Java ver 7.6.7 verification#
TLS hostname verification when using the Apache ActiveMQ Client before 5.15.6 was missing which could make the client vulnerable to a MITM attack between a Java application using the ActiveMQ client and the ActiveMQ server.
Java ver 7.6.7 code#
A malicious user could exploit this flaw by injecting a specially-crafted serialized object to attain remote code execution or conduct other attacks. The hotrod java client in infinispan before 9.1.0.Final automatically deserializes bytearray message contents in certain events. It was found that URLResource.getLastModified() in Undertow closes the file descriptors only when they are finalized which can cause file descriptors to exhaust. The logon application of SAP NetWeaver AS Java 7.10 to 7.11, 7.20, 7.30, 7.31, 7.40, 7.50 does not sufficiently encode user-controlled inputs, resulting in a cross-site scripting (XSS) vulnerability. 7.40, 7.41, 7.50, does not sufficiently validate an XML document accepted from an untrusted source.
In certain cases, BEx Web Java Runtime Export Web Service in SAP NetWeaver BI 7.30, 7.31. SAP WebDynpro Java, versions 7.20, 7.30, 7.31, 7.40, 7.50, does not sufficiently encode user-controlled inputs, resulting in a stored Cross-Site Scripting (XSS) vulnerability. Affected applications use automated buildpack detection, serve files directly from the root of the application and have a buildpack that matched after the Java Buildpack in the system buildpack priority when Java Buildpack versions 2.0 through 3.4 were present. It was found that original mitigation configuration instructions provided as part of CVE-2016-0708 were incomplete and could leave PHP Buildpack, Staticfile Buildpack and potentially other custom Buildpack applications vulnerable to remote information disclosure. Pivotal Cloud Foundry Elastic Runtime version 1.4.0 through 1.4.5, 1.5.0 through 1.5.11 and 1.6.0 through 1.6.11 is vulnerable to a remote information disclosure.
Pluck 4.7.7 allows XSS via an SVG file that contains Javascript in a SCRIPT element, and is uploaded via pages->manage under admin.php?action=files. NET Legacy Stack can allow remote attackers to trigger a denial of service. An XXE vulnerability in the OPC UA Java and.
0 kommentar(er)
