Vulnerable Library - ksa-security-web-3.9.2.pom
Path to vulnerable library: /home/wss-scanner/.m2/repository/log4j/log4j/1.2.16/log4j-1.2.16.jar
Found in HEAD commit: f3f88b40d6fb433c739a83504cd0dfad346a4cf2
Vulnerabilities
*For some transitive vulnerabilities, there is no version of direct dependency with a fix. Check the "Details" section below to see if there is a version of transitive dependency where vulnerability is fixed.
**In some cases, Remediation PR cannot be created automatically for a vulnerability despite the availability of remediation
Details
Partial details (18 vulnerabilities) are displayed below due to a content size limitation in GitHub. To view information on the remaining vulnerabilities, navigate to the Mend Application.
CVE-2022-22965
Vulnerable Library - spring-beans-3.1.1.RELEASE.jar
Spring Framework Parent
Path to dependency file: /ksa-web-root/ksa-bd-web/pom.xml
Path to vulnerable library: /home/wss-scanner/.m2/repository/org/springframework/spring-beans/3.1.1.RELEASE/spring-beans-3.1.1.RELEASE.jar
Dependency Hierarchy:
- ksa-security-web-3.9.2.pom (Root Library)
- ksa-security-service-3.9.2.pom
- ksa-security-dao-3.9.2.pom
- ksa-core-3.9.2.pom
- spring-context-3.1.1.RELEASE.jar
- spring-aop-3.1.1.RELEASE.jar
- ❌ spring-beans-3.1.1.RELEASE.jar (Vulnerable Library)
Found in HEAD commit: f3f88b40d6fb433c739a83504cd0dfad346a4cf2
Found in base branch: master
Reachability Analysis
This vulnerability is potentially reachable
org.springframework.beans.propertyeditors.InputStreamEditor (Application)
-> org.springframework.beans.support.ResourceEditorRegistrar (Extension)
-> org.springframework.beans.factory.config.ConfigurableListableBeanFactory (Extension)
-> org.springframework.context.support.ClassPathXmlApplicationContext (Extension)
-> ❌ com.ksa.dao.MybatisDaoTest (Vulnerable Component)
Vulnerability Details
A Spring MVC or Spring WebFlux application running on JDK 9+ may be vulnerable to remote code execution (RCE) via data binding. The specific exploit requires the application to run on Tomcat as a WAR deployment. If the application is deployed as a Spring Boot executable jar, i.e. the default, it is not vulnerable to the exploit. However, the nature of the vulnerability is more general, and there may be other ways to exploit it.
Mend Note: Converted from WS-2022-0107, on 2022-11-07.
Publish Date: 2022-04-01
URL: CVE-2022-22965
CVSS 3 Score Details (10.0)
Base Score Metrics:
- Exploitability Metrics:
- Attack Vector: Network
- Attack Complexity: Low
- Privileges Required: None
- User Interaction: None
- Scope: Changed
- Impact Metrics:
- Confidentiality Impact: Low
- Integrity Impact: High
- Availability Impact: High
For more information on CVSS3 Scores, click here.
Suggested Fix
Type: Upgrade version
Origin: https://spring.io/blog/2022/03/31/spring-framework-rce-early-announcement
Release Date: 2022-04-01
Fix Resolution: org.springframework:spring-beans:5.2.20.RELEASE,5.3.18
CVE-459065-580824
Vulnerable Library - commons-beanutils-1.8.3.jar
BeanUtils provides an easy-to-use but flexible wrapper around reflection and introspection.
Library home page: http://commons.apache.org/beanutils/
Path to dependency file: /ksa-web-root/ksa-system-web/pom.xml
Path to vulnerable library: /home/wss-scanner/.m2/repository/commons-beanutils/commons-beanutils/1.8.3/commons-beanutils-1.8.3.jar
Dependency Hierarchy:
- ksa-security-web-3.9.2.pom (Root Library)
- ksa-security-service-3.9.2.pom
- shiro-core-1.2.0.jar
- ❌ commons-beanutils-1.8.3.jar (Vulnerable Library)
Found in HEAD commit: f3f88b40d6fb433c739a83504cd0dfad346a4cf2
Found in base branch: master
Reachability Analysis
This vulnerability is potentially reachable
org.apache.commons.beanutils.converters.ByteConverter (Application)
-> org.apache.commons.beanutils.BeanUtilsBean (Extension)
-> org.apache.commons.beanutils.BeanUtils (Extension)
-> org.apache.commons.configuration.MultiFileHierarchicalConfiguration (Extension)
-> org.apache.commons.configuration.PropertiesConfiguration (Extension)
-> ❌ com.ksa.context.web.RuntimeConfiguration (Vulnerable Component)
Vulnerability Details
Created automatically by the test suite
Publish Date: 2010-06-07
URL: CVE-459065-580824
CVSS 3 Score Details (9.8)
Base Score Metrics:
- Exploitability Metrics:
- Attack Vector: Network
- Attack Complexity: Low
- Privileges Required: None
- User Interaction: None
- Scope: Unchanged
- Impact Metrics:
- Confidentiality Impact: High
- Integrity Impact: High
- Availability Impact: High
For more information on CVSS3 Scores, click here.
CVE-31589-137056
Vulnerable Library - xwork-core-2.3.31.jar
Apache Struts 2
Library home page: http://struts.apache.org/xwork-core/
Path to dependency file: /ksa-web-root/ksa-bd-web/pom.xml
Path to vulnerable library: /home/wss-scanner/.m2/repository/org/apache/struts/xwork/xwork-core/2.3.31/xwork-core-2.3.31.jar
Dependency Hierarchy:
- ksa-security-web-3.9.2.pom (Root Library)
- struts2-core-2.3.31.jar
- ❌ xwork-core-2.3.31.jar (Vulnerable Library)
Found in HEAD commit: f3f88b40d6fb433c739a83504cd0dfad346a4cf2
Found in base branch: master
Reachability Analysis
This vulnerability is potentially reachable
com.opensymphony.xwork2.config.entities.InterceptorConfig$Builder (Application)
-> com.opensymphony.xwork2.config.entities.InterceptorConfig (Extension)
-> com.opensymphony.xwork2.ObjectFactory (Extension)
-> com.opensymphony.xwork2.DefaultActionProxy (Extension)
-> com.opensymphony.xwork2.mock.MockActionInvocation (Extension)
-> com.opensymphony.xwork2.ActionContext (Extension)
-> ❌ com.ksa.web.struts2.action.logistics.bookingnote.BookingNoteQueryAction (Vulnerable Component)
Vulnerability Details
Created automatically by the test suite
Publish Date: 2010-06-07
URL: CVE-31589-137056
CVSS 3 Score Details (9.8)
Base Score Metrics:
- Exploitability Metrics:
- Attack Vector: Network
- Attack Complexity: Low
- Privileges Required: None
- User Interaction: None
- Scope: Unchanged
- Impact Metrics:
- Confidentiality Impact: High
- Integrity Impact: High
- Availability Impact: High
For more information on CVSS3 Scores, click here.
CVE-2016-1000031
Vulnerable Library - commons-fileupload-1.2.2.jar
The FileUpload component provides a simple yet flexible means of adding support for multipart
file upload functionality to servlets and web applications.
Library home page: http://commons.apache.org/fileupload/
Path to dependency file: /ksa-web-root/ksa-security-web/pom.xml
Path to vulnerable library: /home/wss-scanner/.m2/repository/commons-fileupload/commons-fileupload/1.2.2/commons-fileupload-1.2.2.jar
Dependency Hierarchy:
- ksa-security-web-3.9.2.pom (Root Library)
- struts2-core-2.3.31.jar
- ❌ commons-fileupload-1.2.2.jar (Vulnerable Library)
Found in HEAD commit: f3f88b40d6fb433c739a83504cd0dfad346a4cf2
Found in base branch: master
Reachability Analysis
This vulnerability is potentially reachable
org.apache.commons.fileupload.disk.DiskFileItem (Application)
-> org.springframework.web.multipart.commons.CommonsMultipartFile (Extension)
-> org.springframework.web.multipart.commons.CommonsMultipartResolver (Extension)
-> org.springframework.web.context.support.StaticWebApplicationContext (Extension)
-> org.springframework.web.context.support.WebApplicationContextUtils (Extension)
-> org.springframework.web.context.ContextLoader (Extension)
-> ❌ com.ksa.context.web.SpringServiceContextListener (Vulnerable Component)
Vulnerability Details
Apache Commons FileUpload before 1.3.3 DiskFileItem File Manipulation Remote Code Execution
Publish Date: 2016-10-25
URL: CVE-2016-1000031
CVSS 3 Score Details (9.8)
Base Score Metrics:
- Exploitability Metrics:
- Attack Vector: Network
- Attack Complexity: Low
- Privileges Required: None
- User Interaction: None
- Scope: Unchanged
- Impact Metrics:
- Confidentiality Impact: High
- Integrity Impact: High
- Availability Impact: High
For more information on CVSS3 Scores, click here.
