Action not permitted
Modal body text goes here.
Modal Title
Modal Body
wid-sec-w-2024-3616
Vulnerability from csaf_certbund
Published
2016-10-06 22:00
Modified
2024-12-05 23:00
Summary
Red Hat JBoss Fuse: Mehrere Schwachstellen
Notes
Das BSI ist als Anbieter für die eigenen, zur Nutzung bereitgestellten Inhalte nach den allgemeinen Gesetzen verantwortlich. Nutzerinnen und Nutzer sind jedoch dafür verantwortlich, die Verwendung und/oder die Umsetzung der mit den Inhalten bereitgestellten Informationen sorgfältig im Einzelfall zu prüfen.
Produktbeschreibung
JBoss Fuse ist ein Open Source Enterprise Service Bus (ESB).
JBoss A-MQ ist eine Messaging-Plattform.
Angriff
Ein entfernter, anonymer Angreifer kann mehrere Schwachstellen in Red Hat JBoss Fuse und Red Hat JBoss A-MQ ausnutzen, um einen Denial of Service Angriff durchzuführen, Code mit den Privilegien des angegriffenen Dienstes zur Ausführung bringen, vertrauliche Daten einzusehen, Informationen zu manipulieren oder Sicherheitsmechanismen zu umgehen.
Betroffene Betriebssysteme
- Linux
{
"document": {
"aggregate_severity": {
"text": "mittel"
},
"category": "csaf_base",
"csaf_version": "2.0",
"distribution": {
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "de-DE",
"notes": [
{
"category": "legal_disclaimer",
"text": "Das BSI ist als Anbieter f\u00fcr die eigenen, zur Nutzung bereitgestellten Inhalte nach den allgemeinen Gesetzen verantwortlich. Nutzerinnen und Nutzer sind jedoch daf\u00fcr verantwortlich, die Verwendung und/oder die Umsetzung der mit den Inhalten bereitgestellten Informationen sorgf\u00e4ltig im Einzelfall zu pr\u00fcfen."
},
{
"category": "description",
"text": "JBoss Fuse ist ein Open Source Enterprise Service Bus (ESB).\r\nJBoss A-MQ ist eine Messaging-Plattform.",
"title": "Produktbeschreibung"
},
{
"category": "summary",
"text": "Ein entfernter, anonymer Angreifer kann mehrere Schwachstellen in Red Hat JBoss Fuse und Red Hat JBoss A-MQ ausnutzen, um einen Denial of Service Angriff durchzuf\u00fchren, Code mit den Privilegien des angegriffenen Dienstes zur Ausf\u00fchrung bringen, vertrauliche Daten einzusehen, Informationen zu manipulieren oder Sicherheitsmechanismen zu umgehen.",
"title": "Angriff"
},
{
"category": "general",
"text": "- Linux",
"title": "Betroffene Betriebssysteme"
}
],
"publisher": {
"category": "other",
"contact_details": "csaf-provider@cert-bund.de",
"name": "Bundesamt f\u00fcr Sicherheit in der Informationstechnik",
"namespace": "https://www.bsi.bund.de"
},
"references": [
{
"category": "self",
"summary": "WID-SEC-W-2024-3616 - CSAF Version",
"url": "https://wid.cert-bund.de/.well-known/csaf/white/2016/wid-sec-w-2024-3616.json"
},
{
"category": "self",
"summary": "WID-SEC-2024-3616 - Portal Version",
"url": "https://wid.cert-bund.de/portal/wid/securityadvisory?name=WID-SEC-2024-3616"
},
{
"category": "external",
"summary": "Red Hat Security Advisory RHSA-2016:2036-1 vom 2016-10-06",
"url": "https://rhn.redhat.com/errata/RHSA-2016-2036.html"
},
{
"category": "external",
"summary": "Red Hat Security Advisory RHSA-2016:2035-1 vom 2016-10-06",
"url": "https://rhn.redhat.com/errata/RHSA-2016-2035.html"
},
{
"category": "external",
"summary": "Juniper Security Advisory JSA11023 vom 2020-07-08",
"url": "http://kb.juniper.net/InfoCenter/index?page=content\u0026id=JSA11023"
},
{
"category": "external",
"summary": "Ubuntu Security Notice USN-7139-1 vom 2024-12-05",
"url": "https://ubuntu.com/security/notices/USN-7139-1"
}
],
"source_lang": "en-US",
"title": "Red Hat JBoss Fuse: Mehrere Schwachstellen",
"tracking": {
"current_release_date": "2024-12-05T23:00:00.000+00:00",
"generator": {
"date": "2024-12-06T09:15:40.792+00:00",
"engine": {
"name": "BSI-WID",
"version": "1.3.10"
}
},
"id": "WID-SEC-W-2024-3616",
"initial_release_date": "2016-10-06T22:00:00.000+00:00",
"revision_history": [
{
"date": "2016-10-06T22:00:00.000+00:00",
"number": "1",
"summary": "Initial Release"
},
{
"date": "2016-10-06T22:00:00.000+00:00",
"number": "2",
"summary": "Version nicht vorhanden"
},
{
"date": "2016-10-06T22:00:00.000+00:00",
"number": "3",
"summary": "Version nicht vorhanden"
},
{
"date": "2019-06-18T22:00:00.000+00:00",
"number": "4",
"summary": "Referenz(en) aufgenommen: RHSA-2019:1545"
},
{
"date": "2020-07-08T22:00:00.000+00:00",
"number": "5",
"summary": "Neue Updates von Juniper aufgenommen"
},
{
"date": "2024-12-05T23:00:00.000+00:00",
"number": "6",
"summary": "Neue Updates von Ubuntu aufgenommen"
}
],
"status": "final",
"version": "6"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_version_range",
"name": "\u003c20.1R1",
"product": {
"name": "Juniper Junos Space \u003c20.1R1",
"product_id": "T016874"
}
},
{
"category": "product_version",
"name": "20.1R1",
"product": {
"name": "Juniper Junos Space 20.1R1",
"product_id": "T016874-fixed",
"product_identification_helper": {
"cpe": "cpe:/a:juniper:junos_space:20.1r1"
}
}
}
],
"category": "product_name",
"name": "Junos Space"
}
],
"category": "vendor",
"name": "Juniper"
},
{
"branches": [
{
"branches": [
{
"category": "product_version",
"name": "6.3",
"product": {
"name": "Red Hat JBoss A-MQ 6.3",
"product_id": "T008598",
"product_identification_helper": {
"cpe": "cpe:/a:redhat:jboss_amq:6.3"
}
}
}
],
"category": "product_name",
"name": "JBoss A-MQ"
},
{
"branches": [
{
"category": "product_version",
"name": "6.3",
"product": {
"name": "Red Hat JBoss Fuse 6.3",
"product_id": "T008597",
"product_identification_helper": {
"cpe": "cpe:/a:redhat:jboss_fuse:6.3"
}
}
}
],
"category": "product_name",
"name": "JBoss Fuse"
}
],
"category": "vendor",
"name": "Red Hat"
},
{
"branches": [
{
"category": "product_name",
"name": "Ubuntu Linux",
"product": {
"name": "Ubuntu Linux",
"product_id": "T000126",
"product_identification_helper": {
"cpe": "cpe:/o:canonical:ubuntu_linux:-"
}
}
}
],
"category": "vendor",
"name": "Ubuntu"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2015-3192",
"notes": [
{
"category": "description",
"text": "Es existiert eine Schwachstelle in Red Hat JBoss Fuse und Red Hat JBoss A-MQ. Die Schwachstelle besteht im Spring Framework und beruht auf der Art und WEise, wie \"inline DTD Deklarationen\" verarbeitet werden. Ein Angreifer kann dieses durch \u00dcbermitteln geeignet gestalteter XML Daten zu einem Denial of Service Angirff nutzen."
