Oracle Instantis Enterprisetrack vulnerabilities

CVE-2019-17563 [HIGH] CWE-384 CVE-2019-17563: When using FORM authentication with Apache Tomcat 9.0.0.M1 to 9.0.29, 8.5.0 to 8.5.49 and 7.0.0 to 7 When using FORM authentication with Apache Tomcat 9.0.0.M1 to 9.0.29, 8.5.0 to 8.5.49 and 7.0.0 to 7.0.98 there was a narrow window where an attacker could perform a session fixation attack. The window was considered too narrow for an exploit to be practical but, erring on the side of caution, this issue has been treated as a security vulnerability.

CVE-2019-10219 [MEDIUM] CWE-79 CVE-2019-10219: A vulnerability was found in Hibernate-Validator. The SafeHtml validator annotation fails to properl A vulnerability was found in Hibernate-Validator. The SafeHtml validator annotation fails to properly sanitize payloads consisting of potentially malicious code in HTML comments and instructions. This vulnerability can result in an XSS attack.

CVE-2019-12415 [MEDIUM] CWE-611 CVE-2019-12415: In Apache POI up to 4.1.0, when using the tool XSSFExportToXml to convert user-provided Microsoft Ex In Apache POI up to 4.1.0, when using the tool XSSFExportToXml to convert user-provided Microsoft Excel documents, a specially crafted document can allow an attacker to read files from the local filesystem or from internal network resources via XML External Entity (XXE) Processing.

CVE-2019-10082 [CRITICAL] CWE-416 CVE-2019-10082: In Apache HTTP Server 2.4.18-2.4.39, using fuzzed network input, the http/2 session handling could b In Apache HTTP Server 2.4.18-2.4.39, using fuzzed network input, the http/2 session handling could be made to read memory after being freed, during connection shutdown.

CVE-2019-10097 [HIGH] CWE-476 CVE-2019-10097: In Apache HTTP Server 2.4.32-2.4.39, when mod_remoteip was configured to use a trusted intermediary In Apache HTTP Server 2.4.32-2.4.39, when mod_remoteip was configured to use a trusted intermediary proxy server using the "PROXY" protocol, a specially crafted PROXY header could trigger a stack buffer overflow or NULL pointer deference. This vulnerability could only be triggered by a trusted proxy and not by untrusted HTTP clients.

CVE-2019-9517 [HIGH] CWE-400 CVE-2019-9517: Some HTTP/2 implementations are vulnerable to unconstrained interal data buffering, potentially lead Some HTTP/2 implementations are vulnerable to unconstrained interal data buffering, potentially leading to a denial of service. The attacker opens the HTTP/2 window so the peer can send without constraint; however, they leave the TCP window closed so the peer cannot actually write (many of) the bytes on the wire. The attacker then sends a stream of requ

CVE-2019-0197 [MEDIUM] CWE-444 CVE-2019-0197: A vulnerability was found in Apache HTTP Server 2.4.34 to 2.4.38. When HTTP/2 was enabled for a http A vulnerability was found in Apache HTTP Server 2.4.34 to 2.4.38. When HTTP/2 was enabled for a http: host or H2Upgrade was enabled for h2 on a https: host, an Upgrade request from http/1.1 to http/2 that was not the first request on a connection could lead to a misconfiguration and crash. Server that never enabled the h2 protocol or that only enabled

CVE-2019-0227 [HIGH] CWE-918 CVE-2019-0227: A Server Side Request Forgery (SSRF) vulnerability affected the Apache Axis 1.4 distribution that wa A Server Side Request Forgery (SSRF) vulnerability affected the Apache Axis 1.4 distribution that was last released in 2006. Security and bug commits commits continue in the projects Axis 1.x Subversion repository, legacy users are encouraged to build from source. The successor to Axis 1.x is Axis2, the latest version is 1.7.9 and is not vulnerable to t

