c3p0 vulnerabilities and exploits

(subscribe to this query)

c3p0 0.9.5.2 allows XXE in extractXmlConfigFromInputStream in com/mchange/v2/c3p0/cfg/C3P0ConfigXmlUtils.java during initialization.

Mchange C3p0 0.9.5.2 Debian Debian Linux 8.0

c3p0 version < 0.9.5.4 may be exploited by a billion laughs attack when loading XML configuration due to missing protections against recursive entity expansion when loading configuration.

Mchange C3p0 Fedoraproject Fedora 29 Fedoraproject Fedora 30 Oracle Retail Xstore Point Of Service 15.0 Oracle Flexcube Private Banking 12.1.0 Oracle Flexcube Private Banking 12.0.0 Oracle Webcenter Sites 12.2.1.3.0 Oracle Retail Xstore Point Of Service 16.0 Oracle Webcenter Sites 12.2.1.4.0 Oracle Retail Xstore Point Of Service 17.0 Oracle Retail Xstore Point Of Service 18.0 Oracle Retail Xstore Point Of Service 19.0 Oracle Communications Ip Service Activator 7.4.0 Oracle Communications Ip Service Activator 7.3.0 Oracle Hyperion Infrastructure Technology 11.1.2.4 Oracle Enterprise Manager Ops Center 12.4.0.0 Oracle Communications Session Route Manager Oracle Enterprise Manager Base Platform 13.2.1.0 Oracle Documaker

In spring AMQP versions 1.0.0 to 2.4.16 and 3.0.0 to 3.0.9 , allowed list patterns for deserializable class names were added to Spring AMQP, allowing users to lock down deserialization of data in messages from untrusted sources; however by default, when no allowed list was provi...

Vmware Spring Advanced Message Queuing Protocol

2 Github repositories

In Spring for Apache Kafka 3.0.9 and previous versions and versions 2.9.10 and previous versions, a possible deserialization attack vector existed, but only if unusual configuration was applied. An attacker would have to construct a malicious serialized object in one of the deser...

Vmware Spring For Apache Kafka

4 Github repositories

For RocketMQ versions 5.1.0 and below, under certain conditions, there is a risk of remote command execution. Several components of RocketMQ, including NameServer, Broker, and Controller, are leaked on the extranet and lack permission verification, an attacker can exploit this vu...

Apache Rocketmq

16 Github repositories1 Article

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Twitter Reddit Linkedin Facebook