Latest oracle managed file transfer Vulnerabilities

CVE-2022-23181
The fix for bug CVE-2020-9484 introduced a time of check, time of use vulnerability into Apache Tomcat 10.1.0-M1 to 10.1.0-M8, 10.0.0-M5 to 10.0.14, 9.0.35 to 9.0.56 and 8.5.55 to 8.5.73 that allowed ...
redhat/jws5-tomcat<0:9.0.62-9.redhat_00005.1.el7
redhat/jws5-tomcat<0:9.0.62-9.redhat_00005.1.el8
redhat/jws5-tomcat<0:9.0.62-9.redhat_00005.1.el9
debian/tomcat9<=9.0.31-1~deb10u6
Apache Tomcat>=8.5.55<=8.5.73
Apache Tomcat>=9.0.35<=9.0.56
and 24 more
CVE-2021-45105
Apache Log4j StrSubstitutor Uncontrolled Recursion Denial-of-Service Vulnerability
redhat/eap7-log4j<0:2.17.1-1.redhat_00001.1.el8ea
redhat/eap7-log4j<0:2.17.1-1.redhat_00001.1.el7ea
redhat/rh-sso7-keycloak<0:15.0.6-1.redhat_00001.1.el7
redhat/rh-sso7-keycloak<0:15.0.6-1.redhat_00001.1.el8
debian/apache-log4j2
debian/apache-log4j2<=2.16.0-1~deb10u1<=2.16.0-1<=2.16.0-1~deb11u1
and 217 more
CVE-2021-42340
Apache Tomcat is vulnerable to a denial of service, caused by a memory leak flaw in WebSocket connections. By sending a specially-crafted request using OutOfMemoryError, a remote attacker could exploi...
redhat/pki-servlet-engine<1:9.0.50-1.el9
redhat/jws5-tomcat<0:9.0.50-3.redhat_00004.1.el7
redhat/jws5-tomcat-native<0:1.2.30-3.redhat_3.el7
redhat/jws5-tomcat-vault<0:1.1.8-4.Final_redhat_00004.1.el7
redhat/jws5-tomcat<0:9.0.50-3.redhat_00004.1.el8
redhat/jws5-tomcat-native<0:1.2.30-3.redhat_3.el8
and 47 more
CVE-2021-33037
Apache Tomcat is vulnerable to HTTP request smuggling, caused by improper parsing of the HTTP transfer-encoding request header. By sending a specially-crafted HTTP(S) transfer-encoding request header,...
redhat/jws5-tomcat<0:9.0.50-3.redhat_00004.1.el7
redhat/jws5-tomcat-native<0:1.2.30-3.redhat_3.el7
redhat/jws5-tomcat-vault<0:1.1.8-4.Final_redhat_00004.1.el7
redhat/jws5-tomcat<0:9.0.50-3.redhat_00004.1.el8
redhat/jws5-tomcat-native<0:1.2.30-3.redhat_3.el8
redhat/jws5-tomcat-vault<0:1.1.8-4.Final_redhat_00004.1.el8
and 91 more
CVE-2021-25122
A flaw was found in Apache Tomcat. When responding to new h2c connection requests, Apache Tomcat could duplicate request headers and a limited amount of request body from one request to another meanin...
redhat/jws5-ecj<0:4.12.0-3.redhat_2.2.el7
redhat/jws5-tomcat<0:9.0.43-11.redhat_00011.1.el7
redhat/jws5-tomcat-native<0:1.2.26-3.redhat_3.el7
redhat/jws5-tomcat-vault<0:1.1.8-2.Final_redhat_00003.1.el7
redhat/jws5-ecj<0:4.12.0-3.redhat_2.2.el8
redhat/jws5-tomcat<0:9.0.43-11.redhat_00011.1.el8
and 65 more
CVE-2021-25329
The fix for CVE-2020-9484 was incomplete. When using Apache Tomcat 10.0.0-M1 to 10.0.0, 9.0.0.M1 to 9.0.41, 8.5.0 to 8.5.61 or 7.0.0. to 7.0.107 with a configuration edge case that was highly unlikely...
redhat/jws5-ecj<0:4.12.0-3.redhat_2.2.el7
redhat/jws5-tomcat<0:9.0.43-11.redhat_00011.1.el7
redhat/jws5-tomcat-native<0:1.2.26-3.redhat_3.el7
redhat/jws5-tomcat-vault<0:1.1.8-2.Final_redhat_00003.1.el7
redhat/jws5-ecj<0:4.12.0-3.redhat_2.2.el8
redhat/jws5-tomcat<0:9.0.43-11.redhat_00011.1.el8
and 69 more
CVE-2020-13935
The payload length in a WebSocket frame was not correctly validated in Apache Tomcat 10.0.0-M1 to 10.0.0-M6, 9.0.0.M1 to 9.0.36, 8.5.0 to 8.5.56 and 7.0.27 to 7.0.104. Invalid payload lengths could tr...
redhat/tomcat<0:7.0.76-15.el7
redhat/jbossweb<0:7.5.31-2.Final_redhat_2.1.ep6.el5
redhat/jbossweb<0:7.5.31-2.Final_redhat_2.1.ep6.el6
redhat/jboss-as-appclient<0:7.5.24-2.Final_redhat_00001.1.ep6.el6
redhat/jbossas-appclient<0:7.5.24-2.Final_redhat_00001.1.ep6.el6
redhat/jbossas-bundles<0:7.5.24-2.Final_redhat_00001.1.ep6.el6
and 220 more
CVE-2020-13934