Suggested Fix
Type: Upgrade version
Origin: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1000031
Release Date: 2016-10-25
Fix Resolution: 1.3.3
CVE-2022-23305
Vulnerable Library - log4j-1.2.16.jar
Apache Log4j 1.2
Library home page: http://logging.apache.org/log4j/1.2/
Path to dependency file: /ksa-web-root/ksa-security-web/pom.xml
Path to vulnerable library: /home/wss-scanner/.m2/repository/log4j/log4j/1.2.16/log4j-1.2.16.jar
Dependency Hierarchy:
- ksa-security-web-3.9.2.pom (Root Library)
- slf4j-log4j12-1.6.1.jar
- ❌ log4j-1.2.16.jar (Vulnerable Library)
Found in HEAD commit: f3f88b40d6fb433c739a83504cd0dfad346a4cf2
Found in base branch: master
Reachability Analysis
This vulnerability is potentially reachable
com.ksa.freemarker.TemplateTest (Application)
-> freemarker.template.Template (Extension)
-> freemarker.ext.dom.ElementModel (Extension)
-> org.slf4j.LoggerFactory (Extension)
...
-> org.slf4j.impl.Log4jLoggerFactory (Extension)
-> org.apache.log4j.Logger (Extension)
-> ❌ org.apache.log4j.jdbc.JDBCAppender (Vulnerable Component)
Vulnerability Details
By design, the JDBCAppender in Log4j 1.2.x accepts an SQL statement as a configuration parameter where the values to be inserted are converters from PatternLayout. The message converter, %m, is likely to always be included. This allows attackers to manipulate the SQL by entering crafted strings into input fields or headers of an application that are logged allowing unintended SQL queries to be executed. Note this issue only affects Log4j 1.x when specifically configured to use the JDBCAppender, which is not the default. Beginning in version 2.0-beta8, the JDBCAppender was re-introduced with proper support for parameterized SQL queries and further customization over the columns written to in logs. Apache Log4j 1.2 reached end of life in August 2015. Users should upgrade to Log4j 2 as it addresses numerous other issues from the previous versions.
Publish Date: 2022-01-18
URL: CVE-2022-23305
CVSS 3 Score Details (9.6)
Base Score Metrics:
- Exploitability Metrics:
- Attack Vector: Network
- Attack Complexity: Low
- Privileges Required: Low
- User Interaction: None
- Scope: Changed
- Impact Metrics:
- Confidentiality Impact: None
- Integrity Impact: High
- Availability Impact: High
For more information on CVSS3 Scores, click here.
Suggested Fix
Type: Upgrade version
Origin: https://reload4j.qos.ch/
Release Date: 2022-01-18
Fix Resolution: ch.qos.reload4j:reload4j:1.2.18.2
WS-2014-0034
Vulnerable Library - commons-fileupload-1.2.2.jar
The FileUpload component provides a simple yet flexible means of adding support for multipart
file upload functionality to servlets and web applications.
Library home page: http://commons.apache.org/fileupload/
Path to dependency file: /ksa-web-root/ksa-security-web/pom.xml
Path to vulnerable library: /home/wss-scanner/.m2/repository/commons-fileupload/commons-fileupload/1.2.2/commons-fileupload-1.2.2.jar
Dependency Hierarchy:
- ksa-security-web-3.9.2.pom (Root Library)
- struts2-core-2.3.31.jar
- ❌ commons-fileupload-1.2.2.jar (Vulnerable Library)
Found in HEAD commit: f3f88b40d6fb433c739a83504cd0dfad346a4cf2
Found in base branch: master
Reachability Analysis
This vulnerability is potentially reachable
org.apache.commons.fileupload.FileUploadBase (Application)
-> org.springframework.web.multipart.commons.CommonsMultipartResolver (Extension)
-> org.springframework.web.context.support.GenericWebApplicationContext (Extension)
-> org.springframework.web.context.support.WebApplicationContextUtils (Extension)
-> org.springframework.web.context.ContextLoader (Extension)
-> ❌ com.ksa.context.web.SpringServiceContextListener (Vulnerable Component)
Vulnerability Details
The class FileUploadBase in Apache Commons Fileupload before 1.4 has potential resource leak - InputStream not closed on exception.
Publish Date: 2014-02-17
URL: WS-2014-0034
CVSS 3 Score Details (7.5)
Base Score Metrics:
- Exploitability Metrics:
- Attack Vector: Network
- Attack Complexity: Low
- Privileges Required: None
- User Interaction: None
- Scope: Unchanged
- Impact Metrics:
- Confidentiality Impact: High
- Integrity Impact: None
- Availability Impact: None
For more information on CVSS3 Scores, click here.
Suggested Fix
Type: Upgrade version
Release Date: 2014-02-17
Fix Resolution: 1.4
CVE-2023-26464
Vulnerable Library - log4j-1.2.16.jar
Apache Log4j 1.2
Library home page: http://logging.apache.org/log4j/1.2/
Path to dependency file: /ksa-web-root/ksa-security-web/pom.xml
Path to vulnerable library: /home/wss-scanner/.m2/repository/log4j/log4j/1.2.16/log4j-1.2.16.jar
Dependency Hierarchy:
- ksa-security-web-3.9.2.pom (Root Library)
- slf4j-log4j12-1.6.1.jar
- ❌ log4j-1.2.16.jar (Vulnerable Library)
Found in HEAD commit: f3f88b40d6fb433c739a83504cd0dfad346a4cf2
Found in base branch: master
Reachability Analysis
This vulnerability is potentially reachable
com.ksa.freemarker.TemplateTest (Application)
-> freemarker.template.Template (Extension)
-> freemarker.core.NonUserDefinedDirectiveLikeException (Extension)
-> org.apache.log4j.Category (Extension)
...
-> org.apache.log4j.lf5.viewer.LogBrokerMonitor (Extension)
-> org.apache.log4j.lf5.viewer.LogFactor5InputDialog (Extension)
-> ❌ org.apache.log4j.lf5.viewer.LogFactor5InputDialog$3 (Vulnerable Component)
Vulnerability Details
** UNSUPPORTED WHEN ASSIGNED **
When using the Chainsaw or SocketAppender components with Log4j 1.x on JRE less than 1.7, an attacker that manages to cause a logging entry involving a specially-crafted (ie, deeply nested)
hashmap or hashtable (depending on which logging component is in use) to be processed could exhaust the available memory in the virtual machine and achieve Denial of Service when the object is deserialized.
This issue affects Apache Log4j before 2. Affected users are recommended to update to Log4j 2.x.
NOTE: This vulnerability only affects products that are no longer supported by the maintainer.
Publish Date: 2023-03-10
URL: CVE-2023-26464
CVSS 3 Score Details (7.5)
Base Score Metrics:
- Exploitability Metrics:
- Attack Vector: Network
- Attack Complexity: Low
- Privileges Required: None
- User Interaction: None
- Scope: Unchanged
- Impact Metrics:
- Confidentiality Impact: None
- Integrity Impact: None
- Availability Impact: High
For more information on CVSS3 Scores, click here.
Suggested Fix
Type: Upgrade version
Origin: GHSA-vp98-w2p3-mv35
Release Date: 2023-03-10
Fix Resolution: org.apache.logging.log4j:log4j-core:2.0
CVE-2023-24998
Vulnerable Library - commons-fileupload-1.2.2.jar
The FileUpload component provides a simple yet flexible means of adding support for multipart
file upload functionality to servlets and web applications.
Library home page: http://commons.apache.org/fileupload/
Path to dependency file: /ksa-web-root/ksa-security-web/pom.xml
Path to vulnerable library: /home/wss-scanner/.m2/repository/commons-fileupload/commons-fileupload/1.2.2/commons-fileupload-1.2.2.jar
Dependency Hierarchy:
- ksa-security-web-3.9.2.pom (Root Library)
- struts2-core-2.3.31.jar
- ❌ commons-fileupload-1.2.2.jar (Vulnerable Library)
Found in HEAD commit: f3f88b40d6fb433c739a83504cd0dfad346a4cf2
Found in base branch: master
Reachability Analysis
This vulnerability is potentially reachable
org.apache.commons.fileupload.FileUploadBase (Application)
-> org.springframework.web.multipart.commons.CommonsMultipartResolver (Extension)
-> org.springframework.web.context.support.GenericWebApplicationContext (Extension)
-> org.springframework.web.context.support.WebApplicationContextUtils (Extension)
-> org.springframework.web.context.ContextLoader (Extension)
-> ❌ com.ksa.context.web.SpringServiceContextListener (Vulnerable Component)
Vulnerability Details
Apache Commons FileUpload before 1.5 does not limit the number of request parts to be processed resulting in the possibility of an attacker triggering a DoS with a malicious upload or series of uploads.
Note that, like all of the file upload limits, the
new configuration option (FileUploadBase#setFileCountMax) is not
enabled by default and must be explicitly configured.
