Vulmon Recent Vulnerabilities Research Posts Trends Blog About Contact

apache commons configuration vulnerabilities and exploits

(subscribe to this query)
10
CVSSv3
CVE-2020-1953
Apache Commons Configuration uses a third-party library to parse YAML files which by default allows the instantiation of classes if the YAML includes special statements. Apache Commons Configuration versions 2.2, 2.3, 2.4, 2.5, 2.6 did not change the default settings of this libr...
Apache Commons Configuration 2.3Apache Commons Configuration 2.4Apache Commons Configuration 2.5Apache Commons Configuration 2.6Apache Commons Configuration 2.2Oracle Database Server 12.1.0.2Oracle Database Server 11.2.0.4Oracle Database Server 12.2.0.1Oracle Database Server 18cOracle Database Server 19cOracle Healthcare Foundation 7.2.0Oracle Healthcare Foundation 7.2.1Oracle Healthcare Foundation 7.3.0Oracle Healthcare Foundation 7.1.1
9.8
CVSSv3
CVE-2022-42889
Apache Commons Text performs variable interpolation, allowing properties to be dynamically evaluated and expanded. The standard format for interpolation is "${prefix:name}", where "prefix" is used to locate an instance of org.apache.commons.text.lookup.StringL...
Apache Commons TextNetapp Bluexp -Juniper Security Threat Response ManagerJuniper Security Threat Response Manager 7.5.0
9.8
CVSSv3
CVE-2022-33980
Apache Commons Configuration performs variable interpolation, allowing properties to be dynamically evaluated and expanded. The standard format for interpolation is "${prefix:name}", where "prefix" is used to locate an instance of org.apache.commons.configurat...
Apache Commons ConfigurationNetapp Snapcenter -Debian Debian Linux 11.0
9.8
CVSSv3
CVE-2019-14892
A flaw exists in jackson-databind in versions prior to 2.9.10, 2.8.11.5 and 2.6.7.3, where it would permit polymorphic deserialization of a malicious object using commons-configuration 1 and 2 JNDI classes. An attacker could use this flaw to execute arbitrary code.
Fasterxml Jackson-databindRedhat Jboss Enterprise Application Platform 7.0Redhat Decision Manager 7.0Redhat Jboss Fuse 7.0.0Redhat Process Automation 7.0Redhat Jboss Data Grid 7.0.0Redhat Openshift Container Platform 4.3Redhat Jboss Data Grid -Apache Geode 1.12.0
9.8
CVSSv3
CVE-2016-4368
HPE Universal CMDB 10.0 up to and including 10.21, Universal CMDB Configuration Manager 10.0 up to and including 10.21, and Universal Discovery 10.0 up to and including 10.21 allow remote malicious users to execute arbitrary commands via a crafted serialized Java object, related ...
Hp Universal Cmbd Foundation 10.20Hp Universal Cmbd Foundation 10.11Hp Universal Cmbd Foundation 10.10Hp Universal Cmbd Foundation 10.01Hp Universal Cmbd Foundation 10.0Hp Universal Cmbd Foundation 10.21Hp Universal Cmbd Configuration Manager 10.10Hp Universal Cmbd Configuration Manager 10.11Hp Universal Cmbd Configuration Manager 10.20Hp Universal Cmbd Configuration Manager 10.21Hp Universal Cmbd Configuration Manager 10.01Hp Universal Cmbd Configuration Manager 10.0Hp Universal Discovery 10.11Hp Universal Discovery 10.20Hp Universal Discovery 10.21Hp Universal Discovery 10.01Hp Universal Discovery 10.0Hp Universal Discovery 10.10
8.1
CVSSv3
CVE-2022-45381
Jenkins Pipeline Utility Steps Plugin 2.13.1 and previous versions does not restrict the set of enabled prefix interpolators and bundles versions of Apache Commons Configuration library that enable the 'file:' prefix interpolator by default, allowing attackers able to c...
Jenkins Pipeline Utility Steps
7.5
CVSSv3
CVE-2023-28709
The fix for CVE-2023-24998 was incomplete for Apache Tomcat 11.0.0-M2 to 11.0.0-M4, 10.1.5 to 10.1.7, 9.0.71 to 9.0.73 and 8.5.85 to 8.5.87. If non-default HTTP connector settings were used such that the maxParameterCount could be reached using query string parameters and a reque...
Apache Tomcat 11.0.0Apache TomcatDebian Debian Linux 12.0Netapp 7-mode Transition Tool -
7.5
CVSSv3
CVE-2023-24998
Apache Commons FileUpload prior to 1.5 does not limit the number of request parts to be processed resulting in the possibility of an attacker triggering a DoS with a malicious upload or series of uploads. Note that, like all of the file upload limits, the new configuration option...
Apache Commons FileuploadApache Commons Fileupload 1.0Debian Debian Linux 9.0Debian Debian Linux 11.0
7.5
CVSSv3
CVE-2022-45143
The JsonErrorReportValve in Apache Tomcat 8.5.83, 9.0.40 to 9.0.68 and 10.1.0-M1 to 10.1.1 did not escape the type, message or description values. In some circumstances these are constructed from user provided data and it was therefore possible for users to supply values that inv...
Apache Tomcat 10.1.0Apache Tomcat 10.1.1Apache TomcatApache Tomcat 8.5.83
7.5
CVSSv3
CVE-2020-13935
The payload length in a WebSocket frame was not correctly validated in Apache Tomcat 10.0.0-M1 to 10.0.0-M6, 9.0.0.M1 to 9.0.36, 8.5.0 to 8.5.56 and 7.0.27 to 7.0.104. Invalid payload lengths could trigger an infinite loop. Multiple requests with invalid payload lengths could lea...
Apache Tomcat 9.0.0Apache Tomcat 10.0.0Apache TomcatDebian Debian Linux 9.0Debian Debian Linux 10.0Netapp Oncommand System ManagerOpensuse Leap 15.1Opensuse Leap 15.2Canonical Ubuntu Linux 20.04Canonical Ubuntu Linux 16.04Mcafee Epolicy Orchestrator 5.9.0Mcafee Epolicy Orchestrator 5.9.1Mcafee Epolicy Orchestrator 5.10.0Oracle Managed File Transfer 12.2.1.3.0Oracle Instantis Enterprisetrack 17.1Oracle Instantis Enterprisetrack 17.2Oracle Instantis Enterprisetrack 17.3Oracle Agile Plm 9.3.3Oracle Agile Plm 9.3.5Oracle Agile Plm 9.3.6Oracle Workload Manager 18cOracle Workload Manager 19c
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-27322administrator privilegesCVE-2024-1579hardcodedCVE-2023-20198CVE-2024-33587CVE-2024-33449CVE-2024-4308HTML injection
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started

Vulmon Search

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

About

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Products

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Connect

Twitter Reddit Linkedin Facebook