CVE-2013-6440 Description The (1) BasicParserPool, (2) StaticBasicParserPool, (3) XML Decrypter, and (4) SAML Decrypter in Shibboleth OpenSAML-Java before 2.6.1 set the expandEntityReferences property to true, which allows remote attackers to conduct XML external entity (XXE) attacks via a crafted XML DOCTYPE declaration. Mitigation We recommend upgrading to a version of this component that is not vulnerable to this specific issue. Related links: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2013-6440 http://blog.sendsafely.com/post/69590974866/web-based-single-sign-on-and-the-dangers-of-saml https://issues.shibboleth.net/jira/browse/JXT-105 https://issues.shibboleth.net/jira/browse/JXT-107 http://shibboleth.net/community/advisories/secadv_20131213.txt Project Category n/a Tags data functional Date Disclosed 2014-02-14 Date Discovered 2013-11-04 JTVCYnJhbmNoX2xpc3QlNUQlNUIlMkZicmFuY2hfbGlzdCU1RA== Feel Vulnerable? Contact us so we can help you.
Read More
CVE-2013-4444 Description Unrestricted file upload vulnerability in Apache Tomcat 7.x before 7.0.40, in certain situations involving outdated java.io.File code and a custom JMX configuration, allows remote attackers to execute arbitrary code by uploading and accessing a JSP file. Mitigation We recommend upgrading to a version of this component that is not vulnerable to this specific issue. Related links: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2013-4444 https://tomcat.apache.org/security-7.html Project Category n/a Tags operational configuration functional Date Disclosed 2014-09-12 Date Discovered 2013-06-12 JTVCYnJhbmNoX2xpc3QlNUQlNUIlMkZicmFuY2hfbGlzdCU1RA== Feel Vulnerable? Contact us so we can help you.
Read More
CVE-2013-2172 Description jcp/xml/dsig/internal/dom/DOMCanonicalizationMethod.java in Apache Santuario XML Security for Java 1.4.x before 1.4.8 and 1.5.x before 1.5.5 allows context-dependent attackers to spoof an XML Signature by using the CanonicalizationMethod parameter to specify an arbitrary weak "canonicalization algorithm to apply to the SignedInfo part of the Signature." Mitigation We recommend upgrading to a version of this component that is not vulnerable to this specific issue. Note: If this component is included as a bundled/transitive dependency of another component, there may not be an upgrade path. In this instance, we recommend contacting the maintainers who included the vulnerable package. Alternatively, we recommend…
Read More
CVE-2013-2160 Description The streaming XML parser in Apache CXF 2.5.x before 2.5.10, 2.6.x before 2.6.7, and 2.7.x before 2.7.4 allows remote attackers to cause a denial of service (CPU and memory consumption) via crafted XML with a large number of (1) elements, (2) attributes, (3) nested constructs, and possibly other vectors. Mitigation We recommend upgrading to a version of this component that is not vulnerable to this specific issue. Related links: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2013-2160 https://cxf.apache.org/security-advisories.data/CVE-2013-2160.txt.asc Project Category n/a Tags data functional Date Disclosed 2013-08-19 Date Discovered 2013-02-19 JTVCYnJhbmNoX2xpc3QlNUQlNUIlMkZicmFuY2hfbGlzdCU1RA== Feel Vulnerable? Contact us so we can help you.
Read More
CVE-2013-2071 Description java/org/apache/catalina/core/AsyncContextImpl.java in Apache Tomcat 7.x before 7.0.40 does not properly handle the throwing of a RuntimeException in an AsyncListener in an application, which allows context-dependent attackers to obtain sensitive request information intended for other applications in opportunistic circumstances via an application that records the requests that it processes. Mitigation We recommend upgrading to a version of this component that is not vulnerable to this specific issue. Related links: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2013-2071 https://bz.apache.org/bugzilla/show_bug.cgi?id=54178#c10 http://tools.cisco.com/security/center/viewAlert.x?alertId=29283 Project Category n/a Tags functional Date Disclosed 2013-06-01 Date Discovered 2013-02-19 JTVCYnJhbmNoX2xpc3QlNUQlNUIlMkZicmFuY2hfbGlzdCU1RA== Feel Vulnerable? Contact us so we can help you.