CVE-2019-0211 [HIGH] CWE-416 CVE-2019-0211: In Apache HTTP Server 2.4 releases 2.4.17 to 2.4.38, with MPM event, worker or prefork, code executi In Apache HTTP Server 2.4 releases 2.4.17 to 2.4.38, with MPM event, worker or prefork, code executing in less-privileged child processes or threads (including scripts executed by an in-process scripting interpreter) could execute arbitrary code with the privileges of the parent process (usually root) by manipulating the scoreboard. Non-Unix systems are

CVE-2019-0190 [HIGH] CVE-2019-0190: A bug exists in the way mod_ssl handled client renegotiations. A remote attacker could send a carefu A bug exists in the way mod_ssl handled client renegotiations. A remote attacker could send a carefully crafted request that would cause mod_ssl to enter a loop leading to a denial of service. This bug can be only triggered with Apache HTTP Server version 2.4.37 when using OpenSSL version 1.1.1 or later, due to an interaction in changes to handling of renegotia

CVE-2018-17189 [MEDIUM] CWE-400 CVE-2018-17189: In Apache HTTP server versions 2.4.37 and prior, by sending request bodies in a slow loris way to pl In Apache HTTP server versions 2.4.37 and prior, by sending request bodies in a slow loris way to plain resources, the h2 stream for that request unnecessarily occupied a server thread cleaning up that incoming data. This affects only HTTP/2 (mod_http2) connections.

CVE-2018-11784 [MEDIUM] CWE-601 CVE-2018-11784: When the default servlet in Apache Tomcat versions 9.0.0.M1 to 9.0.11, 8.5.0 to 8.5.33 and 7.0.23 to When the default servlet in Apache Tomcat versions 9.0.0.M1 to 9.0.11, 8.5.0 to 8.5.33 and 7.0.23 to 7.0.90 returned a redirect to a directory (e.g. redirecting to '/foo/' when the user requested '/foo') a specially crafted URL could be used to cause the redirect to be generated to any URI of the attackers choice.

CVE-2018-11763 [MEDIUM] CVE-2018-11763: In Apache HTTP Server 2.4.17 to 2.4.34, by sending continuous, large SETTINGS frames a client can oc In Apache HTTP Server 2.4.17 to 2.4.34, by sending continuous, large SETTINGS frames a client can occupy a connection, server thread and CPU time without any connection timeout coming to effect. This affects only HTTP/2 connections. A possible mitigation is to not enable the h2 protocol.

CVE-2018-8032 [MEDIUM] CWE-79 CVE-2018-8032: Apache Axis 1.x up to and including 1.4 is vulnerable to a cross-site scripting (XSS) attack in the Apache Axis 1.x up to and including 1.4 is vulnerable to a cross-site scripting (XSS) attack in the default servlet/services.

CVE-2018-8013 [CRITICAL] CWE-502 CVE-2018-8013: In Apache Batik 1.x before 1.10, when deserializing subclass of `AbstractDocument`, the class takes In Apache Batik 1.x before 1.10, when deserializing subclass of `AbstractDocument`, the class takes a string from the inputStream as the class name which then use it to call the no-arg constructor of the class. Fix was to check the class type before calling newInstance in deserialization.

CVE-2017-12617 [HIGH] CWE-434 CVE-2017-12617: When running Apache Tomcat versions 9.0.0.M1 to 9.0.0, 8.5.0 to 8.5.22, 8.0.0.RC1 to 8.0.46 and 7.0. When running Apache Tomcat versions 9.0.0.M1 to 9.0.0, 8.5.0 to 8.5.22, 8.0.0.RC1 to 8.0.46 and 7.0.0 to 7.0.81 with HTTP PUTs enabled (e.g. via setting the readonly initialisation parameter of the Default servlet to false) it was possible to upload a JSP file to the server via a specially crafted request. This JSP could then be requested and any code

CVE-2017-5645 [CRITICAL] CWE-502 CVE-2017-5645: In Apache Log4j 2.x before 2.8.2, when using the TCP socket server or UDP socket server to receive s In Apache Log4j 2.x before 2.8.2, when using the TCP socket server or UDP socket server to receive serialized log events from another application, a specially crafted binary payload can be sent that, when deserialized, can execute arbitrary code.