Spring Framework versions 5.3.0 to 5.3.17, 5.2.0 to 5.2.19, and older versions when running on JDK 9 or above and specifically packaged as a traditional WAR and deployed in a standalone Tomcat instance are vulnerable to remote code execution due to an unsafe data binding used to populate an object from request parameters to set a Tomcat specific ClassLoader. By crafting a request to the application and referencing the org.apache.catalina.valves.AccessLogValve class through the classLoader with parameters such as the following: class.module.classLoader.resources.context.parent.pipeline.first.suffix=.jsp, an unauthenticated attacker can gain remote code execution.
4590ce696ecbca17f3c4027cb21a644324b71e6b9b2bc3d539bb3272e79bf2ebRed Hat Security Advisory 2022-1626-01 - AMQ Broker is a high-performance messaging implementation based on ActiveMQ Artemis. It uses an asynchronous journal for fast message persistence, and supports multiple languages, protocols, and platforms. This release of Red Hat AMQ Broker 7.8.6 serves as a replacement for Red Hat AMQ Broker 7.8.5, and includes security and bug fixes, and enhancements.
cf23715c7a49b1b422a8dd3431c0faec96815dd29d9f97e6c4f6ca4a69adff20Red Hat Security Advisory 2022-1627-01 - AMQ Broker is a high-performance messaging implementation based on ActiveMQ Artemis. It uses an asynchronous journal for fast message persistence, and supports multiple languages, protocols, and platforms. This release of Red Hat AMQ Broker 7.9.4 serves as a replacement for Red Hat AMQ Broker 7.9.3, and includes security and bug fixes, and enhancements.
e7a268e7f07128928c027246058e455341baf0e5b1887f67be9e6741f0490effRed Hat Security Advisory 2022-1379-01 - Red Hat Decision Manager is an open source decision management platform that combines business rules management, complex event processing, Decision Model & Notation execution, and business optimization for solving planning problems. It automates business decisions and makes that logic available to the entire business. This asynchronous security patch is an update to Red Hat Decision Manager 7. Issues addressed include a code execution vulnerability.
8742dc923803844fc89249f794ccf78fdacb0e77bfa1999ffc83e938c7bdad8aRed Hat Security Advisory 2022-1378-01 - Red Hat Process Automation Manager is an open source business process management suite that combines process management and decision service management and enables business and IT users to create, manage, validate, and deploy process applications and decision services. This asynchronous security patch is an update to Red Hat Process Automation Manager 7. Issues addressed include a code execution vulnerability.
61c4d0a3c6914696757b1d47c3264a3dcba3bbcd41fbb6a93da20da46400d0b5Red Hat Security Advisory 2022-1360-01 - This release of Red Hat Fuse 7.10.2 serves as a replacement for Red Hat Fuse 7.10.1, and includes bug fixes and enhancements, which are documented in the Release Notes document linked to in the References.
8b802a8601feecd53c3be8f32936359e55d1332e1b8488cb9c96cc10a7ebf943Python exploit for CVE-2022-22965 that provides a prompt to the user in the style of an ssh session. The script is designed to be easy to understand and execute, with both readability and accessibility - depending on the user's choice. Designed for exploiting the vulnerability on tomcat servers. The fileDateFormat field on the server will be set and unset as part of the script which allows the exploit to be run multiple times. Cleanup may be required. It leverages a vulnerability found in the java spring framework before version 5.2, as well as in versions 5.3.0-17 an d 5.2.0-19 and running on a version of the Java Development Kit greater than or equal to 9.
e7ba2016200c7a9f35557d8d8cb81a7016d22df9517f54de7239d50738638502Red Hat Security Advisory 2022-1333-01 - A micro version update is now available for Red Hat Camel K that includes CVE fixes in the base images, which are documented in the Release Notes document linked in the References section.
84e3b3e03146ec3ba0a8f461d400dfce1432660b1bb8dd1e467123d498398499Red Hat Security Advisory 2022-1306-01 - A security update to Red Hat Integration Camel Extensions for Quarkus 2.2.1 is now available. Issues addressed include a remote code execution vulnerability.
c3c5d0930ccc1fe38ee5366563b5d922321b3645300f06dfcd16a55e0f841566
© 2022 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed