APIs were only added in JDK 1.7, this this fix is dependent upon the version of the JDK you are using. Java 1.7 and higher users: this vulnerability is fixed in 4.5.0. Java 1.6 and lower users: no patch is available. If you are unable to patch, or are stuck running on Java 1.6, specifying the java.io.tmpdir system environment variable to a directory that is exclusively owned by the executing user will mitigate this vulnerability." } ], "metrics": [ { "cvssV3_1": { "attackComplexity": "HIGH", "attackVector": "LOCAL", "availabilityImpact": "NONE", "baseScore": 4.7, "baseSeverity": "MEDIUM", "confidentialityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N", "version": "3.1" } } ], "problemTypes": [ { "descriptions": [ { "cweId": "CWE-200", "description": "CWE-200: Exposure of Sensitive Information to an Unauthorized Actor", "lang": "en", "type": "CWE" } ] }, { "descriptions": [ { "cweId": "CWE-377", "description": "CWE-377: Insecure Temporary File", "lang": "en", "type": "CWE" } ] } ], "providerMetadata": { "dateUpdated": "2024-03-29T13:06:09.090943", "orgId": "a0819718-46f1-4df5-94e2-005712e83aaa", "shortName": "GitHub_M" }, "references": [ { "url": "https://github.com/pgjdbc/pgjdbc/security/advisories/GHSA-562r-vg33-8x8h" }, { "url": "https://github.com/pgjdbc/pgjdbc/commit/9008dc9aade6dbfe4efafcd6872ebc55f4699cf5" }, { "name": "[debian-lts-announce] 20221202 [SECURITY] [DLA 3218-1] libpgjava security update", "tags": [ "mailing-list" ], "url": "https://lists.debian.org/debian-lts-announce/2022/12/msg00003.html" }, { "name": "FEDORA-2023-42d6ba9bd6", "tags": [ "vendor-advisory" ], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/25TY2L3RMVNOC7VAHJEAO7PTT6M6JJAD/" }, { "url": "https://security.netapp.com/advisory/ntap-20240329-0003/" } ], "source": { "advisory": "GHSA-562r-vg33-8x8h", "discovery": "UNKNOWN" }, "title": "TemporaryFolder on unix-like systems does not limit access to created files in pgjdbc" } }, "cveMetadata": { "assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa", "assignerShortName": "GitHub_M", "cveId": "CVE-2022-41946", "datePublished": "2022-11-23T00:00:00", "dateReserved": "2022-09-30T00:00:00", "dateUpdated": "2024-08-03T12:56:38.648Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2023-37460
Vulnerability from cvelistv5
Published
2023-07-25 19:41
Modified
2024-10-03 19:09
Severity ?
EPSS score ?
Summary
Plexis Archiver is a collection of Plexus components to create archives or extract archives to a directory with a unified `Archiver`/`UnArchiver` API. Prior to version 4.8.0, using AbstractUnArchiver for extracting an archive might lead to an arbitrary file creation and possibly remote code execution. When extracting an archive with an entry that already exists in the destination directory as a symbolic link whose target does not exist - the `resolveFile()` function will return the symlink's source instead of its target, which will pass the verification that ensures the file will not be extracted outside of the destination directory. Later `Files.newOutputStream()`, that follows symlinks by default, will actually write the entry's content to the symlink's target. Whoever uses plexus archiver to extract an untrusted archive is vulnerable to an arbitrary file creation and possibly remote code execution. Version 4.8.0 contains a patch for this issue.
