← voltar
CVE-2016-2171

CVE-2016-2171

EPSS 42.7%
The User Manager service in Apache Jetspeed before 2.3.1 does not properly restrict access using Jetspeed Security, which allows remote attackers to (1) add, (2) edit, or (3) delete users via the REST API.
Produtos afetados
n/a · n/a

Quer saber se a sua infraestrutura está exposta a isto?

Falar com a TrueHacking →
Referências
http://haxx.ml/post/140552592371/remote-code-execution-in-apache-jetspeed-230-andhttp://mail-archives.apache.org/mod_mbox/portals-jetspeed-user/201603.mbox/%3CB9165E38-F3D8-496D-8642-8A53FCAC736A%40gmail.com%3Ehttps://portals.apache.org/jetspeed-2/security-reports.html#CVE-2016-2171