Publish Date: 2023-02-20
URL: CVE-2023-24998
CVSS 3 Score Details (7.5)
Base Score Metrics:
- Exploitability Metrics:
- Attack Vector: Network
- Attack Complexity: Low
- Privileges Required: None
- User Interaction: None
- Scope: Unchanged
- Impact Metrics:
- Confidentiality Impact: None
- Integrity Impact: None
- Availability Impact: High
For more information on CVSS3 Scores, click here.
Suggested Fix
Type: Upgrade version
Origin: https://tomcat.apache.org/security-10.html
Release Date: 2023-02-20
Fix Resolution: commons-fileupload:commons-fileupload:1.5;org.apache.tomcat:tomcat-coyote:8.5.85,9.0.71,10.1.5,11.0.0-M3;org.apache.tomcat.embed:tomcat-embed-core:8.5.85,9.0.71,10.1.5,11.0.0-M3;org.apache.tomcat:tomcat-util:8.5.85,9.0.71,10.1.5,11.0.0-M3;org.apache.tomcat:tomcat-catalina:8.5.85,9.0.71,10.1.5,11.0.0-M3
CVE-2017-9804
Vulnerable Library - xwork-core-2.3.31.jar
Apache Struts 2
Library home page: http://struts.apache.org/xwork-core/
Path to dependency file: /ksa-web-root/ksa-bd-web/pom.xml
Path to vulnerable library: /home/wss-scanner/.m2/repository/org/apache/struts/xwork/xwork-core/2.3.31/xwork-core-2.3.31.jar
Dependency Hierarchy:
- ksa-security-web-3.9.2.pom (Root Library)
- struts2-core-2.3.31.jar
- ❌ xwork-core-2.3.31.jar (Vulnerable Library)
Found in HEAD commit: f3f88b40d6fb433c739a83504cd0dfad346a4cf2
Found in base branch: master
Reachability Analysis
This vulnerability is potentially reachable
org.apache.struts2.components.Submit (Application)
-> org.apache.struts2.views.velocity.components.SubmitDirective (Extension)
-> org.apache.struts2.views.DefaultTagLibrary (Extension)
-> org.apache.struts2.views.freemarker.FreemarkerManager (Extension)
-> ❌ com.ksa.web.struts2.views.freemarker.ShiroFreemarkerManager (Vulnerable Component)
Vulnerability Details
In Apache Struts 2.3.7 through 2.3.33 and 2.5 through 2.5.12, if an application allows entering a URL in a form field and built-in URLValidator is used, it is possible to prepare a special URL which will be used to overload server process when performing validation of the URL. NOTE: this vulnerability exists because of an incomplete fix for S2-047 / CVE-2017-7672.
Publish Date: 2017-09-05
URL: CVE-2017-9804
CVSS 3 Score Details (7.5)
Base Score Metrics:
- Exploitability Metrics:
- Attack Vector: Network
- Attack Complexity: Low
- Privileges Required: None
- User Interaction: None
- Scope: Unchanged
- Impact Metrics:
- Confidentiality Impact: None
- Integrity Impact: None
- Availability Impact: High
For more information on CVSS3 Scores, click here.
Suggested Fix
Type: Upgrade version
Release Date: 2017-09-05
Fix Resolution: org.apache.struts:struts2-core:2.3.34,org.apache.struts:struts2-core:2.5.13
CVE-2017-9787
Vulnerable Library - xwork-core-2.3.31.jar
Apache Struts 2
Library home page: http://struts.apache.org/xwork-core/
Path to dependency file: /ksa-web-root/ksa-bd-web/pom.xml
Path to vulnerable library: /home/wss-scanner/.m2/repository/org/apache/struts/xwork/xwork-core/2.3.31/xwork-core-2.3.31.jar
Dependency Hierarchy:
- ksa-security-web-3.9.2.pom (Root Library)
- struts2-core-2.3.31.jar
- ❌ xwork-core-2.3.31.jar (Vulnerable Library)
Found in HEAD commit: f3f88b40d6fb433c739a83504cd0dfad346a4cf2
Found in base branch: master
Reachability Analysis
This vulnerability is potentially reachable
org.apache.struts2.interceptor.DateTextFieldInterceptor$DateWord (Application)
-> org.apache.struts2.interceptor.DateTextFieldInterceptor (Extension)
-> org.apache.struts2.dispatcher.Dispatcher (Extension)
-> org.apache.struts2.components.Component (Extension)
...
-> org.apache.struts2.views.DefaultTagLibrary (Extension)
-> org.apache.struts2.views.freemarker.FreemarkerManager (Extension)
-> ❌ com.ksa.web.struts2.views.freemarker.ShiroFreemarkerManager (Vulnerable Component)
Vulnerability Details
When using a Spring AOP functionality to secure Struts actions it is possible to perform a DoS attack. Solution is to upgrade to Apache Struts version 2.5.12 or 2.3.33.
Publish Date: 2017-07-13
URL: CVE-2017-9787
CVSS 3 Score Details (7.5)
Base Score Metrics:
- Exploitability Metrics:
- Attack Vector: Network
- Attack Complexity: Low
- Privileges Required: None
- User Interaction: None
- Scope: Unchanged
- Impact Metrics:
- Confidentiality Impact: None
- Integrity Impact: None
- Availability Impact: High
For more information on CVSS3 Scores, click here.
Suggested Fix
Type: Upgrade version
Release Date: 2017-07-13
Fix Resolution: org.apache.struts:struts2-core:2.3.33,org.apache.struts:struts2-core:2.5.12
CVE-2016-3092
Vulnerable Library - commons-fileupload-1.2.2.jar
The FileUpload component provides a simple yet flexible means of adding support for multipart
file upload functionality to servlets and web applications.
Library home page: http://commons.apache.org/fileupload/
Path to dependency file: /ksa-web-root/ksa-security-web/pom.xml
Path to vulnerable library: /home/wss-scanner/.m2/repository/commons-fileupload/commons-fileupload/1.2.2/commons-fileupload-1.2.2.jar
Dependency Hierarchy:
- ksa-security-web-3.9.2.pom (Root Library)
- struts2-core-2.3.31.jar
- ❌ commons-fileupload-1.2.2.jar (Vulnerable Library)
Found in HEAD commit: f3f88b40d6fb433c739a83504cd0dfad346a4cf2
Found in base branch: master
Reachability Analysis
This vulnerability is potentially reachable
org.apache.commons.fileupload.MultipartStream (Application)
-> org.apache.commons.fileupload.FileUploadBase$FileItemIteratorImpl (Extension)
-> org.apache.commons.fileupload.FileUploadBase (Extension)
-> org.springframework.web.multipart.commons.CommonsMultipartResolver (Extension)
...
-> org.springframework.web.context.support.WebApplicationContextUtils (Extension)
-> org.springframework.web.context.ContextLoader (Extension)
-> ❌ com.ksa.context.web.SpringServiceContextListener (Vulnerable Component)
Vulnerability Details
The MultipartStream class in Apache Commons Fileupload before 1.3.2, as used in Apache Tomcat 7.x before 7.0.70, 8.x before 8.0.36, 8.5.x before 8.5.3, and 9.x before 9.0.0.M7 and other products, allows remote attackers to cause a denial of service (CPU consumption) via a long boundary string.
Publish Date: 2016-07-04
URL: CVE-2016-3092
CVSS 3 Score Details (7.5)
Base Score Metrics:
- Exploitability Metrics:
- Attack Vector: Network
- Attack Complexity: Low
- Privileges Required: None
- User Interaction: None
- Scope: Unchanged
- Impact Metrics:
- Confidentiality Impact: None
- Integrity Impact: None
- Availability Impact: High
For more information on CVSS3 Scores, click here.
Suggested Fix
Type: Upgrade version
Origin: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-3092
Release Date: 2016-07-04
Fix Resolution: org.apache.tomcat.embed:tomcat-embed-core:9.0.0.M8,8.5.3,8.0.36,7.0.70,org.apache.tomcat:tomcat-coyote:9.0.0.M8,8.5.3,8.0.36,7.0.70,commons-fileupload:commons-fileupload:1.3.2
CVE-2019-10086
Vulnerable Library - commons-beanutils-1.8.3.jar
BeanUtils provides an easy-to-use but flexible wrapper around reflection and introspection.
Library home page: http://commons.apache.org/beanutils/
Path to dependency file: /ksa-web-root/ksa-system-web/pom.xml
Path to vulnerable library: /home/wss-scanner/.m2/repository/commons-beanutils/commons-beanutils/1.8.3/commons-beanutils-1.8.3.jar
Dependency Hierarchy:
- ksa-security-web-3.9.2.pom (Root Library)
- ksa-security-service-3.9.2.pom
- shiro-core-1.2.0.jar
- ❌ commons-beanutils-1.8.3.jar (Vulnerable Library)
Found in HEAD commit: f3f88b40d6fb433c739a83504cd0dfad346a4cf2
Found in base branch: master
Reachability Analysis
This vulnerability is potentially reachable
org.apache.commons.beanutils.PropertyUtilsBean (Application)
-> org.apache.commons.beanutils.PropertyUtils (Extension)
-> org.apache.commons.configuration.beanutils.BeanHelper (Extension)
-> org.apache.commons.configuration.DefaultConfigurationBuilder (Extension)
-> org.apache.commons.configuration.PropertiesConfiguration (Extension)
-> ❌ com.ksa.context.web.RuntimeConfiguration (Vulnerable Component)
Vulnerability Details
In Apache Commons Beanutils 1.9.2, a special BeanIntrospector class was added which allows suppressing the ability for an attacker to access the classloader via the class property available on all Java objects. We, however were not using this by default characteristic of the PropertyUtilsBean.
Publish Date: 2019-08-20
URL: CVE-2019-10086
CVSS 3 Score Details (7.3)
Base Score Metrics:
- Exploitability Metrics:
- Attack Vector: Network
- Attack Complexity: Low
- Privileges Required: None
- User Interaction: None
- Scope: Unchanged
- Impact Metrics:
- Confidentiality Impact: Low
- Integrity Impact: Low
- Availability Impact: Low
For more information on CVSS3 Scores, click here.
Suggested Fix
Type: Upgrade version
Release Date: 2019-08-20
Fix Resolution: commons-beanutils:commons-beanutils:1.9.4
CVE-2014-0114
Vulnerable Library - commons-beanutils-1.8.3.jar
BeanUtils provides an easy-to-use but flexible wrapper around reflection and introspection.
Library home page: http://commons.apache.org/beanutils/
Path to dependency file: /ksa-web-root/ksa-system-web/pom.xml
Path to vulnerable library: /home/wss-scanner/.m2/repository/commons-beanutils/commons-beanutils/1.8.3/commons-beanutils-1.8.3.jar
Dependency Hierarchy:
- ksa-security-web-3.9.2.pom (Root Library)
- ksa-security-service-3.9.2.pom
- shiro-core-1.2.0.jar
- ❌ commons-beanutils-1.8.3.jar (Vulnerable Library)
Found in HEAD commit: f3f88b40d6fb433c739a83504cd0dfad346a4cf2
Found in base branch: master
Reachability Analysis
This vulnerability is potentially reachable
org.apache.commons.beanutils.PropertyUtilsBean (Application)
-> org.apache.commons.beanutils.PropertyUtils (Extension)
-> org.apache.commons.configuration.beanutils.BeanHelper (Extension)
-> org.apache.commons.configuration.DefaultConfigurationBuilder (Extension)
-> org.apache.commons.configuration.PropertiesConfiguration (Extension)
-> ❌ com.ksa.context.web.RuntimeConfiguration (Vulnerable Component)
Vulnerability Details
Apache Commons BeanUtils, as distributed in lib/commons-beanutils-1.8.0.jar in Apache Struts 1.x through 1.3.10 and in other products requiring commons-beanutils through 1.9.2, does not suppress the class property, which allows remote attackers to "manipulate" the ClassLoader and execute arbitrary code via the class parameter, as demonstrated by the passing of this parameter to the getClass method of the ActionForm object in Struts 1.
Publish Date: 2014-04-30
URL: CVE-2014-0114
CVSS 3 Score Details (7.3)
Base Score Metrics:
- Exploitability Metrics:
- Attack Vector: Network
- Attack Complexity: Low
- Privileges Required: None
- User Interaction: None
- Scope: Unchanged
- Impact Metrics:
- Confidentiality Impact: Low
- Integrity Impact: Low
- Availability Impact: Low
For more information on CVSS3 Scores, click here.
Suggested Fix
Type: Upgrade version
Origin: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0114
Release Date: 2014-04-30
Fix Resolution: commons-beanutils:commons-beanutils:1.9.4;org.apache.struts:struts2-core:2.0.5
CVE-2014-0050
Vulnerable Library - commons-fileupload-1.2.2.jar
The FileUpload component provides a simple yet flexible means of adding support for multipart
file upload functionality to servlets and web applications.
Library home page: http://commons.apache.org/fileupload/
Path to dependency file: /ksa-web-root/ksa-security-web/pom.xml
Path to vulnerable library: /home/wss-scanner/.m2/repository/commons-fileupload/commons-fileupload/1.2.2/commons-fileupload-1.2.2.jar
Dependency Hierarchy:
- ksa-security-web-3.9.2.pom (Root Library)
- struts2-core-2.3.31.jar
- ❌ commons-fileupload-1.2.2.jar (Vulnerable Library)
Found in HEAD commit: f3f88b40d6fb433c739a83504cd0dfad346a4cf2
Found in base branch: master
Reachability Analysis
This vulnerability is potentially reachable
org.apache.commons.fileupload.MultipartStream (Application)
-> org.apache.commons.fileupload.FileUploadBase$FileItemIteratorImpl (Extension)
-> org.apache.commons.fileupload.FileUploadBase (Extension)
-> org.springframework.web.multipart.commons.CommonsMultipartResolver (Extension)
...
-> org.springframework.web.context.support.WebApplicationContextUtils (Extension)
-> org.springframework.web.context.ContextLoader (Extension)
-> ❌ com.ksa.context.web.SpringServiceContextListener (Vulnerable Component)
Vulnerability Details
MultipartStream.java in Apache Commons FileUpload before 1.3.1, as used in Apache Tomcat, JBoss Web, and other products, allows remote attackers to cause a denial of service (infinite loop and CPU consumption) via a crafted Content-Type header that bypasses a loop's intended exit conditions.
Publish Date: 2014-03-28
URL: CVE-2014-0050
CVSS 3 Score Details (7.3)
Base Score Metrics:
- Exploitability Metrics:
- Attack Vector: Network
- Attack Complexity: Low
- Privileges Required: None
- User Interaction: None
- Scope: Unchanged
- Impact Metrics:
- Confidentiality Impact: Low
- Integrity Impact: Low
- Availability Impact: Low
For more information on CVSS3 Scores, click here.
Suggested Fix
Type: Upgrade version
Origin: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0050
Release Date: 2014-03-28
Fix Resolution: 1.3.2
CVE-2013-2186
Vulnerable Library - commons-fileupload-1.2.2.jar
The FileUpload component provides a simple yet flexible means of adding support for multipart
file upload functionality to servlets and web applications.
Library home page: http://commons.apache.org/fileupload/
Path to dependency file: /ksa-web-root/ksa-security-web/pom.xml
Path to vulnerable library: /home/wss-scanner/.m2/repository/commons-fileupload/commons-fileupload/1.2.2/commons-fileupload-1.2.2.jar
Dependency Hierarchy:
- ksa-security-web-3.9.2.pom (Root Library)
- struts2-core-2.3.31.jar
- ❌ commons-fileupload-1.2.2.jar (Vulnerable Library)
Found in HEAD commit: f3f88b40d6fb433c739a83504cd0dfad346a4cf2
Found in base branch: master
Reachability Analysis
This vulnerability is potentially reachable
org.apache.commons.fileupload.servlet.ServletRequestContext (Application)
-> org.apache.commons.fileupload.FileUploadBase (Extension)
-> org.springframework.web.multipart.commons.CommonsMultipartResolver (Extension)
-> org.springframework.web.context.support.GenericWebApplicationContext (Extension)
-> org.springframework.web.context.support.WebApplicationContextUtils (Extension)
-> org.springframework.web.context.ContextLoader (Extension)
-> ❌ com.ksa.context.web.SpringServiceContextListener (Vulnerable Component)
Vulnerability Details
The DiskFileItem class in Apache Commons FileUpload, as used in Red Hat JBoss BRMS 5.3.1; JBoss Portal 4.3 CP07, 5.2.2, and 6.0.0; and Red Hat JBoss Web Server 1.0.2 allows remote attackers to write to arbitrary files via a NULL byte in a file name in a serialized instance.
Publish Date: 2013-10-28
URL: CVE-2013-2186
CVSS 3 Score Details (7.3)
Base Score Metrics:
- Exploitability Metrics:
- Attack Vector: Network
- Attack Complexity: Low
- Privileges Required: None
- User Interaction: None
- Scope: Unchanged
- Impact Metrics:
- Confidentiality Impact: Low
- Integrity Impact: Low
- Availability Impact: Low
For more information on CVSS3 Scores, click here.
Suggested Fix
Type: Upgrade version
Origin: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-2186
Release Date: 2013-10-28
Fix Resolution: commons-fileupload:commons-fileupload:1.3.1
CVE-2023-20863
Vulnerable Library - spring-expression-3.1.1.RELEASE.jar
Spring Framework Parent
Path to dependency file: /ksa-dao-root/ksa-finance-dao/pom.xml
Path to vulnerable library: /home/wss-scanner/.m2/repository/org/springframework/spring-expression/3.1.1.RELEASE/spring-expression-3.1.1.RELEASE.jar
Dependency Hierarchy:
- ksa-security-web-3.9.2.pom (Root Library)
- ksa-security-service-3.9.2.pom
- ksa-security-dao-3.9.2.pom
- ksa-core-3.9.2.pom
- spring-context-3.1.1.RELEASE.jar
- ❌ spring-expression-3.1.1.RELEASE.jar (Vulnerable Library)
Found in HEAD commit: f3f88b40d6fb433c739a83504cd0dfad346a4cf2
Found in base branch: master
Reachability Analysis
This vulnerability is potentially reachable
org.springframework.expression.spel.standard.InternalSpelExpressionParser (Application)
-> org.springframework.expression.spel.standard.SpelExpressionParser (Extension)
-> org.springframework.context.expression.StandardBeanExpressionResolver (Extension)
-> org.springframework.context.support.AbstractRefreshableApplicationContext (Extension)
...
-> org.springframework.context.support.AbstractXmlApplicationContext (Extension)
-> org.springframework.context.support.ClassPathXmlApplicationContext (Extension)
-> ❌ com.ksa.dao.MybatisDaoTest (Vulnerable Component)
Vulnerability Details
In spring framework versions prior to 5.2.24 release+ ,5.3.27+ and 6.0.8+ , it is possible for a user to provide a specially crafted SpEL expression that may cause a denial-of-service (DoS) condition.
Publish Date: 2023-04-13
URL: CVE-2023-20863
CVSS 3 Score Details (6.5)
Base Score Metrics:
- Exploitability Metrics:
- Attack Vector: Network
- Attack Complexity: Low
- Privileges Required: Low
- User Interaction: None
- Scope: Unchanged
- Impact Metrics:
- Confidentiality Impact: None
- Integrity Impact: None
- Availability Impact: High
For more information on CVSS3 Scores, click here.
Suggested Fix
Type: Upgrade version
Origin: https://spring.io/security/cve-2023-20863
Release Date: 2023-04-13
Fix Resolution: org.springframework:spring-expression - 5.2.24.RELEASE,5.3.27,6.0.8
CVE-2023-20861
Vulnerable Library - spring-expression-3.1.1.RELEASE.jar
Spring Framework Parent
Path to dependency file: /ksa-dao-root/ksa-finance-dao/pom.xml
Path to vulnerable library: /home/wss-scanner/.m2/repository/org/springframework/spring-expression/3.1.1.RELEASE/spring-expression-3.1.1.RELEASE.jar
Dependency Hierarchy:
- ksa-security-web-3.9.2.pom (Root Library)
- ksa-security-service-3.9.2.pom
- ksa-security-dao-3.9.2.pom
- ksa-core-3.9.2.pom
- spring-context-3.1.1.RELEASE.jar
- ❌ spring-expression-3.1.1.RELEASE.jar (Vulnerable Library)
Found in HEAD commit: f3f88b40d6fb433c739a83504cd0dfad346a4cf2
Found in base branch: master
Reachability Analysis
This vulnerability is potentially reachable
org.springframework.expression.spel.SpelMessage (Application)
-> org.springframework.expression.spel.support.StandardTypeLocator (Extension)
-> org.springframework.context.expression.StandardBeanExpressionResolver (Extension)
-> org.springframework.context.support.AbstractRefreshableApplicationContext (Extension)
...
-> org.springframework.context.support.AbstractXmlApplicationContext (Extension)
-> org.springframework.context.support.ClassPathXmlApplicationContext (Extension)
-> ❌ com.ksa.dao.MybatisDaoTest (Vulnerable Component)
Vulnerability Details
In Spring Framework versions 6.0.0 - 6.0.6, 5.3.0 - 5.3.25, 5.2.0.RELEASE - 5.2.22.RELEASE, and older unsupported versions, it is possible for a user to provide a specially crafted SpEL expression that may cause a denial-of-service (DoS) condition.
Publish Date: 2023-03-23
URL: CVE-2023-20861
CVSS 3 Score Details (6.5)
Base Score Metrics:
- Exploitability Metrics:
- Attack Vector: Network
- Attack Complexity: Low
- Privileges Required: Low
- User Interaction: None
- Scope: Unchanged
- Impact Metrics:
- Confidentiality Impact: None
- Integrity Impact: None
- Availability Impact: High
For more information on CVSS3 Scores, click here.
Suggested Fix
Type: Upgrade version
Origin: https://spring.io/security/cve-2023-20861
Release Date: 2023-03-23
Fix Resolution: org.springframework:spring-expression:x5.2.23.RELEASE,5.3.26,6.0.7
CVE-2022-22950
Vulnerable Library - spring-expression-3.1.1.RELEASE.jar
Spring Framework Parent
Path to dependency file: /ksa-dao-root/ksa-finance-dao/pom.xml
Path to vulnerable library: /home/wss-scanner/.m2/repository/org/springframework/spring-expression/3.1.1.RELEASE/spring-expression-3.1.1.RELEASE.jar
Dependency Hierarchy:
- ksa-security-web-3.9.2.pom (Root Library)
- ksa-security-service-3.9.2.pom
- ksa-security-dao-3.9.2.pom
- ksa-core-3.9.2.pom
- spring-context-3.1.1.RELEASE.jar
- ❌ spring-expression-3.1.1.RELEASE.jar (Vulnerable Library)
Found in HEAD commit: f3f88b40d6fb433c739a83504cd0dfad346a4cf2
Found in base branch: master
Reachability Analysis
This vulnerability is potentially reachable
org.springframework.expression.spel.ast.ConstructorReference (Application)
-> org.springframework.expression.spel.standard.InternalSpelExpressionParser (Extension)
-> org.springframework.expression.spel.standard.SpelExpressionParser (Extension)
-> org.springframework.context.support.AbstractRefreshableApplicationContext (Extension)
...
-> org.springframework.context.support.AbstractXmlApplicationContext (Extension)
-> org.springframework.context.support.ClassPathXmlApplicationContext (Extension)
-> ❌ com.ksa.dao.MybatisDaoTest (Vulnerable Component)
Vulnerability Details
n Spring Framework versions 5.3.0 - 5.3.16 and older unsupported versions, it is possible for a user to provide a specially crafted SpEL expression that may cause a denial of service condition.
Publish Date: 2022-04-01
URL: CVE-2022-22950
CVSS 3 Score Details (6.5)
Base Score Metrics:
- Exploitability Metrics:
- Attack Vector: Network
- Attack Complexity: Low
- Privileges Required: Low
- User Interaction: None
- Scope: Unchanged
- Impact Metrics:
- Confidentiality Impact: None
- Integrity Impact: None
- Availability Impact: High
For more information on CVSS3 Scores, click here.
Suggested Fix
Type: Upgrade version
Origin: https://tanzu.vmware.com/security/cve-2022-22950
Release Date: 2022-04-01
Fix Resolution: org.springframework:spring-expression:5.2.20,5.3.17
Path to vulnerable library: /home/wss-scanner/.m2/repository/log4j/log4j/1.2.16/log4j-1.2.16.jar
Found in HEAD commit: f3f88b40d6fb433c739a83504cd0dfad346a4cf2
Vulnerabilities
*For some transitive vulnerabilities, there is no version of direct dependency with a fix. Check the "Details" section below to see if there is a version of transitive dependency where vulnerability is fixed.
**In some cases, Remediation PR cannot be created automatically for a vulnerability despite the availability of remediation
Details
Vulnerable Library - spring-beans-3.1.1.RELEASE.jar
Spring Framework Parent
Path to dependency file: /ksa-web-root/ksa-bd-web/pom.xml
Path to vulnerable library: /home/wss-scanner/.m2/repository/org/springframework/spring-beans/3.1.1.RELEASE/spring-beans-3.1.1.RELEASE.jar
Dependency Hierarchy:
Found in HEAD commit: f3f88b40d6fb433c739a83504cd0dfad346a4cf2
Found in base branch: master
Reachability Analysis
This vulnerability is potentially reachable
Vulnerability Details
A Spring MVC or Spring WebFlux application running on JDK 9+ may be vulnerable to remote code execution (RCE) via data binding. The specific exploit requires the application to run on Tomcat as a WAR deployment. If the application is deployed as a Spring Boot executable jar, i.e. the default, it is not vulnerable to the exploit. However, the nature of the vulnerability is more general, and there may be other ways to exploit it.
Mend Note: Converted from WS-2022-0107, on 2022-11-07.
Publish Date: 2022-04-01
URL: CVE-2022-22965
CVSS 3 Score Details (10.0)
Base Score Metrics:
- Exploitability Metrics:
- Attack Vector: Network
- Attack Complexity: Low
- Privileges Required: None
- User Interaction: None
- Scope: Changed
- Impact Metrics:
- Confidentiality Impact: Low
- Integrity Impact: High
- Availability Impact: High
For more information on CVSS3 Scores, click here.Suggested Fix
Type: Upgrade version
Origin: https://spring.io/blog/2022/03/31/spring-framework-rce-early-announcement
Release Date: 2022-04-01
Fix Resolution: org.springframework:spring-beans:5.2.20.RELEASE,5.3.18
Vulnerable Library - commons-beanutils-1.8.3.jar
BeanUtils provides an easy-to-use but flexible wrapper around reflection and introspection.
Library home page: http://commons.apache.org/beanutils/
Path to dependency file: /ksa-web-root/ksa-system-web/pom.xml
Path to vulnerable library: /home/wss-scanner/.m2/repository/commons-beanutils/commons-beanutils/1.8.3/commons-beanutils-1.8.3.jar
Dependency Hierarchy:
Found in HEAD commit: f3f88b40d6fb433c739a83504cd0dfad346a4cf2
Found in base branch: master
Reachability Analysis
This vulnerability is potentially reachable
Vulnerability Details
Created automatically by the test suite
Publish Date: 2010-06-07
URL: CVE-459065-580824
CVSS 3 Score Details (9.8)
Base Score Metrics:
- Exploitability Metrics:
- Attack Vector: Network
- Attack Complexity: Low
- Privileges Required: None
- User Interaction: None
- Scope: Unchanged
- Impact Metrics:
- Confidentiality Impact: High
- Integrity Impact: High
- Availability Impact: High
For more information on CVSS3 Scores, click here.Vulnerable Library - xwork-core-2.3.31.jar
Apache Struts 2
Library home page: http://struts.apache.org/xwork-core/
Path to dependency file: /ksa-web-root/ksa-bd-web/pom.xml
Path to vulnerable library: /home/wss-scanner/.m2/repository/org/apache/struts/xwork/xwork-core/2.3.31/xwork-core-2.3.31.jar
Dependency Hierarchy:
Found in HEAD commit: f3f88b40d6fb433c739a83504cd0dfad346a4cf2
Found in base branch: master
Reachability Analysis
This vulnerability is potentially reachable
Vulnerability Details
Created automatically by the test suite
Publish Date: 2010-06-07
URL: CVE-31589-137056
CVSS 3 Score Details (9.8)
Base Score Metrics:
- Exploitability Metrics:
- Attack Vector: Network
- Attack Complexity: Low
- Privileges Required: None
- User Interaction: None
- Scope: Unchanged
- Impact Metrics:
- Confidentiality Impact: High
- Integrity Impact: High
- Availability Impact: High
For more information on CVSS3 Scores, click here.Vulnerable Library - commons-fileupload-1.2.2.jar
The FileUpload component provides a simple yet flexible means of adding support for multipart file upload functionality to servlets and web applications.
Library home page: http://commons.apache.org/fileupload/
Path to dependency file: /ksa-web-root/ksa-security-web/pom.xml
Path to vulnerable library: /home/wss-scanner/.m2/repository/commons-fileupload/commons-fileupload/1.2.2/commons-fileupload-1.2.2.jar
Dependency Hierarchy:
Found in HEAD commit: f3f88b40d6fb433c739a83504cd0dfad346a4cf2
Found in base branch: master
Reachability Analysis
This vulnerability is potentially reachable
Vulnerability Details
Apache Commons FileUpload before 1.3.3 DiskFileItem File Manipulation Remote Code Execution
Publish Date: 2016-10-25
URL: CVE-2016-1000031
CVSS 3 Score Details (9.8)
Base Score Metrics:
- Exploitability Metrics:
- Attack Vector: Network
- Attack Complexity: Low
- Privileges Required: None
- User Interaction: None
- Scope: Unchanged
- Impact Metrics:
- Confidentiality Impact: High
- Integrity Impact: High
- Availability Impact: High
For more information on CVSS3 Scores, click here.Suggested Fix
Type: Upgrade version
Origin: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1000031
Release Date: 2016-10-25
Fix Resolution: 1.3.3
Vulnerable Library - log4j-1.2.16.jar
Apache Log4j 1.2
Library home page: http://logging.apache.org/log4j/1.2/
Path to dependency file: /ksa-web-root/ksa-security-web/pom.xml
Path to vulnerable library: /home/wss-scanner/.m2/repository/log4j/log4j/1.2.16/log4j-1.2.16.jar
Dependency Hierarchy:
Found in HEAD commit: f3f88b40d6fb433c739a83504cd0dfad346a4cf2
Found in base branch: master
Reachability Analysis
This vulnerability is potentially reachable
Vulnerability Details
By design, the JDBCAppender in Log4j 1.2.x accepts an SQL statement as a configuration parameter where the values to be inserted are converters from PatternLayout. The message converter, %m, is likely to always be included. This allows attackers to manipulate the SQL by entering crafted strings into input fields or headers of an application that are logged allowing unintended SQL queries to be executed. Note this issue only affects Log4j 1.x when specifically configured to use the JDBCAppender, which is not the default. Beginning in version 2.0-beta8, the JDBCAppender was re-introduced with proper support for parameterized SQL queries and further customization over the columns written to in logs. Apache Log4j 1.2 reached end of life in August 2015. Users should upgrade to Log4j 2 as it addresses numerous other issues from the previous versions.
Publish Date: 2022-01-18
URL: CVE-2022-23305
CVSS 3 Score Details (9.6)
Base Score Metrics:
- Exploitability Metrics:
- Attack Vector: Network
- Attack Complexity: Low
- Privileges Required: Low
- User Interaction: None
- Scope: Changed
- Impact Metrics:
- Confidentiality Impact: None
- Integrity Impact: High
- Availability Impact: High
For more information on CVSS3 Scores, click here.Suggested Fix
Type: Upgrade version
Origin: https://reload4j.qos.ch/
Release Date: 2022-01-18
Fix Resolution: ch.qos.reload4j:reload4j:1.2.18.2
Vulnerable Library - commons-fileupload-1.2.2.jar
The FileUpload component provides a simple yet flexible means of adding support for multipart file upload functionality to servlets and web applications.
Library home page: http://commons.apache.org/fileupload/
Path to dependency file: /ksa-web-root/ksa-security-web/pom.xml
Path to vulnerable library: /home/wss-scanner/.m2/repository/commons-fileupload/commons-fileupload/1.2.2/commons-fileupload-1.2.2.jar
Dependency Hierarchy:
Found in HEAD commit: f3f88b40d6fb433c739a83504cd0dfad346a4cf2
Found in base branch: master
Reachability Analysis
This vulnerability is potentially reachable
Vulnerability Details
The class FileUploadBase in Apache Commons Fileupload before 1.4 has potential resource leak - InputStream not closed on exception.
Publish Date: 2014-02-17
URL: WS-2014-0034
CVSS 3 Score Details (7.5)
Base Score Metrics:
- Exploitability Metrics:
- Attack Vector: Network
- Attack Complexity: Low
- Privileges Required: None
- User Interaction: None
- Scope: Unchanged
- Impact Metrics:
- Confidentiality Impact: High
- Integrity Impact: None
- Availability Impact: None
For more information on CVSS3 Scores, click here.Suggested Fix
Type: Upgrade version
Release Date: 2014-02-17
Fix Resolution: 1.4
Vulnerable Library - log4j-1.2.16.jar
Apache Log4j 1.2
Library home page: http://logging.apache.org/log4j/1.2/
Path to dependency file: /ksa-web-root/ksa-security-web/pom.xml
Path to vulnerable library: /home/wss-scanner/.m2/repository/log4j/log4j/1.2.16/log4j-1.2.16.jar
Dependency Hierarchy:
Found in HEAD commit: f3f88b40d6fb433c739a83504cd0dfad346a4cf2
Found in base branch: master
Reachability Analysis
This vulnerability is potentially reachable
Vulnerability Details
** UNSUPPORTED WHEN ASSIGNED **
When using the Chainsaw or SocketAppender components with Log4j 1.x on JRE less than 1.7, an attacker that manages to cause a logging entry involving a specially-crafted (ie, deeply nested)
hashmap or hashtable (depending on which logging component is in use) to be processed could exhaust the available memory in the virtual machine and achieve Denial of Service when the object is deserialized.
This issue affects Apache Log4j before 2. Affected users are recommended to update to Log4j 2.x.
NOTE: This vulnerability only affects products that are no longer supported by the maintainer.
Publish Date: 2023-03-10
URL: CVE-2023-26464
CVSS 3 Score Details (7.5)
Base Score Metrics:
- Exploitability Metrics:
- Attack Vector: Network
- Attack Complexity: Low
- Privileges Required: None
- User Interaction: None
- Scope: Unchanged
- Impact Metrics:
- Confidentiality Impact: None
- Integrity Impact: None
- Availability Impact: High
For more information on CVSS3 Scores, click here.Suggested Fix
Type: Upgrade version
Origin: GHSA-vp98-w2p3-mv35
Release Date: 2023-03-10
Fix Resolution: org.apache.logging.log4j:log4j-core:2.0
Vulnerable Library - commons-fileupload-1.2.2.jar
The FileUpload component provides a simple yet flexible means of adding support for multipart file upload functionality to servlets and web applications.
Library home page: http://commons.apache.org/fileupload/
Path to dependency file: /ksa-web-root/ksa-security-web/pom.xml
Path to vulnerable library: /home/wss-scanner/.m2/repository/commons-fileupload/commons-fileupload/1.2.2/commons-fileupload-1.2.2.jar
Dependency Hierarchy:
Found in HEAD commit: f3f88b40d6fb433c739a83504cd0dfad346a4cf2
Found in base branch: master
Reachability Analysis
This vulnerability is potentially reachable
Vulnerability Details
Apache Commons FileUpload before 1.5 does not limit the number of request parts to be processed resulting in the possibility of an attacker triggering a DoS with a malicious upload or series of uploads.
Note that, like all of the file upload limits, the
new configuration option (FileUploadBase#setFileCountMax) is not
enabled by default and must be explicitly configured.
Publish Date: 2023-02-20
URL: CVE-2023-24998
CVSS 3 Score Details (7.5)
Base Score Metrics:
- Exploitability Metrics:
- Attack Vector: Network
- Attack Complexity: Low
- Privileges Required: None
- User Interaction: None
- Scope: Unchanged
- Impact Metrics:
- Confidentiality Impact: None
- Integrity Impact: None
- Availability Impact: High
For more information on CVSS3 Scores, click here.Suggested Fix
Type: Upgrade version
Origin: https://tomcat.apache.org/security-10.html
Release Date: 2023-02-20
Fix Resolution: commons-fileupload:commons-fileupload:1.5;org.apache.tomcat:tomcat-coyote:8.5.85,9.0.71,10.1.5,11.0.0-M3;org.apache.tomcat.embed:tomcat-embed-core:8.5.85,9.0.71,10.1.5,11.0.0-M3;org.apache.tomcat:tomcat-util:8.5.85,9.0.71,10.1.5,11.0.0-M3;org.apache.tomcat:tomcat-catalina:8.5.85,9.0.71,10.1.5,11.0.0-M3
Vulnerable Library - xwork-core-2.3.31.jar
Apache Struts 2
Library home page: http://struts.apache.org/xwork-core/
Path to dependency file: /ksa-web-root/ksa-bd-web/pom.xml
Path to vulnerable library: /home/wss-scanner/.m2/repository/org/apache/struts/xwork/xwork-core/2.3.31/xwork-core-2.3.31.jar
Dependency Hierarchy:
Found in HEAD commit: f3f88b40d6fb433c739a83504cd0dfad346a4cf2
Found in base branch: master
Reachability Analysis
This vulnerability is potentially reachable
Vulnerability Details
In Apache Struts 2.3.7 through 2.3.33 and 2.5 through 2.5.12, if an application allows entering a URL in a form field and built-in URLValidator is used, it is possible to prepare a special URL which will be used to overload server process when performing validation of the URL. NOTE: this vulnerability exists because of an incomplete fix for S2-047 / CVE-2017-7672.
Publish Date: 2017-09-05
URL: CVE-2017-9804
CVSS 3 Score Details (7.5)
Base Score Metrics:
- Exploitability Metrics:
- Attack Vector: Network
- Attack Complexity: Low
- Privileges Required: None
- User Interaction: None
- Scope: Unchanged
- Impact Metrics:
- Confidentiality Impact: None
- Integrity Impact: None
- Availability Impact: High
For more information on CVSS3 Scores, click here.Suggested Fix
Type: Upgrade version
Release Date: 2017-09-05
Fix Resolution: org.apache.struts:struts2-core:2.3.34,org.apache.struts:struts2-core:2.5.13
Vulnerable Library - xwork-core-2.3.31.jar
Apache Struts 2
Library home page: http://struts.apache.org/xwork-core/
Path to dependency file: /ksa-web-root/ksa-bd-web/pom.xml
Path to vulnerable library: /home/wss-scanner/.m2/repository/org/apache/struts/xwork/xwork-core/2.3.31/xwork-core-2.3.31.jar
Dependency Hierarchy:
Found in HEAD commit: f3f88b40d6fb433c739a83504cd0dfad346a4cf2
Found in base branch: master
Reachability Analysis
This vulnerability is potentially reachable
Vulnerability Details
When using a Spring AOP functionality to secure Struts actions it is possible to perform a DoS attack. Solution is to upgrade to Apache Struts version 2.5.12 or 2.3.33.
Publish Date: 2017-07-13
URL: CVE-2017-9787
CVSS 3 Score Details (7.5)
Base Score Metrics:
- Exploitability Metrics:
- Attack Vector: Network
- Attack Complexity: Low
- Privileges Required: None
- User Interaction: None
- Scope: Unchanged
- Impact Metrics:
- Confidentiality Impact: None
- Integrity Impact: None
- Availability Impact: High
For more information on CVSS3 Scores, click here.Suggested Fix
Type: Upgrade version
Release Date: 2017-07-13
Fix Resolution: org.apache.struts:struts2-core:2.3.33,org.apache.struts:struts2-core:2.5.12
Vulnerable Library - commons-fileupload-1.2.2.jar
The FileUpload component provides a simple yet flexible means of adding support for multipart file upload functionality to servlets and web applications.
Library home page: http://commons.apache.org/fileupload/
Path to dependency file: /ksa-web-root/ksa-security-web/pom.xml
Path to vulnerable library: /home/wss-scanner/.m2/repository/commons-fileupload/commons-fileupload/1.2.2/commons-fileupload-1.2.2.jar
Dependency Hierarchy:
Found in HEAD commit: f3f88b40d6fb433c739a83504cd0dfad346a4cf2
Found in base branch: master
Reachability Analysis
This vulnerability is potentially reachable
Vulnerability Details
The MultipartStream class in Apache Commons Fileupload before 1.3.2, as used in Apache Tomcat 7.x before 7.0.70, 8.x before 8.0.36, 8.5.x before 8.5.3, and 9.x before 9.0.0.M7 and other products, allows remote attackers to cause a denial of service (CPU consumption) via a long boundary string.
Publish Date: 2016-07-04
URL: CVE-2016-3092
CVSS 3 Score Details (7.5)
Base Score Metrics:
- Exploitability Metrics:
- Attack Vector: Network
- Attack Complexity: Low
- Privileges Required: None
- User Interaction: None
- Scope: Unchanged
- Impact Metrics:
- Confidentiality Impact: None
- Integrity Impact: None
- Availability Impact: High
For more information on CVSS3 Scores, click here.Suggested Fix
Type: Upgrade version
Origin: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-3092
Release Date: 2016-07-04
Fix Resolution: org.apache.tomcat.embed:tomcat-embed-core:9.0.0.M8,8.5.3,8.0.36,7.0.70,org.apache.tomcat:tomcat-coyote:9.0.0.M8,8.5.3,8.0.36,7.0.70,commons-fileupload:commons-fileupload:1.3.2
Vulnerable Library - commons-beanutils-1.8.3.jar
BeanUtils provides an easy-to-use but flexible wrapper around reflection and introspection.
Library home page: http://commons.apache.org/beanutils/
Path to dependency file: /ksa-web-root/ksa-system-web/pom.xml
Path to vulnerable library: /home/wss-scanner/.m2/repository/commons-beanutils/commons-beanutils/1.8.3/commons-beanutils-1.8.3.jar
Dependency Hierarchy:
Found in HEAD commit: f3f88b40d6fb433c739a83504cd0dfad346a4cf2
Found in base branch: master
Reachability Analysis
This vulnerability is potentially reachable
Vulnerability Details
In Apache Commons Beanutils 1.9.2, a special BeanIntrospector class was added which allows suppressing the ability for an attacker to access the classloader via the class property available on all Java objects. We, however were not using this by default characteristic of the PropertyUtilsBean.
Publish Date: 2019-08-20
URL: CVE-2019-10086
CVSS 3 Score Details (7.3)
Base Score Metrics:
- Exploitability Metrics:
- Attack Vector: Network
- Attack Complexity: Low
- Privileges Required: None
- User Interaction: None
- Scope: Unchanged
- Impact Metrics:
- Confidentiality Impact: Low
- Integrity Impact: Low
- Availability Impact: Low
For more information on CVSS3 Scores, click here.Suggested Fix
Type: Upgrade version
Release Date: 2019-08-20
Fix Resolution: commons-beanutils:commons-beanutils:1.9.4
Vulnerable Library - commons-beanutils-1.8.3.jar
BeanUtils provides an easy-to-use but flexible wrapper around reflection and introspection.
Library home page: http://commons.apache.org/beanutils/
Path to dependency file: /ksa-web-root/ksa-system-web/pom.xml
Path to vulnerable library: /home/wss-scanner/.m2/repository/commons-beanutils/commons-beanutils/1.8.3/commons-beanutils-1.8.3.jar
Dependency Hierarchy:
Found in HEAD commit: f3f88b40d6fb433c739a83504cd0dfad346a4cf2
Found in base branch: master
Reachability Analysis
This vulnerability is potentially reachable
Vulnerability Details
Apache Commons BeanUtils, as distributed in lib/commons-beanutils-1.8.0.jar in Apache Struts 1.x through 1.3.10 and in other products requiring commons-beanutils through 1.9.2, does not suppress the class property, which allows remote attackers to "manipulate" the ClassLoader and execute arbitrary code via the class parameter, as demonstrated by the passing of this parameter to the getClass method of the ActionForm object in Struts 1.
Publish Date: 2014-04-30
URL: CVE-2014-0114
CVSS 3 Score Details (7.3)
Base Score Metrics:
- Exploitability Metrics:
- Attack Vector: Network
- Attack Complexity: Low
- Privileges Required: None
- User Interaction: None
- Scope: Unchanged
- Impact Metrics:
- Confidentiality Impact: Low
- Integrity Impact: Low
- Availability Impact: Low
For more information on CVSS3 Scores, click here.Suggested Fix
Type: Upgrade version
Origin: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0114
Release Date: 2014-04-30
Fix Resolution: commons-beanutils:commons-beanutils:1.9.4;org.apache.struts:struts2-core:2.0.5
Vulnerable Library - commons-fileupload-1.2.2.jar
The FileUpload component provides a simple yet flexible means of adding support for multipart file upload functionality to servlets and web applications.
Library home page: http://commons.apache.org/fileupload/
Path to dependency file: /ksa-web-root/ksa-security-web/pom.xml
Path to vulnerable library: /home/wss-scanner/.m2/repository/commons-fileupload/commons-fileupload/1.2.2/commons-fileupload-1.2.2.jar
Dependency Hierarchy:
Found in HEAD commit: f3f88b40d6fb433c739a83504cd0dfad346a4cf2
Found in base branch: master
Reachability Analysis
This vulnerability is potentially reachable
Vulnerability Details
MultipartStream.java in Apache Commons FileUpload before 1.3.1, as used in Apache Tomcat, JBoss Web, and other products, allows remote attackers to cause a denial of service (infinite loop and CPU consumption) via a crafted Content-Type header that bypasses a loop's intended exit conditions.
Publish Date: 2014-03-28
URL: CVE-2014-0050
CVSS 3 Score Details (7.3)
Base Score Metrics:
- Exploitability Metrics:
- Attack Vector: Network
- Attack Complexity: Low
- Privileges Required: None
- User Interaction: None
- Scope: Unchanged
- Impact Metrics:
- Confidentiality Impact: Low
- Integrity Impact: Low
- Availability Impact: Low
For more information on CVSS3 Scores, click here.Suggested Fix
Type: Upgrade version
Origin: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0050
Release Date: 2014-03-28
Fix Resolution: 1.3.2
Vulnerable Library - commons-fileupload-1.2.2.jar
The FileUpload component provides a simple yet flexible means of adding support for multipart file upload functionality to servlets and web applications.
Library home page: http://commons.apache.org/fileupload/
Path to dependency file: /ksa-web-root/ksa-security-web/pom.xml
Path to vulnerable library: /home/wss-scanner/.m2/repository/commons-fileupload/commons-fileupload/1.2.2/commons-fileupload-1.2.2.jar
Dependency Hierarchy:
Found in HEAD commit: f3f88b40d6fb433c739a83504cd0dfad346a4cf2
Found in base branch: master
Reachability Analysis
This vulnerability is potentially reachable
Vulnerability Details
The DiskFileItem class in Apache Commons FileUpload, as used in Red Hat JBoss BRMS 5.3.1; JBoss Portal 4.3 CP07, 5.2.2, and 6.0.0; and Red Hat JBoss Web Server 1.0.2 allows remote attackers to write to arbitrary files via a NULL byte in a file name in a serialized instance.
Publish Date: 2013-10-28
URL: CVE-2013-2186
CVSS 3 Score Details (7.3)
Base Score Metrics:
- Exploitability Metrics:
- Attack Vector: Network
- Attack Complexity: Low
- Privileges Required: None
- User Interaction: None
- Scope: Unchanged
- Impact Metrics:
- Confidentiality Impact: Low
- Integrity Impact: Low
- Availability Impact: Low
For more information on CVSS3 Scores, click here.Suggested Fix
Type: Upgrade version
Origin: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-2186
Release Date: 2013-10-28
Fix Resolution: commons-fileupload:commons-fileupload:1.3.1
Vulnerable Library - spring-expression-3.1.1.RELEASE.jar
Spring Framework Parent
Path to dependency file: /ksa-dao-root/ksa-finance-dao/pom.xml
Path to vulnerable library: /home/wss-scanner/.m2/repository/org/springframework/spring-expression/3.1.1.RELEASE/spring-expression-3.1.1.RELEASE.jar
Dependency Hierarchy:
Found in HEAD commit: f3f88b40d6fb433c739a83504cd0dfad346a4cf2
Found in base branch: master
Reachability Analysis
This vulnerability is potentially reachable
Vulnerability Details
In spring framework versions prior to 5.2.24 release+ ,5.3.27+ and 6.0.8+ , it is possible for a user to provide a specially crafted SpEL expression that may cause a denial-of-service (DoS) condition.
Publish Date: 2023-04-13
URL: CVE-2023-20863
CVSS 3 Score Details (6.5)
Base Score Metrics:
- Exploitability Metrics:
- Attack Vector: Network
- Attack Complexity: Low
- Privileges Required: Low
- User Interaction: None
- Scope: Unchanged
- Impact Metrics:
- Confidentiality Impact: None
- Integrity Impact: None
- Availability Impact: High
For more information on CVSS3 Scores, click here.Suggested Fix
Type: Upgrade version
Origin: https://spring.io/security/cve-2023-20863
Release Date: 2023-04-13
Fix Resolution: org.springframework:spring-expression - 5.2.24.RELEASE,5.3.27,6.0.8
Vulnerable Library - spring-expression-3.1.1.RELEASE.jar
Spring Framework Parent
Path to dependency file: /ksa-dao-root/ksa-finance-dao/pom.xml
Path to vulnerable library: /home/wss-scanner/.m2/repository/org/springframework/spring-expression/3.1.1.RELEASE/spring-expression-3.1.1.RELEASE.jar
Dependency Hierarchy:
Found in HEAD commit: f3f88b40d6fb433c739a83504cd0dfad346a4cf2
Found in base branch: master
Reachability Analysis
This vulnerability is potentially reachable
Vulnerability Details
In Spring Framework versions 6.0.0 - 6.0.6, 5.3.0 - 5.3.25, 5.2.0.RELEASE - 5.2.22.RELEASE, and older unsupported versions, it is possible for a user to provide a specially crafted SpEL expression that may cause a denial-of-service (DoS) condition.
Publish Date: 2023-03-23
URL: CVE-2023-20861
CVSS 3 Score Details (6.5)
Base Score Metrics:
- Exploitability Metrics:
- Attack Vector: Network
- Attack Complexity: Low
- Privileges Required: Low
- User Interaction: None
- Scope: Unchanged
- Impact Metrics:
- Confidentiality Impact: None
- Integrity Impact: None
- Availability Impact: High
For more information on CVSS3 Scores, click here.Suggested Fix
Type: Upgrade version
Origin: https://spring.io/security/cve-2023-20861
Release Date: 2023-03-23
Fix Resolution: org.springframework:spring-expression:x5.2.23.RELEASE,5.3.26,6.0.7
Vulnerable Library - spring-expression-3.1.1.RELEASE.jar
Spring Framework Parent
Path to dependency file: /ksa-dao-root/ksa-finance-dao/pom.xml
Path to vulnerable library: /home/wss-scanner/.m2/repository/org/springframework/spring-expression/3.1.1.RELEASE/spring-expression-3.1.1.RELEASE.jar
Dependency Hierarchy:
Found in HEAD commit: f3f88b40d6fb433c739a83504cd0dfad346a4cf2
Found in base branch: master
Reachability Analysis
This vulnerability is potentially reachable
Vulnerability Details
n Spring Framework versions 5.3.0 - 5.3.16 and older unsupported versions, it is possible for a user to provide a specially crafted SpEL expression that may cause a denial of service condition.
Publish Date: 2022-04-01
URL: CVE-2022-22950
CVSS 3 Score Details (6.5)
Base Score Metrics:
- Exploitability Metrics:
- Attack Vector: Network
- Attack Complexity: Low
- Privileges Required: Low
- User Interaction: None
- Scope: Unchanged
- Impact Metrics:
- Confidentiality Impact: None
- Integrity Impact: None
- Availability Impact: High
For more information on CVSS3 Scores, click here.Suggested Fix
Type: Upgrade version
Origin: https://tanzu.vmware.com/security/cve-2022-22950
Release Date: 2022-04-01
Fix Resolution: org.springframework:spring-expression:5.2.20,5.3.17