Описание
Incorrect Authorization in Getahead Direct Web Remoting
Getahead Direct Web Remoting (DWR) before 1.1.4 allows attackers to obtain unauthorized access to public methods via a crafted request that bypasses the include/exclude checks.
Пакеты
Наименование
org.directwebremoting:dwr
maven
Затронутые версииВерсия исправления
< 1.1.4
1.1.4
Связанные уязвимости
nvd
около 19 лет назад
Getahead Direct Web Remoting (DWR) before 1.1.4 allows attackers to obtain unauthorized access to public methods via a crafted request that bypasses the include/exclude checks.