A flaw was found in Apache Tomcat, where an h2c direct connection did not release the HTTP/1.1 processor after the upgrade to HTTP/2. If a sufficient number of such requests are made, an OutOfMemoryEx...
redhat/jws5-tomcat<0:9.0.30-5.redhat_6.1.el6
redhat/jws5-tomcat<0:9.0.30-5.redhat_6.1.el7
redhat/jws5-tomcat<0:9.0.30-5.redhat_6.1.el8
redhat/tomcat<10.0.0
redhat/tomcat<9.0.37
redhat/tomcat<8.5.57
and 58 more
CVE-2020-9484
When using Apache Tomcat versions 10.0.0-M1 to 10.0.0-M4, 9.0.0.M1 to 9.0.34, 8.5.0 to 8.5.54 and 7.0.0 to 7.0.103 if a) an attacker is able to control the contents and name of a file on the server; a...
redhat/tomcat6<0:6.0.24-115.el6_10
redhat/tomcat<0:7.0.76-12.el7_8
redhat/tomcat7<0:7.0.70-40.ep7.el6
redhat/tomcat8<0:8.0.36-44.ep7.el6
redhat/tomcat-native<0:1.2.23-22.redhat_22.ep7.el6
redhat/tomcat7<0:7.0.70-40.ep7.el7
and 99 more
CVE-2019-17359
The ASN.1 parser in Bouncy Castle Crypto (aka BC Java) 1.63 can trigger a large attempted memory allocation, and resultant OutOfMemoryError error, via crafted ASN.1 data. This is fixed in 1.64.
Bouncycastle Legion-of-the-bouncy-castle-java-crytography-api=1.63
Apache TomEE=7.0.7
Apache TomEE=7.1.2
Apache TomEE=8.0.1
Netapp Active Iq Unified Manager Linux>=7.3
Netapp Active Iq Unified Manager Windows>=7.3
and 28 more
CVE-2019-10219
A vulnerability was found in Hibernate-Validator. The SafeHtml validator annotation fails to properly sanitize payloads consisting of potentially malicious code in HTML comments and instructions. This...
redhat/eap7-apache-cxf<0:3.2.11-1.redhat_00001.1.el6ea
redhat/eap7-glassfish-jsf<0:2.3.5-6.SP3_redhat_00004.1.el6ea
redhat/eap7-hal-console<0:3.0.19-1.Final_redhat_00001.1.el6ea
redhat/eap7-hibernate<0:5.3.14-1.Final_redhat_00001.1.el6ea
redhat/eap7-hibernate-validator<0:6.0.18-1.Final_redhat_00001.1.el6ea
redhat/eap7-jackson-annotations<0:2.9.10-1.redhat_00003.1.el6ea
and 779 more
CVE-2019-2538
Vulnerability in the Oracle Managed File Transfer component of Oracle Fusion Middleware (subcomponent: MFT Runtime Server). Supported versions that are affected are 19.1.0.0.0 and 12.2.1.3.0. Easily e...
Oracle Managed File Transfer=12.2.1.3.0
Oracle Managed File Transfer=19.1.0.0.0
CVE-2018-1000613
Legion of the Bouncy Castle Java Cryptography APIs could allow a remote attacker to execute arbitrary code on the system, caused by an unsafe reflection flaw in XMSS/XMSS^MT private key deserializatio...
maven/org.bouncycastle:bcprov-jdk15on>=1.57<1.60
Bouncycastle Legion-of-the-bouncy-castle-java-crytography-api>=1.58<1.60
NetApp OnCommand Workflow Automation
openSUSE Leap=15.1
Oracle API Gateway=11.1.2.4.0
Oracle Banking Platform=2.6.0
and 89 more
CVE-2018-1000180
Bouncy Castle could provide weaker than expected security, caused by an error in the Low-level interface to RSA key pair generator. The RSA Key Pairs generated in low-level API with added certainty ma...
Bouncycastle Fips Java Api<=1.0.1
Bouncycastle Legion-of-the-bouncy-castle-java-crytography-api>=1.54<=1.59
Debian Debian Linux=9.0
Oracle API Gateway=11.1.2.4.0
Oracle Business Process Management Suite=11.1.1.9.0
Oracle Business Process Management Suite=12.1.3.0.0
and 26 more

Company

Resources

Contact

SecAlerts Pty Ltd.
132 Wickham Terrace
Fortitude Valley,
QLD 4006, Australia
info@secalerts.co
By using SecAlerts services, you agree to our services end-user license agreement. This website is safeguarded by reCAPTCHA and governed by the Google Privacy Policy and Terms of Service. All names, logos, and brands of products are owned by their respective owners, and any usage of these names, logos, and brands for identification purposes only does not imply endorsement. If you possess any content that requires removal, please get in touch with us.
© 2024 SecAlerts Pty Ltd.
ABN: 70 645 966 203, ACN: 645 966 203