}
],
"product_status": {
"known_affected": [
"T008598",
"T000126",
"T016874",
"T008597"
]
},
"release_date": "2016-10-06T22:00:00.000+00:00",
"title": "CVE-2015-3192"
},
{
"cve": "CVE-2015-5344",
"notes": [
{
"category": "description",
"text": "Es existiert eine Schwachstelle in Red Hat JBoss Fuse in der Apache Camel camel-xstream Komponente. Die Schwachstelle beruht auf einem Deseialisierungfehler von Java Objekten. Ein Angreifer kann dieses nutzen und u. a. vertrauliche Daten einsehen oder Code zur Ausf\u00fchrung bringen."
}
],
"product_status": {
"known_affected": [
"T000126",
"T008597"
]
},
"release_date": "2016-10-06T22:00:00.000+00:00",
"title": "CVE-2015-5344"
},
{
"cve": "CVE-2015-5348",
"notes": [
{
"category": "description",
"text": "Es existiert eine Schwachstelle in Red Hat JBoss Fuse. Die Schwachstelle besteht in dem Apache Camels Jetty/Servlet und beruht auf einem Deserialisierungsfehler. Ein Angreifer kann dieses durch \u00dcbermitteln geeignet gestalteter Daten nutzen und beliebigen Code zur Ausf\u00fchrung bringen."
}
],
"product_status": {
"known_affected": [
"T000126",
"T008597"
]
},
"release_date": "2016-10-06T22:00:00.000+00:00",
"title": "CVE-2015-5348"
},
{
"cve": "CVE-2015-7940",
"notes": [
{
"category": "description",
"text": "Es existiert eine Schwachstelle in Red Hat JBoss Fuse und Red Hat JBoss A-MQ in der Komponente \"bouncycastle\". Die Schwachstelle beruht darauf, dass ein Angreifer private Schl\u00fcssel bei Verwendung von elliptischen Kurven in der Kryptographie auslesen kann."
}
],
"product_status": {
"known_affected": [
"T008598",
"T000126",
"T008597"
]
},
"release_date": "2016-10-06T22:00:00.000+00:00",
"title": "CVE-2015-7940"
},
{
"cve": "CVE-2016-2141",
"notes": [
{
"category": "description",
"text": "Es existiert eine Schwachstelle in Red Hat JBoss Fuse. Die Schwachstelle beruht darauf, dass neue Nodes durch JGroups nicht korrekt authentisiert werden. Ein Angreifer kann dieses nutzen und Sicherheitsmechanismen umgehen."
}
],
"product_status": {
"known_affected": [
"T000126",
"T008597"
]
},
"release_date": "2016-10-06T22:00:00.000+00:00",
"title": "CVE-2016-2141"
},
{
"cve": "CVE-2016-2510",
"notes": [
{
"category": "description",
"text": "Es existiert eine Schwachstelle in Red Hat JBoss Fuse im Zusammenhang mit BeanShell. Ein anonymer, entfernter Angreifer kann diese Schwachstelle nutzen, um bei der Deserialisierung einer speziell konstruierten Klassenkette beliebigen Programmcode mit den Rechten des Dienstes auszuf\u00fchren. Zur erfolgreichen Ausnutzung dieser Schwachstelle muss der Angreifer den Benutzer dazu bringen, eine modifizierte URL oder Webseite in seinem Web-Browser zu \u00f6ffnen."
}
],
"product_status": {
"known_affected": [
"T000126",
"T008597"
]
},
"release_date": "2016-10-06T22:00:00.000+00:00",
"title": "CVE-2016-2510"
},
{
"cve": "CVE-2016-4437",
"notes": [
{
"category": "description",
"text": "Es existiert eine Schwachstelle in Red Hat JBoss Fuse und Red Hat JBoss A-MQ. Die Schwachstelle besteht in darin, dass Apache Shiro einen Standardschl\u00fcssel f\u00fcr die \"remember me\" Funktion verwendet. Ein Angreifer kann dieses ausnutzen und unautorisiert Zugriff auf die Inhalte erlangen."
}
],
"product_status": {
"known_affected": [
"T008598",
"T000126",
"T008597"
]
},
"release_date": "2016-10-06T22:00:00.000+00:00",
"title": "CVE-2016-4437"
}
]
}
CVE-2015-3192 (GCVE-0-2015-3192)
Vulnerability from cvelistv5
Published
2016-07-12 19:00
Modified
2024-08-06 05:39
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
Pivotal Spring Framework before 3.2.14 and 4.x before 4.1.7 do not properly process inline DTD declarations when DTD is not entirely disabled, which allows remote attackers to cause a denial of service (memory consumption and out-of-memory errors) via a crafted XML file.
References
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T05:39:31.943Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "RHSA-2016:2035",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "http://rhn.redhat.com/errata/RHSA-2016-2035.html"
},
{
"name": "1036587",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://www.securitytracker.com/id/1036587"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://pivotal.io/security/cve-2015-3192"
},
{
"name": "RHSA-2016:2036",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "http://rhn.redhat.com/errata/RHSA-2016-2036.html"
},
{
"name": "RHSA-2016:1218",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "https://access.redhat.com/errata/RHSA-2016:1218"
},
{
"name": "90853",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/90853"
},
{
"name": "RHSA-2016:1592",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "http://rhn.redhat.com/errata/RHSA-2016-1592.html"
},
{
"name": "FEDORA-2015-11184",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA",
"x_transferred"
],
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2015-July/162015.html"
},
{
"name": "FEDORA-2015-11165",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA",
"x_transferred"
],
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2015-July/162017.html"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://jira.spring.io/browse/SPR-13136"
},
{
"name": "RHSA-2016:1593",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "http://rhn.redhat.com/errata/RHSA-2016-1593.html"
},
{
"name": "RHSA-2016:1219",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "https://access.redhat.com/errata/RHSA-2016:1219"
},
{
"name": "[debian-lts-announce] 20190713 [SECURITY] [DLA 1853-1] libspring-java security update",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://lists.debian.org/debian-lts-announce/2019/07/msg00012.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2015-06-30T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Pivotal Spring Framework before 3.2.14 and 4.x before 4.1.7 do not properly process inline DTD declarations when DTD is not entirely disabled, which allows remote attackers to cause a denial of service (memory consumption and out-of-memory errors) via a crafted XML file."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2019-07-13T23:06:02",
"orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"shortName": "redhat"
},
"references": [
{
"name": "RHSA-2016:2035",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "http://rhn.redhat.com/errata/RHSA-2016-2035.html"
},
{
"name": "1036587",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://www.securitytracker.com/id/1036587"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://pivotal.io/security/cve-2015-3192"
},
{
"name": "RHSA-2016:2036",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "http://rhn.redhat.com/errata/RHSA-2016-2036.html"
},
{
"name": "RHSA-2016:1218",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2016:1218"
},
{
"name": "90853",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/90853"
},
{
"name": "RHSA-2016:1592",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "http://rhn.redhat.com/errata/RHSA-2016-1592.html"
},
{
"name": "FEDORA-2015-11184",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA"
],
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2015-July/162015.html"
},
{
"name": "FEDORA-2015-11165",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA"
],
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2015-July/162017.html"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://jira.spring.io/browse/SPR-13136"
},
{
"name": "RHSA-2016:1593",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "http://rhn.redhat.com/errata/RHSA-2016-1593.html"
},
{
"name": "RHSA-2016:1219",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2016:1219"
},
{
"name": "[debian-lts-announce] 20190713 [SECURITY] [DLA 1853-1] libspring-java security update",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "https://lists.debian.org/debian-lts-announce/2019/07/msg00012.html"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "secalert@redhat.com",
"ID": "CVE-2015-3192",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Pivotal Spring Framework before 3.2.14 and 4.x before 4.1.7 do not properly process inline DTD declarations when DTD is not entirely disabled, which allows remote attackers to cause a denial of service (memory consumption and out-of-memory errors) via a crafted XML file."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "RHSA-2016:2035",
"refsource": "REDHAT",
"url": "http://rhn.redhat.com/errata/RHSA-2016-2035.html"
},
{
"name": "1036587",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1036587"
},
{
"name": "http://pivotal.io/security/cve-2015-3192",
"refsource": "CONFIRM",
"url": "http://pivotal.io/security/cve-2015-3192"
},
{
"name": "RHSA-2016:2036",
"refsource": "REDHAT",
"url": "http://rhn.redhat.com/errata/RHSA-2016-2036.html"
},
{
"name": "RHSA-2016:1218",
"refsource": "REDHAT",
"url": "https://access.redhat.com/errata/RHSA-2016:1218"
},
{
"name": "90853",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/90853"
},
{
"name": "RHSA-2016:1592",
"refsource": "REDHAT",
"url": "http://rhn.redhat.com/errata/RHSA-2016-1592.html"
},
{
"name": "FEDORA-2015-11184",
"refsource": "FEDORA",
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2015-July/162015.html"
},
{
"name": "FEDORA-2015-11165",
"refsource": "FEDORA",
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2015-July/162017.html"
},
{
"name": "https://jira.spring.io/browse/SPR-13136",
"refsource": "CONFIRM",
"url": "https://jira.spring.io/browse/SPR-13136"
},
{
"name": "RHSA-2016:1593",
"refsource": "REDHAT",
"url": "http://rhn.redhat.com/errata/RHSA-2016-1593.html"
},
{
"name": "RHSA-2016:1219",
"refsource": "REDHAT",
"url": "https://access.redhat.com/errata/RHSA-2016:1219"
},
{
"name": "[debian-lts-announce] 20190713 [SECURITY] [DLA 1853-1] libspring-java security update",
"refsource": "MLIST",
"url": "https://lists.debian.org/debian-lts-announce/2019/07/msg00012.html"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"assignerShortName": "redhat",
"cveId": "CVE-2015-3192",
"datePublished": "2016-07-12T19:00:00",
"dateReserved": "2015-04-10T00:00:00",
"dateUpdated": "2024-08-06T05:39:31.943Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2015-5348 (GCVE-0-2015-5348)
Vulnerability from cvelistv5
Published
2016-04-15 15:00
Modified
2024-08-06 06:41
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
Apache Camel 2.6.x through 2.14.x, 2.15.x before 2.15.5, and 2.16.x before 2.16.1, when using (1) camel-jetty or (2) camel-servlet as a consumer in Camel routes, allow remote attackers to execute arbitrary commands via a crafted serialized Java object in an HTTP request.
References
| ► | URL | Tags | ||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T06:41:09.342Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://packetstormsecurity.com/files/134946/Apache-Camel-Java-Object-Deserialization.html"
},
{
"name": "RHSA-2016:2035",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "http://rhn.redhat.com/errata/RHSA-2016-2035.html"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://camel.apache.org/security-advisories.data/CVE-2015-5348.txt.asc"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://issues.apache.org/jira/browse/CAMEL-9309"
},
{
"name": "20151217 CVE-2015-5348 - Apache Camel medium disclosure vulnerability",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://www.securityfocus.com/archive/1/537147/100/0/threaded"
},
{
"name": "80696",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/80696"
},
{
"name": "[camel-commits] 20190430 svn commit: r1044347 - in /websites/production/camel/content: cache/main.pageCache security-advisories.data/CVE-2019-0194.txt.asc security-advisories.html",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://lists.apache.org/thread.html/b4014ea7c5830ca1fc28edd5cafedfe93ad4af2d9e69c961c5def31d%40%3Ccommits.camel.apache.org%3E"
},
{
"name": "[camel-commits] 20190524 svn commit: r1045395 - in /websites/production/camel/content: cache/main.pageCache security-advisories.data/CVE-2019-0188.txt.asc security-advisories.html",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://lists.apache.org/thread.html/2318d7f7d87724d8716cd650c21b31cb06e4d34f6d0f5ee42f28fdaf%40%3Ccommits.camel.apache.org%3E"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2015-12-17T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Apache Camel 2.6.x through 2.14.x, 2.15.x before 2.15.5, and 2.16.x before 2.16.1, when using (1) camel-jetty or (2) camel-servlet as a consumer in Camel routes, allow remote attackers to execute arbitrary commands via a crafted serialized Java object in an HTTP request."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2019-05-24T10:06:03",
"orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"shortName": "redhat"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "http://packetstormsecurity.com/files/134946/Apache-Camel-Java-Object-Deserialization.html"
},
{
"name": "RHSA-2016:2035",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "http://rhn.redhat.com/errata/RHSA-2016-2035.html"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://camel.apache.org/security-advisories.data/CVE-2015-5348.txt.asc"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://issues.apache.org/jira/browse/CAMEL-9309"
},
{
"name": "20151217 CVE-2015-5348 - Apache Camel medium disclosure vulnerability",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://www.securityfocus.com/archive/1/537147/100/0/threaded"
},
{
"name": "80696",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/80696"
},
{
"name": "[camel-commits] 20190430 svn commit: r1044347 - in /websites/production/camel/content: cache/main.pageCache security-advisories.data/CVE-2019-0194.txt.asc security-advisories.html",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "https://lists.apache.org/thread.html/b4014ea7c5830ca1fc28edd5cafedfe93ad4af2d9e69c961c5def31d%40%3Ccommits.camel.apache.org%3E"
},
{
"name": "[camel-commits] 20190524 svn commit: r1045395 - in /websites/production/camel/content: cache/main.pageCache security-advisories.data/CVE-2019-0188.txt.asc security-advisories.html",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "https://lists.apache.org/thread.html/2318d7f7d87724d8716cd650c21b31cb06e4d34f6d0f5ee42f28fdaf%40%3Ccommits.camel.apache.org%3E"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "secalert@redhat.com",
"ID": "CVE-2015-5348",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Apache Camel 2.6.x through 2.14.x, 2.15.x before 2.15.5, and 2.16.x before 2.16.1, when using (1) camel-jetty or (2) camel-servlet as a consumer in Camel routes, allow remote attackers to execute arbitrary commands via a crafted serialized Java object in an HTTP request."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://packetstormsecurity.com/files/134946/Apache-Camel-Java-Object-Deserialization.html",
"refsource": "MISC",
"url": "http://packetstormsecurity.com/files/134946/Apache-Camel-Java-Object-Deserialization.html"
},
{
"name": "RHSA-2016:2035",
"refsource": "REDHAT",
"url": "http://rhn.redhat.com/errata/RHSA-2016-2035.html"
},
{
"name": "http://camel.apache.org/security-advisories.data/CVE-2015-5348.txt.asc",
"refsource": "CONFIRM",
"url": "http://camel.apache.org/security-advisories.data/CVE-2015-5348.txt.asc"
},
{
"name": "https://issues.apache.org/jira/browse/CAMEL-9309",
"refsource": "CONFIRM",
"url": "https://issues.apache.org/jira/browse/CAMEL-9309"
},
{
"name": "20151217 CVE-2015-5348 - Apache Camel medium disclosure vulnerability",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/537147/100/0/threaded"
},
{
"name": "80696",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/80696"
},
{
"name": "[camel-commits] 20190430 svn commit: r1044347 - in /websites/production/camel/content: cache/main.pageCache security-advisories.data/CVE-2019-0194.txt.asc security-advisories.html",
"refsource": "MLIST",
"url": "https://lists.apache.org/thread.html/b4014ea7c5830ca1fc28edd5cafedfe93ad4af2d9e69c961c5def31d@%3Ccommits.camel.apache.org%3E"
},
{
"name": "[camel-commits] 20190524 svn commit: r1045395 - in /websites/production/camel/content: cache/main.pageCache security-advisories.data/CVE-2019-0188.txt.asc security-advisories.html",
"refsource": "MLIST",
"url": "https://lists.apache.org/thread.html/2318d7f7d87724d8716cd650c21b31cb06e4d34f6d0f5ee42f28fdaf@%3Ccommits.camel.apache.org%3E"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"assignerShortName": "redhat",
"cveId": "CVE-2015-5348",
"datePublished": "2016-04-15T15:00:00",
"dateReserved": "2015-07-01T00:00:00",
"dateUpdated": "2024-08-06T06:41:09.342Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2016-2510 (GCVE-0-2016-2510)
Vulnerability from cvelistv5
Published
2016-04-07 20:00
Modified
2024-08-05 23:32
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
BeanShell (bsh) before 2.0b6, when included on the classpath by an application that uses Java serialization or XStream, allows remote attackers to execute arbitrary code via crafted serialized data, related to XThis.Handler.
References
| ► | URL | Tags | |||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T23:32:20.399Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "RHSA-2016:2035",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "http://rhn.redhat.com/errata/RHSA-2016-2035.html"
},
{
"name": "84139",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/84139"
},
{
"name": "RHSA-2016:1135",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "https://access.redhat.com/errata/RHSA-2016:1135"
},
{
"name": "RHSA-2016:0540",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "http://rhn.redhat.com/errata/RHSA-2016-0540.html"
},
{
"name": "RHSA-2016:1376",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "https://access.redhat.com/errata/RHSA-2016:1376"
},
{
"name": "openSUSE-SU-2016:0788",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00056.html"
},
{
"name": "RHSA-2016:0539",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "http://rhn.redhat.com/errata/RHSA-2016-0539.html"
},
{
"name": "DSA-3504",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN",
"x_transferred"
],
"url": "http://www.debian.org/security/2016/dsa-3504"
},
{
"name": "1035440",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://www.securitytracker.com/id/1035440"
},
{
"name": "openSUSE-SU-2016:0833",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00078.html"
},
{
"name": "USN-2923-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU",
"x_transferred"
],
"url": "http://www.ubuntu.com/usn/USN-2923-1"
},
{
"name": "GLSA-201607-17",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO",
"x_transferred"
],
"url": "https://security.gentoo.org/glsa/201607-17"
},
{
"name": "RHSA-2019:1545",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "https://access.redhat.com/errata/RHSA-2019:1545"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.oracle.com/security-alerts/cpuoct2020.html"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/frohoff/ysoserial/pull/13"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://github.com/beanshell/beanshell/commit/7c68fde2d6fc65e362f20863d868c112a90a9b49"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://github.com/beanshell/beanshell/commit/1ccc66bb693d4e46a34a904db8eeff07808d2ced"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://github.com/beanshell/beanshell/releases/tag/2.0b6"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.rsaconference.com/writable/presentations/file_upload/asd-f03-serial-killer-silently-pwning-your-java-endpoints.pdf"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2016-02-18T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "BeanShell (bsh) before 2.0b6, when included on the classpath by an application that uses Java serialization or XStream, allows remote attackers to execute arbitrary code via crafted serialized data, related to XThis.Handler."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2020-10-20T21:14:50",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "RHSA-2016:2035",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "http://rhn.redhat.com/errata/RHSA-2016-2035.html"
},
{
"name": "84139",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/84139"
},
{
"name": "RHSA-2016:1135",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2016:1135"
},
{
"name": "RHSA-2016:0540",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "http://rhn.redhat.com/errata/RHSA-2016-0540.html"
},
{
"name": "RHSA-2016:1376",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2016:1376"
},
{
"name": "openSUSE-SU-2016:0788",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00056.html"
},
{
"name": "RHSA-2016:0539",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "http://rhn.redhat.com/errata/RHSA-2016-0539.html"
},
{
"name": "DSA-3504",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN"
],
"url": "http://www.debian.org/security/2016/dsa-3504"
},
{
"name": "1035440",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://www.securitytracker.com/id/1035440"
},
{
"name": "openSUSE-SU-2016:0833",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00078.html"
},
{
"name": "USN-2923-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU"
],
"url": "http://www.ubuntu.com/usn/USN-2923-1"
},
{
"name": "GLSA-201607-17",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO"
],
"url": "https://security.gentoo.org/glsa/201607-17"
},
{
"name": "RHSA-2019:1545",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2019:1545"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.oracle.com/security-alerts/cpuoct2020.html"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/frohoff/ysoserial/pull/13"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/beanshell/beanshell/commit/7c68fde2d6fc65e362f20863d868c112a90a9b49"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/beanshell/beanshell/commit/1ccc66bb693d4e46a34a904db8eeff07808d2ced"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/beanshell/beanshell/releases/tag/2.0b6"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.rsaconference.com/writable/presentations/file_upload/asd-f03-serial-killer-silently-pwning-your-java-endpoints.pdf"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2016-2510",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "BeanShell (bsh) before 2.0b6, when included on the classpath by an application that uses Java serialization or XStream, allows remote attackers to execute arbitrary code via crafted serialized data, related to XThis.Handler."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "RHSA-2016:2035",
"refsource": "REDHAT",
"url": "http://rhn.redhat.com/errata/RHSA-2016-2035.html"
},
{
"name": "84139",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/84139"
},
{
"name": "RHSA-2016:1135",
"refsource": "REDHAT",
"url": "https://access.redhat.com/errata/RHSA-2016:1135"
},
{
"name": "RHSA-2016:0540",
"refsource": "REDHAT",
"url": "http://rhn.redhat.com/errata/RHSA-2016-0540.html"
},
{
"name": "RHSA-2016:1376",
"refsource": "REDHAT",
"url": "https://access.redhat.com/errata/RHSA-2016:1376"
},
{
"name": "openSUSE-SU-2016:0788",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00056.html"
},
{
"name": "RHSA-2016:0539",
"refsource": "REDHAT",
"url": "http://rhn.redhat.com/errata/RHSA-2016-0539.html"
},
{
"name": "DSA-3504",
"refsource": "DEBIAN",
"url": "http://www.debian.org/security/2016/dsa-3504"
},
{
"name": "1035440",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1035440"
},
{
"name": "openSUSE-SU-2016:0833",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00078.html"
},
{
"name": "USN-2923-1",
"refsource": "UBUNTU",
"url": "http://www.ubuntu.com/usn/USN-2923-1"
},
{
"name": "GLSA-201607-17",
"refsource": "GENTOO",
"url": "https://security.gentoo.org/glsa/201607-17"
},
{
"name": "RHSA-2019:1545",
"refsource": "REDHAT",
"url": "https://access.redhat.com/errata/RHSA-2019:1545"
},
{
"name": "https://www.oracle.com/security-alerts/cpuoct2020.html",
"refsource": "MISC",
"url": "https://www.oracle.com/security-alerts/cpuoct2020.html"
},
{
"name": "https://github.com/frohoff/ysoserial/pull/13",
"refsource": "MISC",
"url": "https://github.com/frohoff/ysoserial/pull/13"
},
{
"name": "https://github.com/beanshell/beanshell/commit/7c68fde2d6fc65e362f20863d868c112a90a9b49",
"refsource": "CONFIRM",
"url": "https://github.com/beanshell/beanshell/commit/7c68fde2d6fc65e362f20863d868c112a90a9b49"
},
{
"name": "https://github.com/beanshell/beanshell/commit/1ccc66bb693d4e46a34a904db8eeff07808d2ced",
"refsource": "CONFIRM",
"url": "https://github.com/beanshell/beanshell/commit/1ccc66bb693d4e46a34a904db8eeff07808d2ced"
},
{
"name": "https://github.com/beanshell/beanshell/releases/tag/2.0b6",
"refsource": "CONFIRM",
"url": "https://github.com/beanshell/beanshell/releases/tag/2.0b6"
},
{
"name": "https://www.rsaconference.com/writable/presentations/file_upload/asd-f03-serial-killer-silently-pwning-your-java-endpoints.pdf",
"refsource": "MISC",
"url": "https://www.rsaconference.com/writable/presentations/file_upload/asd-f03-serial-killer-silently-pwning-your-java-endpoints.pdf"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2016-2510",
"datePublished": "2016-04-07T20:00:00",
"dateReserved": "2016-02-18T00:00:00",
"dateUpdated": "2024-08-05T23:32:20.399Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2016-4437 (GCVE-0-2016-4437)
Vulnerability from cvelistv5
Published
2016-06-07 14:00
Modified
2025-07-30 01:46
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
Apache Shiro before 1.2.5, when a cipher key has not been configured for the "remember me" feature, allows remote attackers to execute arbitrary code or bypass intended access restrictions via an unspecified request parameter.
References
| ► | URL | Tags | |||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T00:32:24.897Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "RHSA-2016:2035",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "http://rhn.redhat.com/errata/RHSA-2016-2035.html"
},
{
"name": "[announcements@aurora.apache.org] 20171101 Apache Aurora information disclosure vulnerability",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://lists.apache.org/thread.html/ef3a800c7d727a00e04b78e2f06c5cd8960f09ca28c9b69d94c3c4c4%40%3Cannouncements.aurora.apache.org%3E"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://packetstormsecurity.com/files/137310/Apache-Shiro-1.2.4-Information-Disclosure.html"
},
{
"name": "RHSA-2016:2036",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "http://rhn.redhat.com/errata/RHSA-2016-2036.html"
},
{
"name": "91024",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/91024"
},
{
"name": "20160603 [Announce] CVE-2016-4437: Apache Shiro information disclosure vulnerability",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://www.securityfocus.com/archive/1/538570/100/0/threaded"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://packetstormsecurity.com/files/157497/Apache-Shiro-1.2.4-Remote-Code-Execution.html"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2016-4437",
"options": [
{
"Exploitation": "active"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-02-07T13:29:14.189192Z",
"version": "2.0.3"
},
"type": "ssvc"
}
},
{
"other": {
"content": {
"dateAdded": "2021-11-03",
"reference": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2016-4437"
},
"type": "kev"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-321",
"description": "CWE-321 Use of Hard-coded Cryptographic Key",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-07-30T01:46:37.216Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"timeline": [
{
"lang": "en",
"time": "2021-11-03T00:00:00+00:00",
"value": "CVE-2016-4437 added to CISA KEV"
}
],
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2016-06-03T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "Apache Shiro before 1.2.5, when a cipher key has not been configured for the \"remember me\" feature, allows remote attackers to execute arbitrary code or bypass intended access restrictions via an unspecified request parameter."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2020-04-29T17:06:16.000Z",
"orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"shortName": "redhat"
},
"references": [
{
"name": "RHSA-2016:2035",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "http://rhn.redhat.com/errata/RHSA-2016-2035.html"
},
{
"name": "[announcements@aurora.apache.org] 20171101 Apache Aurora information disclosure vulnerability",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "https://lists.apache.org/thread.html/ef3a800c7d727a00e04b78e2f06c5cd8960f09ca28c9b69d94c3c4c4%40%3Cannouncements.aurora.apache.org%3E"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://packetstormsecurity.com/files/137310/Apache-Shiro-1.2.4-Information-Disclosure.html"
},
{
"name": "RHSA-2016:2036",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "http://rhn.redhat.com/errata/RHSA-2016-2036.html"
},
{
"name": "91024",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/91024"
},
{
"name": "20160603 [Announce] CVE-2016-4437: Apache Shiro information disclosure vulnerability",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://www.securityfocus.com/archive/1/538570/100/0/threaded"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://packetstormsecurity.com/files/157497/Apache-Shiro-1.2.4-Remote-Code-Execution.html"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "secalert@redhat.com",
"ID": "CVE-2016-4437",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Apache Shiro before 1.2.5, when a cipher key has not been configured for the \"remember me\" feature, allows remote attackers to execute arbitrary code or bypass intended access restrictions via an unspecified request parameter."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "RHSA-2016:2035",
"refsource": "REDHAT",
"url": "http://rhn.redhat.com/errata/RHSA-2016-2035.html"
},
{
"name": "[announcements@aurora.apache.org] 20171101 Apache Aurora information disclosure vulnerability",
"refsource": "MLIST",
"url": "https://lists.apache.org/thread.html/ef3a800c7d727a00e04b78e2f06c5cd8960f09ca28c9b69d94c3c4c4@%3Cannouncements.aurora.apache.org%3E"
},
{
"name": "http://packetstormsecurity.com/files/137310/Apache-Shiro-1.2.4-Information-Disclosure.html",
"refsource": "MISC",
"url": "http://packetstormsecurity.com/files/137310/Apache-Shiro-1.2.4-Information-Disclosure.html"
},
{
"name": "RHSA-2016:2036",
"refsource": "REDHAT",
"url": "http://rhn.redhat.com/errata/RHSA-2016-2036.html"
},
{
"name": "91024",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/91024"
},
{
"name": "20160603 [Announce] CVE-2016-4437: Apache Shiro information disclosure vulnerability",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/538570/100/0/threaded"
},
{
"name": "http://packetstormsecurity.com/files/157497/Apache-Shiro-1.2.4-Remote-Code-Execution.html",
"refsource": "MISC",
"url": "http://packetstormsecurity.com/files/157497/Apache-Shiro-1.2.4-Remote-Code-Execution.html"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"assignerShortName": "redhat",
"cveId": "CVE-2016-4437",
"datePublished": "2016-06-07T14:00:00.000Z",
"dateReserved": "2016-05-02T00:00:00.000Z",
"dateUpdated": "2025-07-30T01:46:37.216Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2016-2141 (GCVE-0-2016-2141)
Vulnerability from cvelistv5
Published
2016-06-30 00:00
Modified
2024-08-05 23:17
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
It was found that JGroups did not require necessary headers for encrypt and auth protocols from new nodes joining the cluster. An attacker could use this flaw to bypass security restrictions, and use this vulnerability to send and receive messages within the cluster, leading to information disclosure, message spoofing, or further possible attacks.
References
| ► | URL | Tags | |||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T23:17:50.610Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "RHSA-2016:1347",
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://access.redhat.com/errata/RHSA-2016:1347"
},
{
"name": "RHSA-2016:2035",
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "http://rhn.redhat.com/errata/RHSA-2016-2035.html"
},
{
"name": "RHSA-2016:1389",
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://access.redhat.com/errata/RHSA-2016:1389"
},
{
"name": "RHSA-2016:1345",
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://access.redhat.com/errata/RHSA-2016:1345"
},
{
"name": "RHSA-2016:1376",
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://access.redhat.com/errata/RHSA-2016:1376"
},
{
"name": "RHSA-2016:1330",
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://rhn.redhat.com/errata/RHSA-2016-1330.html"
},
{
"name": "RHSA-2016:1439",
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "http://rhn.redhat.com/errata/RHSA-2016-1439.html"
},
{
"name": "RHSA-2016:1331",
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://rhn.redhat.com/errata/RHSA-2016-1331.html"
},
{
"name": "91481",
"tags": [
"vdb-entry",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/91481"
},
{
"name": "RHSA-2016:1434",
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://access.redhat.com/errata/RHSA-2016:1434"
},
{
"name": "RHSA-2016:1328",
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://rhn.redhat.com/errata/RHSA-2016-1328.html"
},
{
"name": "RHSA-2016:1433",
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://access.redhat.com/errata/RHSA-2016:1433"
},
{
"tags": [
"x_transferred"
],
"url": "https://issues.jboss.org/browse/JGRP-2021"
},
{
"name": "RHSA-2016:1374",
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://access.redhat.com/errata/RHSA-2016:1374"
},
{
"name": "RHSA-2016:1432",
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://access.redhat.com/errata/RHSA-2016:1432"
},
{
"name": "RHSA-2016:1346",
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://access.redhat.com/errata/RHSA-2016:1346"
},
{
"name": "RHSA-2016:1334",
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://rhn.redhat.com/errata/RHSA-2016-1334.html"
},
{
"name": "RHSA-2016:1333",
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://rhn.redhat.com/errata/RHSA-2016-1333.html"
},
{
"name": "RHSA-2016:1329",
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://rhn.redhat.com/errata/RHSA-2016-1329.html"
},
{
"name": "RHSA-2016:1332",
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://rhn.redhat.com/errata/RHSA-2016-1332.html"
},
{
"name": "RHSA-2016:1435",
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "http://rhn.redhat.com/errata/RHSA-2016-1435.html"
},
{
"name": "1036165",
"tags": [
"vdb-entry",
"x_transferred"
],
"url": "http://www.securitytracker.com/id/1036165"
},
{
"tags": [
"x_transferred"
],
"url": "https://www.oracle.com/technetwork/security-advisory/cpuapr2019-5072813.html"
},
{
"name": "[geode-dev] 20200407 JGroups vulnerabilty",
"tags": [
"mailing-list",
"x_transferred"
],
"url": "https://lists.apache.org/thread.html/ra18cac97416abc2958db0b107877c31da28d884fa6e70fd89c87384a%40%3Cdev.geode.apache.org%3E"
},
{
"name": "[geode-dev] 20200407 Re: JGroups vulnerabilty",
"tags": [
"mailing-list",
"x_transferred"
],
"url": "https://lists.apache.org/thread.html/rb37cc937d4fc026fb56de4b4ec0d054aa4083c1a4edd0d8360c068a0%40%3Cdev.geode.apache.org%3E"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2016-06-23T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "It was found that JGroups did not require necessary headers for encrypt and auth protocols from new nodes joining the cluster. An attacker could use this flaw to bypass security restrictions, and use this vulnerability to send and receive messages within the cluster, leading to information disclosure, message spoofing, or further possible attacks."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-04-26T00:00:00",
"orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"shortName": "redhat"
},
"references": [
{
"name": "RHSA-2016:1347",
"tags": [
"vendor-advisory"
],
"url": "https://access.redhat.com/errata/RHSA-2016:1347"
},
{
"name": "RHSA-2016:2035",
"tags": [
"vendor-advisory"
],
"url": "http://rhn.redhat.com/errata/RHSA-2016-2035.html"
},
{
"name": "RHSA-2016:1389",
"tags": [
"vendor-advisory"
],
"url": "https://access.redhat.com/errata/RHSA-2016:1389"
},
{
"name": "RHSA-2016:1345",
"tags": [
"vendor-advisory"
],
"url": "https://access.redhat.com/errata/RHSA-2016:1345"
},
{
"name": "RHSA-2016:1376",
"tags": [
"vendor-advisory"
],
"url": "https://access.redhat.com/errata/RHSA-2016:1376"
},
{
"name": "RHSA-2016:1330",
"tags": [
"vendor-advisory"
],
"url": "https://rhn.redhat.com/errata/RHSA-2016-1330.html"
},
{
"name": "RHSA-2016:1439",
"tags": [
"vendor-advisory"
],
"url": "http://rhn.redhat.com/errata/RHSA-2016-1439.html"
},
{
"name": "RHSA-2016:1331",
"tags": [
"vendor-advisory"
],
"url": "https://rhn.redhat.com/errata/RHSA-2016-1331.html"
},
{
"name": "91481",
"tags": [
"vdb-entry"
],
"url": "http://www.securityfocus.com/bid/91481"
},
{
"name": "RHSA-2016:1434",
"tags": [
"vendor-advisory"
],
"url": "https://access.redhat.com/errata/RHSA-2016:1434"
},
{
"name": "RHSA-2016:1328",
"tags": [
"vendor-advisory"
],
"url": "https://rhn.redhat.com/errata/RHSA-2016-1328.html"
},
{
"name": "RHSA-2016:1433",
"tags": [
"vendor-advisory"
],
"url": "https://access.redhat.com/errata/RHSA-2016:1433"
},
{
"url": "https://issues.jboss.org/browse/JGRP-2021"
},
{
"name": "RHSA-2016:1374",
"tags": [
"vendor-advisory"
],
"url": "https://access.redhat.com/errata/RHSA-2016:1374"
},
{
"name": "RHSA-2016:1432",
"tags": [
"vendor-advisory"
],
"url": "https://access.redhat.com/errata/RHSA-2016:1432"
},
{
"name": "RHSA-2016:1346",
"tags": [
"vendor-advisory"
],
"url": "https://access.redhat.com/errata/RHSA-2016:1346"
},
{
"name": "RHSA-2016:1334",
"tags": [
"vendor-advisory"
],
"url": "https://rhn.redhat.com/errata/RHSA-2016-1334.html"
},
{
"name": "RHSA-2016:1333",
"tags": [
"vendor-advisory"
],
"url": "https://rhn.redhat.com/errata/RHSA-2016-1333.html"
},
{
"name": "RHSA-2016:1329",
"tags": [
"vendor-advisory"
],
"url": "https://rhn.redhat.com/errata/RHSA-2016-1329.html"
},
{
"name": "RHSA-2016:1332",
"tags": [
"vendor-advisory"
],
"url": "https://rhn.redhat.com/errata/RHSA-2016-1332.html"
},
{
"name": "RHSA-2016:1435",
"tags": [
"vendor-advisory"
],
"url": "http://rhn.redhat.com/errata/RHSA-2016-1435.html"
},
{
"name": "1036165",
"tags": [
"vdb-entry"
],
"url": "http://www.securitytracker.com/id/1036165"
},
{
"url": "https://www.oracle.com/technetwork/security-advisory/cpuapr2019-5072813.html"
},
{
"name": "[geode-dev] 20200407 JGroups vulnerabilty",
"tags": [
"mailing-list"
],
"url": "https://lists.apache.org/thread.html/ra18cac97416abc2958db0b107877c31da28d884fa6e70fd89c87384a%40%3Cdev.geode.apache.org%3E"
},
{
"name": "[geode-dev] 20200407 Re: JGroups vulnerabilty",
"tags": [
"mailing-list"
],
"url": "https://lists.apache.org/thread.html/rb37cc937d4fc026fb56de4b4ec0d054aa4083c1a4edd0d8360c068a0%40%3Cdev.geode.apache.org%3E"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"assignerShortName": "redhat",
"cveId": "CVE-2016-2141",
"datePublished": "2016-06-30T00:00:00",
"dateReserved": "2016-01-29T00:00:00",
"dateUpdated": "2024-08-05T23:17:50.610Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2015-5344 (GCVE-0-2015-5344)
Vulnerability from cvelistv5
Published
2016-02-03 15:00
Modified
2024-08-06 06:41
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
The camel-xstream component in Apache Camel before 2.15.5 and 2.16.x before 2.16.1 allow remote attackers to execute arbitrary commands via a crafted serialized Java object in an HTTP request.
References
| ► | URL | Tags | ||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T06:41:09.552Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "RHSA-2016:2035",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "http://rhn.redhat.com/errata/RHSA-2016-2035.html"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://camel.apache.org/security-advisories.data/CVE-2015-5344.txt.asc"
},
{
"name": "82260",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/82260"
},
{
"name": "20160130 CVE-2015-5344 - Apache Camel medium disclosure vulnerability",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://www.securityfocus.com/archive/1/537414/100/0/threaded"
},
{
"name": "[camel-commits] 20190430 svn commit: r1044347 - in /websites/production/camel/content: cache/main.pageCache security-advisories.data/CVE-2019-0194.txt.asc security-advisories.html",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://lists.apache.org/thread.html/b4014ea7c5830ca1fc28edd5cafedfe93ad4af2d9e69c961c5def31d%40%3Ccommits.camel.apache.org%3E"
},
{
"name": "[camel-commits] 20190524 svn commit: r1045395 - in /websites/production/camel/content: cache/main.pageCache security-advisories.data/CVE-2019-0188.txt.asc security-advisories.html",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://lists.apache.org/thread.html/2318d7f7d87724d8716cd650c21b31cb06e4d34f6d0f5ee42f28fdaf%40%3Ccommits.camel.apache.org%3E"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2016-01-30T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "The camel-xstream component in Apache Camel before 2.15.5 and 2.16.x before 2.16.1 allow remote attackers to execute arbitrary commands via a crafted serialized Java object in an HTTP request."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2019-05-24T10:06:04",
"orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"shortName": "redhat"
},
"references": [
{
"name": "RHSA-2016:2035",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "http://rhn.redhat.com/errata/RHSA-2016-2035.html"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://camel.apache.org/security-advisories.data/CVE-2015-5344.txt.asc"
},
{
"name": "82260",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/82260"
},
{
"name": "20160130 CVE-2015-5344 - Apache Camel medium disclosure vulnerability",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://www.securityfocus.com/archive/1/537414/100/0/threaded"
},
{
"name": "[camel-commits] 20190430 svn commit: r1044347 - in /websites/production/camel/content: cache/main.pageCache security-advisories.data/CVE-2019-0194.txt.asc security-advisories.html",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "https://lists.apache.org/thread.html/b4014ea7c5830ca1fc28edd5cafedfe93ad4af2d9e69c961c5def31d%40%3Ccommits.camel.apache.org%3E"
},
{
"name": "[camel-commits] 20190524 svn commit: r1045395 - in /websites/production/camel/content: cache/main.pageCache security-advisories.data/CVE-2019-0188.txt.asc security-advisories.html",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "https://lists.apache.org/thread.html/2318d7f7d87724d8716cd650c21b31cb06e4d34f6d0f5ee42f28fdaf%40%3Ccommits.camel.apache.org%3E"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "secalert@redhat.com",
"ID": "CVE-2015-5344",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The camel-xstream component in Apache Camel before 2.15.5 and 2.16.x before 2.16.1 allow remote attackers to execute arbitrary commands via a crafted serialized Java object in an HTTP request."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "RHSA-2016:2035",
"refsource": "REDHAT",
"url": "http://rhn.redhat.com/errata/RHSA-2016-2035.html"
},
{
"name": "http://camel.apache.org/security-advisories.data/CVE-2015-5344.txt.asc",
"refsource": "CONFIRM",
"url": "http://camel.apache.org/security-advisories.data/CVE-2015-5344.txt.asc"
},
{
"name": "82260",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/82260"
},
{
"name": "20160130 CVE-2015-5344 - Apache Camel medium disclosure vulnerability",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/537414/100/0/threaded"
},
{
"name": "[camel-commits] 20190430 svn commit: r1044347 - in /websites/production/camel/content: cache/main.pageCache security-advisories.data/CVE-2019-0194.txt.asc security-advisories.html",
"refsource": "MLIST",
"url": "https://lists.apache.org/thread.html/b4014ea7c5830ca1fc28edd5cafedfe93ad4af2d9e69c961c5def31d@%3Ccommits.camel.apache.org%3E"
},
{
"name": "[camel-commits] 20190524 svn commit: r1045395 - in /websites/production/camel/content: cache/main.pageCache security-advisories.data/CVE-2019-0188.txt.asc security-advisories.html",
"refsource": "MLIST",
"url": "https://lists.apache.org/thread.html/2318d7f7d87724d8716cd650c21b31cb06e4d34f6d0f5ee42f28fdaf@%3Ccommits.camel.apache.org%3E"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"assignerShortName": "redhat",
"cveId": "CVE-2015-5344",
"datePublished": "2016-02-03T15:00:00",
"dateReserved": "2015-07-01T00:00:00",
"dateUpdated": "2024-08-06T06:41:09.552Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2015-7940 (GCVE-0-2015-7940)
Vulnerability from cvelistv5
Published
2015-11-09 16:00
Modified
2024-08-06 08:06
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
The Bouncy Castle Java library before 1.51 does not validate a point is withing the elliptic curve, which makes it easier for remote attackers to obtain private keys via a series of crafted elliptic curve Diffie Hellman (ECDH) key exchanges, aka an "invalid curve attack."
