Startseite ▼ Bookkeeping
Online ▼ Sicherheits
Überprüfungs ▼
Verwaltetes
DNS ▼
Info
Bestellen/Erneuern
FAQ
AUP
Dynamic DNS Clients
Domaine konfigurieren Dyanmic DNS Update Password Netzwerk
Überwachung ▼
Enterprise
Erweiterte
Standard
Gratis Test
FAQ
Preis/Funktionszusammenfassung
Bestellen
Beispiele
Konfigurieren/Status Alarm Profile | |||
Test Kennung: | 1.3.6.1.4.1.25623.1.0.807648 |
Kategorie: | Web application abuses |
Titel: | Apache Jetspeed Multiple Vulnerabilities-Mar16 |
Zusammenfassung: | The host is installed with Apache Jetspeed and is; prone to multiple vulnerabilities. |
Beschreibung: | Summary: The host is installed with Apache Jetspeed and is prone to multiple vulnerabilities. Vulnerability Insight: Multiple flaws exist due to: - An improper validation of file names before writing them to disk in 'Import/Export' function in the Portal Site Manager. - An authorization flaw in jetspeed user manager services. - An insufficient validation of 'user' and 'role' parameters in jetspeed User Manager service. - An error in the URI path directory after '/portal'. - Some errors in the functionality to add a link, page, or folder. Vulnerability Impact: Successful exploitation will allow remote attackers to obtain potentially sensitive information, and allows to upload arbitrary files, also causes sql injection. Affected Software/OS: Apache Jetspeed version 2.2.0 to 2.2.2 and 2.3.0 - --- NOTE: The unsupported Jetspeed 2.1.x versions may be also affected. - --- Solution: Upgrade to Apache Jetspeed version 2.3.1 CVSS Score: 9.0 CVSS Vector: AV:N/AC:L/Au:S/C:C/I:C/A:C |
Querverweis: |
Common Vulnerability Exposure (CVE) ID: CVE-2016-0709 https://www.exploit-db.com/exploits/39643/ http://haxx.ml/post/140552592371/remote-code-execution-in-apache-jetspeed-230-and http://packetstormsecurity.com/files/136489/Apache-Jetspeed-Arbitrary-File-Upload.html http://www.rapid7.com/db/modules/exploit/multi/http/apache_jetspeed_file_upload https://mail-archives.apache.org/mod_mbox/portals-jetspeed-user/201603.mbox/%3C281D02D0-6A03-4421-9D86-E73B001C8677@bluesunrise.com%3E Common Vulnerability Exposure (CVE) ID: CVE-2016-0710 https://mail-archives.apache.org/mod_mbox/portals-jetspeed-user/201603.mbox/%3C046318A1-226E-453F-9394-B84F1A33E6A4@bluesunrise.com%3E Common Vulnerability Exposure (CVE) ID: CVE-2016-0711 https://mail-archives.apache.org/mod_mbox/portals-jetspeed-user/201603.mbox/%3C73AC0763-D44B-4BDF-867C-05AD4674A62F@bluesunrise.com%3E Common Vulnerability Exposure (CVE) ID: CVE-2016-0712 https://mail-archives.apache.org/mod_mbox/portals-jetspeed-user/201603.mbox/%3CF868DBFC-A05C-4ABB-8B91-17CA54C174B9@bluesunrise.com%3E Common Vulnerability Exposure (CVE) ID: CVE-2016-2171 http://mail-archives.apache.org/mod_mbox/portals-jetspeed-user/201603.mbox/%3CB9165E38-F3D8-496D-8642-8A53FCAC736A%40gmail.com%3E |
Copyright | Copyright (C) 2016 Greenbone Networks GmbH |
Dies ist nur einer von 99761 Anfälligkeitstests in unserem Testpaket. Finden Sie mehr über unsere vollständigen Sicherheitsüberprüfungen heraus. Um einen gratis Test für diese Anfälligkeit auf Ihrem System durchlaufen zu lassen, registrieren Sie sich bitte unten. |