Read More
CVE-2013-1768 Description The BrokerFactory functionality in Apache OpenJPA 1.x before 1.2.3 and 2.x before 2.2.2 creates local executable JSP files containing logging trace data produced during deserialization of certain crafted OpenJPA objects, which makes it easier for remote attackers to execute arbitrary code by creating a serialized object and leveraging improperly secured server programs. Mitigation We recommend upgrading to a version of this component that is not vulnerable to this specific issue. Related links: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2013-1768 http://archives.neohapsis.com/archives/fulldisclosure/2013-06/0099.html Project Category n/a Tags data functional Date Disclosed 2013-07-11 Date Discovered 2013-02-19 JTVCYnJhbmNoX2xpc3QlNUQlNUIlMkZicmFuY2hfbGlzdCU1RA== Feel Vulnerable? Contact us so we can help you.
Read More
CVE-2013-0239 Description Apache CXF before 2.5.9, 2.6.x before 2.6.6, and 2.7.x before 2.7.3, when the plaintext UsernameToken WS-SecurityPolicy is enabled, allows remote attackers to bypass authentication via a security header of a SOAP request containing a UsernameToken element that lacks a password child element. Mitigation We recommend upgrading to a version of this component that is not vulnerable to this specific issue. Workaround: A potential workaround is to not use a WS-SecurityPolicy that uses a plaintext `UsernameToken`. Documentation regarding this can be found at the link below: http://docs.oasis-open.org/ws-sx/security-policy/examples/ws-sp-usecases-examples.html#_Toc274723235 Related links: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2013-0239 https://cxf.apache.org/cve-2013-0239.html Project Category n/a Tags configuration functional Date Disclosed…
Read More
CVE-2012-5887 Description The HTTP Digest Access Authentication implementation in Apache Tomcat 5.5.x before 5.5.36, 6.x before 6.0.36, and 7.x before 7.0.30 does not properly check for stale nonce values in conjunction with enforcement of proper credentials, which makes it easier for remote attackers to bypass intended access restrictions by sniffing the network for valid requests. Mitigation We recommend upgrading to a version of this component that is not vulnerable to this specific issue or investigating other forms of authentication. Related links: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2012-5887 http://tools.cisco.com/security/center/viewAlert.x?alertId=27343 https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2012-3439 Project Category n/a Tags functional Date Disclosed 2012-11-17 Date Discovered 2012-11-17 JTVCYnJhbmNoX2xpc3QlNUQlNUIlMkZicmFuY2hfbGlzdCU1RA== Feel Vulnerable? Contact us…
Read More
CVE-2012-5886 Description The HTTP Digest Access Authentication implementation in Apache Tomcat 5.5.x before 5.5.36, 6.x before 6.0.36, and 7.x before 7.0.30 caches information about the authenticated user within the session state, which makes it easier for remote attackers to bypass authentication via vectors related to the session ID. Related links: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2012-5886 http://tools.cisco.com/security/center/viewAlert.x?alertId=27343 https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2012-3439 Project Category n/a Tags functional Date Disclosed 2012-11-17 Date Discovered 2012-11-17 JTVCYnJhbmNoX2xpc3QlNUQlNUIlMkZicmFuY2hfbGlzdCU1RA== Feel Vulnerable? Contact us so we can help you.
Read More
CVE-2012-5885 Description The replay-countermeasure functionality in the HTTP Digest Access Authentication implementation in Apache Tomcat 5.5.x before 5.5.36, 6.x before 6.0.36, and 7.x before 7.0.30 tracks cnonce (aka client nonce) values instead of nonce (aka server nonce) and nc (aka nonce-count) values, which makes it easier for remote attackers to bypass intended access restrictions by sniffing the network for valid requests, a different vulnerability than CVE-2011-1184. Mitigation We recommend upgrading to a version of this component that is not vulnerable to this specific issue or investigating other forms of authentication. Related links: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2012-5885 http://tools.cisco.com/security/center/viewAlert.x?alertId=27343 https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2012-3439 Project Category n/a Tags functional…
Read More
