![]() ![]() CVE-2017-9791Īpache ActiveMQ Improper Input Validation Vulnerability The Struts 1 plugin in Apache Struts might allow remote code execution via a malicious field value passed in a raw message to the ActionMessage. CVE-2020-1938Īpache Struts 1 Improper Input Validation Vulnerability ![]() If such connections are available to an attacker, they can be exploited. CVE-2013-2251Īpache Tomcat Improper Privilege Management VulnerabilityĪpache Tomcat treats Apache JServ Protocol (AJP) connections as having higher trust than, for example, a similar HTTP connection. ![]() ![]() CVE-2017-12615Īpache Struts Improper Input Validation VulnerabilityĪpache Struts allows remote attackers to execute arbitrary Object-Graph Navigation Language (OGNL) expressions. This JSP could then be requested and any code it contained would be executed by the server. When running Apache Tomcat on Windows with HTTP PUTs enabled, it is possible to upload a JSP file to the server via a specially crafted request. CVE-2020-1956Īpache Tomcat on Windows Remote Code Execution Vulnerability CVE-2017-12617Īpache Kylin OS Command Injection VulnerabilityĪpache Kylin contains an OS command injection vulnerability which could permit an attacker to perform remote code execution. When running Apache Tomcat, it is possible to upload a JSP file to the server via a specially crafted request. CVE-2022-24706Īpache APISIX Authentication Bypass VulnerabilityĪpache APISIX contains an authentication bypass vulnerability that allows for remote code execution. CVE-2022-33891Īpache CouchDB Insecure Default Initialization of Resource VulnerabilityĪpache CouchDB contains an insecure default initialization of resource vulnerability which can allow an attacker to escalate to administrative privileges. CVE-2021-45046Īpache Spark Command Injection VulnerabilityĪpache Spark contains a command injection vulnerability via Spark User Interface (UI) when Access Control Lists (ACLs) are enabled. CVE-2016-8735Īpache Log4j2 Deserialization of Untrusted Data VulnerabilityĪpache Log4j2 contains a deserialization of untrusted data vulnerability due to the incomplete fix of CVE-2021-44228, where the Thread Context Lookup Pattern is vulnerable to remote code execution in certain non-default configurations. This CVE exists because this listener wasn't updated for consistency with the Oracle patched issues for CVE-2016-3427 which affected credential types. CVE-2023-33246Īpache Tomcat Remote Code Execution VulnerabilityĪpache Tomcat contains an unspecified vulnerability that allows for remote code execution if JmxRemoteLifecycleListener is used and an attacker can reach Java Management Extension (JMX) ports. An attacker can exploit this vulnerability by using the update configuration function to execute commands as the system users that RocketMQ is running as or achieve the same effect by forging the RocketMQ protocol content. Several components of Apache RocketMQ, including NameServer, Broker, and Controller, are exposed to the extranet and lack permission verification. CVE-2023-46604Īpache RocketMQ Command Execution Vulnerability TitleĪpache ActiveMQ Deserialization of Untrusted Data VulnerabilityĪpache ActiveMQ contains a deserialization of untrusted data vulnerability that may allow a remote attacker with network access to a broker to run shell commands by manipulating serialized class types in the OpenWire protocol to cause the broker to instantiate any class on the classpath. The following Apache vulnerabilities have recently been marked by CISA as Known to be Exploited by threat actors. Watch Known Exploited Apache Vulnerabilities ![]()
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |