exploit the possibilities
Home Files News &[SERVICES_TAB]About Contact Add New
Showing 1 - 4 of 4 RSS Feed

CVE-2022-33980

Status Candidate

Overview

Apache Commons Configuration performs variable interpolation, allowing properties to be dynamically evaluated and expanded. The standard format for interpolation is "${prefix:name}", where "prefix" is used to locate an instance of org.apache.commons.configuration2.interpol.Lookup that performs the interpolation. Starting with version 2.4 and continuing through 2.7, the set of default Lookup instances included interpolators that could result in arbitrary code execution or contact with remote servers. These lookups are: - "script" - execute expressions using the JVM script execution engine (javax.script) - "dns" - resolve dns records - "url" - load values from urls, including from remote servers Applications using the interpolation defaults in the affected versions may be vulnerable to remote code execution or unintentional contact with remote servers if untrusted configuration values are used. Users are recommended to upgrade to Apache Commons Configuration 2.8.0, which disables the problematic interpolators by default.

Related Files

Red Hat Security Advisory 2023-2097-03
Posted May 4, 2023
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2023-2097-03 - Red Hat Satellite is a systems management tool for Linux-based infrastructure. It allows for provisioning, remote management, and monitoring of multiple Linux deployments with a single centralized tool. Issues addressed include code execution, cross site scripting, denial of service, deserialization, improper neutralization, information leakage, and remote shell upload vulnerabilities.

tags | advisory, remote, denial of service, shell, vulnerability, code execution, xss
systems | linux, redhat
advisories | CVE-2022-1471, CVE-2022-22577, CVE-2022-23514, CVE-2022-23515, CVE-2022-23516, CVE-2022-23517, CVE-2022-23518, CVE-2022-23519, CVE-2022-23520, CVE-2022-25857, CVE-2022-27777, CVE-2022-31163, CVE-2022-32224, CVE-2022-33980
SHA-256 | 50fea193584f82c8f1d6717f456a59c84a8ff40da5472a16b24d35524eadc879
Download | Favorite | View
Red Hat Security Advisory 2022-8652-01
Posted Nov 29, 2022
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2022-8652-01 - This release of Red Hat Fuse 7.11.1 serves as a replacement for Red Hat Fuse 7.11 and includes bug fixes and enhancements, which are documented in the Release Notes document linked in the References. Issues addressed include bypass, cross site scripting, denial of service, remote SQL injection, and traversal vulnerabilities.

tags | advisory, remote, denial of service, vulnerability, xss, sql injection
systems | linux, redhat
advisories | CVE-2019-8331, CVE-2021-31684, CVE-2021-3717, CVE-2021-44906, CVE-2022-0613, CVE-2022-2048, CVE-2022-2053, CVE-2022-24723, CVE-2022-24785, CVE-2022-24823, CVE-2022-25857, CVE-2022-31129, CVE-2022-31197, CVE-2022-33980
SHA-256 | b89385857db68f0aa348c05a9ddb89d72cf0040803429d98b23d91abba728434
Download | Favorite | View
Debian Security Advisory 5290-1
Posted Nov 28, 2022
Authored by Debian | Site debian.org

Debian Linux Security Advisory 5290-1 - Apache Commons Configuration, a Java library providing a generic configuration interface, performs variable interpolation, allowing properties to be dynamically evaluated and expanded. Starting with version 2.4 and continuing through 2.7, the set of default Lookup instances included interpolators that could result in arbitrary code execution or contact with remote servers.

tags | advisory, java, remote, arbitrary, code execution
systems | linux, debian
advisories | CVE-2022-33980
SHA-256 | 20b74b9fbd86a759f5b71128ce07de054cfbec59f6d32a7281454300d1ea201e
Download | Favorite | View
Red Hat Security Advisory 2022-6916-01
Posted Oct 13, 2022
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2022-6916-01 - AMQ Broker is a high-performance messaging implementation based on ActiveMQ Artemis. It uses an asynchronous journal for fast message persistence, and supports multiple languages, protocols, and platforms. This release of Red Hat AMQ Broker 7.10.1 includes security and bug fixes, and enhancements. For further information, refer to the release notes linked to in the References section. Issues addressed include a html injection vulnerability.

tags | advisory, protocol
systems | linux, redhat
advisories | CVE-2021-3121, CVE-2022-24823, CVE-2022-33980, CVE-2022-35278
SHA-256 | 6b89640d7d4498cbb3ba5fe2b00901c811c23f11113a41ef771edf43f98a2db0
Download | Favorite | View
Page 1 of 1
Back1Next

File Archive:

November 2024

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Nov 1st
    30 Files
  • 2
    Nov 2nd
    0 Files
  • 3
    Nov 3rd
    0 Files
  • 4
    Nov 4th
    12 Files
  • 5
    Nov 5th
    44 Files
  • 6
    Nov 6th
    18 Files
  • 7
    Nov 7th
    9 Files
  • 8
    Nov 8th
    8 Files
  • 9
    Nov 9th
    3 Files
  • 10
    Nov 10th
    0 Files
  • 11
    Nov 11th
    14 Files
  • 12
    Nov 12th
    20 Files
  • 13
    Nov 13th
    63 Files
  • 14
    Nov 14th
    18 Files
  • 15
    Nov 15th
    8 Files
  • 16
    Nov 16th
    0 Files
  • 17
    Nov 17th
    0 Files
  • 18
    Nov 18th
    18 Files
  • 19
    Nov 19th
    7 Files
  • 20
    Nov 20th
    13 Files
  • 21
    Nov 21st
    6 Files
  • 22
    Nov 22nd
    48 Files
  • 23
    Nov 23rd
    0 Files
  • 24
    Nov 24th
    0 Files
  • 25
    Nov 25th
    60 Files
  • 26
    Nov 26th
    0 Files
  • 27
    Nov 27th
    44 Files
  • 28
    Nov 28th
    0 Files
  • 29
    Nov 29th
    0 Files
  • 30
    Nov 30th
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2024 Packet Storm. All rights reserved.

Site Links
News by Month
News Tags
Files by Month
File Tags
File Directory
About Us
History & Purpose
Contact Information
Terms of Service
Privacy Statement
Copyright Information
Services
Security Services
Hosting By
Rokasec
close