References
Impacted products
Vendor | Product | Version | |
---|---|---|---|
▼ | codehaus-plexus | plexus-archiver |
Version: < 4.8.0 |
|
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-02T17:16:29.488Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "name": "https://github.com/codehaus-plexus/plexus-archiver/security/advisories/GHSA-wh3p-fphp-9h2m", "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "https://github.com/codehaus-plexus/plexus-archiver/security/advisories/GHSA-wh3p-fphp-9h2m" }, { "name": "https://github.com/codehaus-plexus/plexus-archiver/commit/54759839fbdf85caf8442076f001d5fd64e0dcb2", "tags": [ "x_refsource_MISC", "x_transferred" ], "url": "https://github.com/codehaus-plexus/plexus-archiver/commit/54759839fbdf85caf8442076f001d5fd64e0dcb2" }, { "name": "https://github.com/codehaus-plexus/plexus-archiver/releases/tag/plexus-archiver-4.8.0", "tags": [ "x_refsource_MISC", "x_transferred" ], "url": "https://github.com/codehaus-plexus/plexus-archiver/releases/tag/plexus-archiver-4.8.0" } ], "title": "CVE Program Container" }, { "affected": [ { "cpes": [ "cpe:2.3:a:codehaus-plexus:plexus-archiver:*:*:*:*:*:*:*:*" ], "defaultStatus": "unknown", "product": "plexus-archiver", "vendor": "codehaus-plexus", "versions": [ { "lessThan": "4.8.0", "status": "affected", "version": "0", "versionType": "custom" } ] } ], "metrics": [ { "other": { "content": { "id": "CVE-2023-37460", "options": [ { "Exploitation": "poc" }, { "Automatable": "no" }, { "Technical Impact": "total" } ], "role": "CISA Coordinator", "timestamp": "2024-10-03T19:09:14.939906Z", "version": "2.0.3" }, "type": "ssvc" } } ], "providerMetadata": { "dateUpdated": "2024-10-03T19:09:55.667Z", "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP" }, "title": "CISA ADP Vulnrichment" } ], "cna": { "affected": [ { "product": "plexus-archiver", "vendor": "codehaus-plexus", "versions": [ { "status": "affected", "version": "\u003c 4.8.0" } ] } ], "descriptions": [ { "lang": "en", "value": "Plexis Archiver is a collection of Plexus components to create archives or extract archives to a directory with a unified `Archiver`/`UnArchiver` API. Prior to version 4.8.0, using AbstractUnArchiver for extracting an archive might lead to an arbitrary file creation and possibly remote code execution. When extracting an archive with an entry that already exists in the destination directory as a symbolic link whose target does not exist - the `resolveFile()` function will return the symlink\u0027s source instead of its target, which will pass the verification that ensures the file will not be extracted outside of the destination directory. Later `Files.newOutputStream()`, that follows symlinks by default, will actually write the entry\u0027s content to the symlink\u0027s target. Whoever uses plexus archiver to extract an untrusted archive is vulnerable to an arbitrary file creation and possibly remote code execution. Version 4.8.0 contains a patch for this issue." } ], "metrics": [ { "cvssV3_1": { "attackComplexity": "HIGH", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 8.1, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1" } } ], "problemTypes": [ { "descriptions": [ { "cweId": "CWE-22", "description": "CWE-22: Improper Limitation of a Pathname to a Restricted Directory (\u0027Path Traversal\u0027)", "lang": "en", "type": "CWE" } ] }, { "descriptions": [ { "cweId": "CWE-61", "description": "CWE-61: UNIX Symbolic Link (Symlink) Following", "lang": "en", "type": "CWE" } ] } ], "providerMetadata": { "dateUpdated": "2023-07-25T19:41:46.096Z", "orgId": "a0819718-46f1-4df5-94e2-005712e83aaa", "shortName": "GitHub_M" }, "references": [ { "name": "https://github.com/codehaus-plexus/plexus-archiver/security/advisories/GHSA-wh3p-fphp-9h2m", "tags": [ "x_refsource_CONFIRM" ], "url": "https://github.com/codehaus-plexus/plexus-archiver/security/advisories/GHSA-wh3p-fphp-9h2m" }, { "name": "https://github.com/codehaus-plexus/plexus-archiver/commit/54759839fbdf85caf8442076f001d5fd64e0dcb2", "tags": [ "x_refsource_MISC" ], "url": "https://github.com/codehaus-plexus/plexus-archiver/commit/54759839fbdf85caf8442076f001d5fd64e0dcb2" }, { "name": "https://github.com/codehaus-plexus/plexus-archiver/releases/tag/plexus-archiver-4.8.0", "tags": [ "x_refsource_MISC" ], "url": "https://github.com/codehaus-plexus/plexus-archiver/releases/tag/plexus-archiver-4.8.0" } ], "source": { "advisory": "GHSA-wh3p-fphp-9h2m", "discovery": "UNKNOWN" }, "title": "Plexus Archiver vulnerable to Arbitrary File Creation in AbstractUnArchiver" } }, "cveMetadata": { "assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa", "assignerShortName": "GitHub_M", "cveId": "CVE-2023-37460", "datePublished": "2023-07-25T19:41:46.096Z", "dateReserved": "2023-07-06T13:01:36.997Z", "dateUpdated": "2024-10-03T19:09:55.667Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
Loading…
Loading…
Sightings
Author | Source | Type | Date |
---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
- Confirmed: The vulnerability is confirmed from an analyst perspective.
- Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
- Patched: This vulnerability was successfully patched by the user reporting the sighting.
- Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
- Not confirmed: The user expresses doubt about the veracity of the vulnerability.
- Not patched: This vulnerability was not successfully patched by the user reporting the sighting.