CVE-2016-0710

Опубликовано: 11 апр. 2016

Источник: nvd

CVSS3: 8.8

CVSS2: 7.5

EPSS Высокий

Описание

Multiple SQL injection vulnerabilities in the User Manager service in Apache Jetspeed before 2.3.1 allow remote attackers to execute arbitrary SQL commands via the (1) role or (2) user parameter to services/usermanager/users/.

Ссылки

http://haxx.ml/post/140552592371/remote-code-execution-in-apache-jetspeed-230-and
Exploit
http://packetstormsecurity.com/files/136489/Apache-Jetspeed-Arbitrary-File-Upload.html
Exploit
http://www.rapid7.com/db/modules/exploit/multi/http/apache_jetspeed_file_upload
https://mail-archives.apache.org/mod_mbox/portals-jetspeed-user/201603.mbox/%3C046318A1-226E-453F-9394-B84F1A33E6A4%40bluesunrise.com%3E
https://portals.apache.org/jetspeed-2/security-reports.html#CVE-2016-0710
Vendor Advisory
https://www.exploit-db.com/exploits/39643/
Exploit
http://haxx.ml/post/140552592371/remote-code-execution-in-apache-jetspeed-230-and
Exploit
http://packetstormsecurity.com/files/136489/Apache-Jetspeed-Arbitrary-File-Upload.html
Exploit
http://www.rapid7.com/db/modules/exploit/multi/http/apache_jetspeed_file_upload
https://mail-archives.apache.org/mod_mbox/portals-jetspeed-user/201603.mbox/%3C046318A1-226E-453F-9394-B84F1A33E6A4%40bluesunrise.com%3E
https://portals.apache.org/jetspeed-2/security-reports.html#CVE-2016-0710
Vendor Advisory
https://www.exploit-db.com/exploits/39643/
Exploit

Уязвимые конфигурации

Конфигурация 1

cpe:2.3:a:apache:jetspeed:*:*:*:*:*:*:*:*

Версия до 2.3.0 (включая)

EPSS

Процентиль: 99%

0.7922

Высокий

8.8 High

CVSS3

7.5 High

CVSS2

Дефекты

CWE-89

Связанные уязвимости

GHSA-88f6-79x2-xqf3