Red Hat Security Advisory 2019-2995-01 - AMQ Broker is a high-performance messaging implementation based on ActiveMQ Artemis. It uses an asynchronous journal for fast message persistence, and supports multiple languages, protocols, and platforms. This release of Red Hat A-MQ Broker 7.5.0 serves as a replacement for Red Hat A-MQ Broker 7.4.1, and includes security and bug fixes, and enhancements. A Class Loader manipulation vulnerability was addressed.
dd9ea47c1d0afaf31a5d352fe371b0637db5ce6186d2c3b24e0e7e14586fdfb2Red Hat Security Advisory 2018-2669-01 - Red Hat Fuse, based on Apache ServiceMix, provides a small-footprint, flexible, open source enterprise service bus and integration platform. This release of Red Hat Fuse 7.1 serves as a replacement for Red Hat Fuse 7.0, and includes bug fixes and enhancements, which are documented in the Release Notes document linked to in the References. Issues addressed include code execution, cross site scripting, denial of service, path sanitization, and traversal vulnerabilities.
7b3635d1483cb247ae4e0a03ee8632f66f34f0c49a1302091a6f17cc60f5582aOSCAR EMR version 15.21beta361 suffers from remote code execution, cross site request forgery, cross site scripting, denial of service, deserialization, remote SQL injection, and path traversal vulnerabilities.
b49a30c7affbcdc3aadacdc0ecd98471127fca93159d568f99389e4095c9ecbbHP Security Bulletin HPSBGN03669 1 - Potential vulnerabilities have been identified in HPE SiteScope. The vulnerabilities could be exploited to allow local elevation of privilege and exploited remotely to allow denial of service, arbitrary code execution, cross-site request forgery. Revision 1 of this advisory.
ac957c536f14c0a27badb6f04185ed0c67d4cacfcf48129853672a6a8767ef2fGentoo Linux Security Advisory 201607-9 - Apache Commons BeanUtils does not properly suppress the class property, which could lead to the remote execution of arbitrary code. Versions below 1.9.2 are affected.
e796b79d0cecceb30859bf6409dd12a908bf0b6687463fd62c86692038a1b122HP Security Bulletin HPSBST03160 - A potential security vulnerability has been identified with HP XP Command View Advanced Edition running Apache Struts. Revision 1 of this advisory.
7347708214d9e40bfa1feac22c945e22da23247a26c666e8ec2f25128975846dVMware Security Advisory 2014-0008 - VMware has updated vSphere third party libraries.
961f1fa58ab6b80903bbc3ac882d262194e375452629d457597ffbc1b2b2c93cDebian Linux Security Advisory 2940-1 - It was discovered that missing access checks in the Struts ActionForm object could result in the execution of arbitrary code.
a2c5ba27eba620d705bc979e39632bb700c5a4d3e90ae0a26a1a3d26bf11271aHP Security Bulletin HPSBMU03090 - A potential security vulnerability has been identified with HP SiteScope. The vulnerability could be exploited remotely to allow execution of arbitrary code. Revision 1 of this advisory.
08170bb50ff7c64c4846293aaff4cec011cdc0f0d377009be496d884f440c8cfHP Security Bulletin HPSBGN03041 - A potential security vulnerability has been identified with HP IceWall Configuration Manager running Apache Struts. The vulnerability could be exploited remotely resulting in execution of arbitrary code. Revision 1 of this advisory.
64795997cd5a317c0b565929f621a7404bfe676a059784dec8dc3165de9eec6bMandriva Linux Security Advisory 2014-095 - It was found that the Struts 1 ActionForm object allowed access to the 'class' parameter, which is directly mapped to the getClass() method. A remote attacker could use this flaw to manipulate the ClassLoader used by an application server running Struts 1. This could lead to remote code execution under certain conditions.
bdda9e490d58910aa0c5c618c3765ea30a160f6fb71b2be4423f4076d612bfb3Red Hat Security Advisory 2014-0511-01 - Red Hat JBoss Operations Network is a middleware management solution that provides a single point of control to deploy, manage, and monitor JBoss Enterprise Middleware, applications, and services. Apache Struts is a framework for building web applications with Java. It was found that the Struts 1 ActionForm object allowed access to the 'class' parameter, which is directly mapped to the getClass() method. A remote attacker could use this flaw to manipulate the ClassLoader used by an application server running Struts 1. This could lead to remote code execution under certain conditions.
1ca60d1e65c986cd9a9a0da28640c61b3da39426145fa0d4d41a7308e48cf2daRed Hat Security Advisory 2014-0500-01 - Red Hat Satellite is a systems management tool for Linux-based infrastructures. It allows for provisioning, monitoring, and remote management of multiple Linux deployments with a single, centralized tool. Apache Struts is a framework for building web applications with Java. It was found that the Struts 1 ActionForm object allowed access to the 'class' parameter, which is directly mapped to the getClass() method. A remote attacker could use this flaw to manipulate the ClassLoader used by an application server running Struts 1. This could lead to remote code execution under certain conditions.
053eff3848e4c3323f01275daa23b1e1daef01bac18cef89f48a1661ee568d5cRed Hat Security Advisory 2014-0498-01 - Fuse ESB Enterprise is an integration platform based on Apache ServiceMix. It was found that the Struts 1 ActionForm object allowed access to the 'class' parameter, which is directly mapped to the getClass() method. A remote attacker could use this flaw to manipulate the ClassLoader used by an application server running Struts 1. This could lead to remote code execution under certain conditions.
3e5f89f145def43de588d0721a600340738c1ea9eb26430a4c4f834dd52d984fRed Hat Security Advisory 2014-0497-01 - Red Hat JBoss Fuse, based on Apache ServiceMix, provides a small-footprint, flexible, open source enterprise service bus and integration platform. It was found that the Struts 1 ActionForm object allowed access to the 'class' parameter, which is directly mapped to the getClass() method. A remote attacker could use this flaw to manipulate the ClassLoader used by an application server running Struts 1. This could lead to remote code execution under certain conditions.
05112fa5138fd82396c980f77a6914edfd660c9bf09fec3eb3388fae84907976Red Hat Security Advisory 2014-0474-01 - Apache Struts is a framework for building web applications with Java. It was found that the Struts 1 ActionForm object allowed access to the 'class' parameter, which is directly mapped to the getClass() method. A remote attacker could use this flaw to manipulate the ClassLoader used by an application server running Struts 1. This could lead to remote code execution under certain conditions. All struts users are advised to upgrade to these updated packages, which contain a backported patch to correct this issue. All running applications using struts must be restarted for this update to take effect.
d012c34ca5796768ff82182aacb36f0a7e897e45e96c86d8e528eb920b2fd870Apache Struts 1, now EOL'ed a year ago, suffers from a ClassLoader manipulation vulnerability similar to recent findings. Alvaro Munoz and the HP Fortify team have helped the Struts team come up with a recommendation for mitigation.
f9f8a680c7342a4ec7664f0833621f029bef66354e591a521ed9ce01dd951ae2Apache Struts 1, now EOL'ed a year ago, suffers from a ClassLoader manipulation vulnerability similar to recent findings.
d753af8cf08ba2c2ef2788acb38ccb3268e20b5f6097e41ffbf640ac694b1f2f
© 2022 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed