» 2017 » 9월

In Apache Struts 2.5 through 2.5.5, if an application allows entering a URL in a form field and the built-in URLValidator is used, it is possible to prepare a special URL which will be used to overload server process when performing validation of the URL.

Source: CVE-2016-8738

CVE-2017-9793

Posted on 2017년 9월 21일2017년 9월 21일 by admin

CVE-2017-9793

The REST Plugin in Apache Struts 2.3.7 through 2.3.33 and 2.5 through 2.5.12 is using an outdated XStream library which is vulnerable and allow perform a DoS attack using malicious request with specially crafted XML payload.

Source: CVE-2017-9793

CVE-2017-9804

Posted on 2017년 9월 21일2017년 9월 21일 by admin

CVE-2017-9804

In Apache Struts 2.3.7 through 2.3.33 and 2.5 through 2.5.12, if an application allows entering a URL in a form field and built-in URLValidator is used, it is possible to prepare a special URL which will be used to overload server process when performing validation of the URL. NOTE: this vulnerability exists because of an incomplete fix for S2-047 / CVE-2017-7672.

Source: CVE-2017-9804

CVE-2017-14607

Posted on 2017년 9월 21일2017년 9월 21일 by admin

CVE-2017-14607

In ImageMagick 7.0.7-4 Q16, an out of bounds read flaw related to ReadTIFFImage has been reported in coders/tiff.c. An attacker could possibly exploit this flaw to disclose potentially sensitive memory or cause an application crash.

Source: CVE-2017-14607

CVE-2017-14608

Posted on 2017년 9월 21일2017년 9월 21일 by admin

CVE-2017-14608

In LibRaw through 0.18.4, an out of bounds read flaw related to kodak_65000_load_raw has been reported in dcraw/dcraw.c and internal/dcraw_common.cpp. An attacker could possibly exploit this flaw to disclose potentially sensitive memory or cause an application crash.

Source: CVE-2017-14608