References
| ► | URL | Tags | |||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T08:06:30.850Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "RHSA-2016:2035",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "http://rhn.redhat.com/errata/RHSA-2016-2035.html"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.oracle.com/technetwork/security-advisory/cpujul2018-4258247.html"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.oracle.com/technetwork/security-advisory/cpujan2018-3236628.html"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://www.oracle.com/technetwork/security-advisory/cpujan2019-5072801.html"
},
{
"name": "79091",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/79091"
},
{
"name": "openSUSE-SU-2015:1911",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2015-11/msg00012.html"
},
{
"name": "FEDORA-2015-7d95466eda",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA",
"x_transferred"
],
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2016-January/174915.html"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.oracle.com/technetwork/security-advisory/cpuoct2016-2881722.html"
},
{
"name": "RHSA-2016:2036",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "http://rhn.redhat.com/errata/RHSA-2016-2036.html"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.oracle.com/technetwork/security-advisory/cpuoct2017-3236626.html"
},
{
"name": "USN-3727-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU",
"x_transferred"
],
"url": "https://usn.ubuntu.com/3727-1/"
},
{
"name": "[oss-security] 20151022 Re: CVE Request: invalid curve attack on bouncycastle",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2015/10/22/9"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.oracle.com/technetwork/security-advisory/cpuapr2018-3678067.html"
},
{
"name": "1037036",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://www.securitytracker.com/id/1037036"
},
{
"name": "[oss-security] 20151022 CVE Request: invalid curve attack on bouncycastle",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2015/10/22/7"
},
{
"name": "DSA-3417",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN",
"x_transferred"
],
"url": "http://www.debian.org/security/2015/dsa-3417"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.oracle.com/technetwork/security-advisory/cpujul2017-3236622.html"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://web-in-security.blogspot.ca/2015/09/practical-invalid-curve-attacks.html"
},
{
"name": "1037046",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://www.securitytracker.com/id/1037046"
},
{
"name": "1037053",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://www.securitytracker.com/id/1037053"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.oracle.com/security-alerts/cpuapr2020.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2015-09-15T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "The Bouncy Castle Java library before 1.51 does not validate a point is withing the elliptic curve, which makes it easier for remote attackers to obtain private keys via a series of crafted elliptic curve Diffie Hellman (ECDH) key exchanges, aka an \"invalid curve attack.\""
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2020-04-15T21:06:39",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "RHSA-2016:2035",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "http://rhn.redhat.com/errata/RHSA-2016-2035.html"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.oracle.com/technetwork/security-advisory/cpujul2018-4258247.html"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.oracle.com/technetwork/security-advisory/cpujan2018-3236628.html"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://www.oracle.com/technetwork/security-advisory/cpujan2019-5072801.html"
},
{
"name": "79091",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/79091"
},
{
"name": "openSUSE-SU-2015:1911",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2015-11/msg00012.html"
},
{
"name": "FEDORA-2015-7d95466eda",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA"
],
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2016-January/174915.html"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.oracle.com/technetwork/security-advisory/cpuoct2016-2881722.html"
},
{
"name": "RHSA-2016:2036",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "http://rhn.redhat.com/errata/RHSA-2016-2036.html"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.oracle.com/technetwork/security-advisory/cpuoct2017-3236626.html"
},
{
"name": "USN-3727-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU"
],
"url": "https://usn.ubuntu.com/3727-1/"
},
{
"name": "[oss-security] 20151022 Re: CVE Request: invalid curve attack on bouncycastle",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://www.openwall.com/lists/oss-security/2015/10/22/9"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.oracle.com/technetwork/security-advisory/cpuapr2018-3678067.html"
},
{
"name": "1037036",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://www.securitytracker.com/id/1037036"
},
{
"name": "[oss-security] 20151022 CVE Request: invalid curve attack on bouncycastle",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://www.openwall.com/lists/oss-security/2015/10/22/7"
},
{
"name": "DSA-3417",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN"
],
"url": "http://www.debian.org/security/2015/dsa-3417"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.oracle.com/technetwork/security-advisory/cpujul2017-3236622.html"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://web-in-security.blogspot.ca/2015/09/practical-invalid-curve-attacks.html"
},
{
"name": "1037046",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://www.securitytracker.com/id/1037046"
},
{
"name": "1037053",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://www.securitytracker.com/id/1037053"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.oracle.com/security-alerts/cpuapr2020.html"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2015-7940",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The Bouncy Castle Java library before 1.51 does not validate a point is withing the elliptic curve, which makes it easier for remote attackers to obtain private keys via a series of crafted elliptic curve Diffie Hellman (ECDH) key exchanges, aka an \"invalid curve attack.\""
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "RHSA-2016:2035",
"refsource": "REDHAT",
"url": "http://rhn.redhat.com/errata/RHSA-2016-2035.html"
},
{
"name": "http://www.oracle.com/technetwork/security-advisory/cpujul2018-4258247.html",
"refsource": "CONFIRM",
"url": "http://www.oracle.com/technetwork/security-advisory/cpujul2018-4258247.html"
},
{
"name": "http://www.oracle.com/technetwork/security-advisory/cpujan2018-3236628.html",
"refsource": "CONFIRM",
"url": "http://www.oracle.com/technetwork/security-advisory/cpujan2018-3236628.html"
},
{
"name": "https://www.oracle.com/technetwork/security-advisory/cpujan2019-5072801.html",
"refsource": "CONFIRM",
"url": "https://www.oracle.com/technetwork/security-advisory/cpujan2019-5072801.html"
},
{
"name": "79091",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/79091"
},
{
"name": "openSUSE-SU-2015:1911",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2015-11/msg00012.html"
},
{
"name": "FEDORA-2015-7d95466eda",
"refsource": "FEDORA",
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2016-January/174915.html"
},
{
"name": "http://www.oracle.com/technetwork/security-advisory/cpuoct2016-2881722.html",
"refsource": "CONFIRM",
"url": "http://www.oracle.com/technetwork/security-advisory/cpuoct2016-2881722.html"
},
{
"name": "RHSA-2016:2036",
"refsource": "REDHAT",
"url": "http://rhn.redhat.com/errata/RHSA-2016-2036.html"
},
{
"name": "http://www.oracle.com/technetwork/security-advisory/cpuoct2017-3236626.html",
"refsource": "CONFIRM",
"url": "http://www.oracle.com/technetwork/security-advisory/cpuoct2017-3236626.html"
},
{
"name": "USN-3727-1",
"refsource": "UBUNTU",
"url": "https://usn.ubuntu.com/3727-1/"
},
{
"name": "[oss-security] 20151022 Re: CVE Request: invalid curve attack on bouncycastle",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2015/10/22/9"
},
{
"name": "http://www.oracle.com/technetwork/security-advisory/cpuapr2018-3678067.html",
"refsource": "CONFIRM",
"url": "http://www.oracle.com/technetwork/security-advisory/cpuapr2018-3678067.html"
},
{
"name": "1037036",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1037036"
},
{
"name": "[oss-security] 20151022 CVE Request: invalid curve attack on bouncycastle",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2015/10/22/7"
},
{
"name": "DSA-3417",
"refsource": "DEBIAN",
"url": "http://www.debian.org/security/2015/dsa-3417"
},
{
"name": "http://www.oracle.com/technetwork/security-advisory/cpujul2017-3236622.html",
"refsource": "CONFIRM",
"url": "http://www.oracle.com/technetwork/security-advisory/cpujul2017-3236622.html"
},
{
"name": "http://web-in-security.blogspot.ca/2015/09/practical-invalid-curve-attacks.html",
"refsource": "MISC",
"url": "http://web-in-security.blogspot.ca/2015/09/practical-invalid-curve-attacks.html"
},
{
"name": "1037046",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1037046"
},
{
"name": "1037053",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1037053"
},
{
"name": "https://www.oracle.com/security-alerts/cpuapr2020.html",
"refsource": "MISC",
"url": "https://www.oracle.com/security-alerts/cpuapr2020.html"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2015-7940",
"datePublished": "2015-11-09T16:00:00",
"dateReserved": "2015-10-22T00:00:00",
"dateUpdated": "2024-08-06T08:06:30.850Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
Loading…
Loading…
Sightings
| Author | Source | Type | Date |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
- Confirmed: The vulnerability is confirmed from an analyst perspective.
- Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
- Patched: This vulnerability was successfully patched by the user reporting the sighting.
- Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
- Not confirmed: The user expresses doubt about the veracity of the vulnerability.
- Not patched: This vulnerability was not successfully patched by the user reporting the sighting.
Loading…
Loading…