*For some transitive vulnerabilities, there is no version of direct dependency with a fix. Check the "Details" section below to see if there is a version of transitive dependency where vulnerability is fixed.
**In some cases, Remediation PR cannot be created automatically for a vulnerability despite the availability of remediation
By design, the JDBCAppender in Log4j 1.2.x accepts an SQL statement as a configuration parameter where the values to be inserted are converters from PatternLayout. The message converter, %m, is likely to always be included. This allows attackers to manipulate the SQL by entering crafted strings into input fields or headers of an application that are logged allowing unintended SQL queries to be executed. Note this issue only affects Log4j 1.x when specifically configured to use the JDBCAppender, which is not the default. Beginning in version 2.0-beta8, the JDBCAppender was re-introduced with proper support for parameterized SQL queries and further customization over the columns written to in logs. Apache Log4j 1.2 reached end of life in August 2015. Users should upgrade to Log4j 2 as it addresses numerous other issues from the previous versions.
When using a Spring AOP functionality to secure Struts actions it is possible to perform a DoS attack. Solution is to upgrade to Apache Struts version 2.5.12 or 2.3.33.
In Apache Commons IO before 2.7, When invoking the method FileNameUtils.normalize with an improper input string, like "//../foo", or "\\..\foo", the result would be the same value, thus possibly providing access to files in the parent directory, but not further above (thus "limited" path traversal), if the calling code would use the result to construct a path value.
Improper validation of certificate with host mismatch in Apache Log4j SMTP appender. This could allow an SMTPS connection to be intercepted by a man-in-the-middle attack which could leak any log messages sent through that appender. Fixed in Apache Log4j 2.12.3 and 2.13.1
Included in Log4j 1.2 is a SocketServer class that is vulnerable to deserialization of untrusted data which can be exploited to remotely execute arbitrary code when combined with a deserialization gadget when listening to untrusted network traffic for log data. This affects Log4j versions up to 1.2 up to 1.2.17.
The FileUpload component provides a simple yet flexible means of adding support for multipart
file upload functionality to servlets and web applications.
CVE-2020-9493 identified a deserialization issue that was present in Apache Chainsaw. Prior to Chainsaw V2.0 Chainsaw was a component of Apache Log4j 1.2.x where the same issue exists.
JMSSink in all versions of Log4j 1.x is vulnerable to deserialization of untrusted data when the attacker has write access to the Log4j configuration or if the configuration references an LDAP service the attacker has access to. The attacker can provide a TopicConnectionFactoryBindingName configuration causing JMSSink to perform JNDI requests that result in remote code execution in a similar fashion to CVE-2021-4104. Note this issue only affects Log4j 1.x when specifically configured to use JMSSink, which is not the default. Apache Log4j 1.2 reached end of life in August 2015. Users should upgrade to Log4j 2 as it addresses numerous other issues from the previous versions.
The FileUpload component provides a simple yet flexible means of adding support for multipart
file upload functionality to servlets and web applications.
** UNSUPPORTED WHEN ASSIGNED **
When using the Chainsaw or SocketAppender components with Log4j 1.x on JRE less than 1.7, an attacker that manages to cause a logging entry involving a specially-crafted (ie, deeply nested)
hashmap or hashtable (depending on which logging component is in use) to be processed could exhaust the available memory in the virtual machine and achieve Denial of Service when the object is deserialized.
This issue affects Apache Log4j before 2. Affected users are recommended to update to Log4j 2.x.
NOTE: This vulnerability only affects products that are no longer supported by the maintainer.
The FileUpload component provides a simple yet flexible means of adding support for multipart
file upload functionality to servlets and web applications.
Apache Commons FileUpload before 1.5 does not limit the number of request parts to be processed resulting in the possibility of an attacker triggering a DoS with a malicious upload or series of uploads.
Note that, like all of the file upload limits, the
new configuration option (FileUploadBase#setFileCountMax) is not
enabled by default and must be explicitly configured.
In Apache Struts 2.3.7 through 2.3.33 and 2.5 through 2.5.12, if an application allows entering a URL in a form field and built-in URLValidator is used, it is possible to prepare a special URL which will be used to overload server process when performing validation of the URL. NOTE: this vulnerability exists because of an incomplete fix for S2-047 / CVE-2017-7672.
The FileUpload component provides a simple yet flexible means of adding support for multipart
file upload functionality to servlets and web applications.
The MultipartStream class in Apache Commons Fileupload before 1.3.2, as used in Apache Tomcat 7.x before 7.0.70, 8.x before 8.0.36, 8.5.x before 8.5.3, and 9.x before 9.0.0.M7 and other products, allows remote attackers to cause a denial of service (CPU consumption) via a long boundary string.
The FileUpload component provides a simple yet flexible means of adding support for multipart
file upload functionality to servlets and web applications.
MultipartStream.java in Apache Commons FileUpload before 1.3.1, as used in Apache Tomcat, JBoss Web, and other products, allows remote attackers to cause a denial of service (infinite loop and CPU consumption) via a crafted Content-Type header that bypasses a loop's intended exit conditions.
The FileUpload component provides a simple yet flexible means of adding support for multipart
file upload functionality to servlets and web applications.
The DiskFileItem class in Apache Commons FileUpload, as used in Red Hat JBoss BRMS 5.3.1; JBoss Portal 4.3 CP07, 5.2.2, and 6.0.0; and Red Hat JBoss Web Server 1.0.2 allows remote attackers to write to arbitrary files via a NULL byte in a file name in a serialized instance.
The FileUpload component provides a simple yet flexible means of adding support for multipart
file upload functionality to servlets and web applications.
The default configuration of javax.servlet.context.tempdir in Apache Commons FileUpload 1.0 through 1.2.2 uses the /tmp directory for uploaded files, which allows local users to overwrite arbitrary files via an unspecified symlink attack.
Path to vulnerable library: /home/wss-scanner/.m2/repository/log4j/log4j/1.2.16/log4j-1.2.16.jar
Found in HEAD commit: f3f88b40d6fb433c739a83504cd0dfad346a4cf2
Vulnerabilities
*For some transitive vulnerabilities, there is no version of direct dependency with a fix. Check the "Details" section below to see if there is a version of transitive dependency where vulnerability is fixed.
**In some cases, Remediation PR cannot be created automatically for a vulnerability despite the availability of remediation
Details
CVE-2022-23305
### Vulnerable Library - log4j-1.2.16.jarApache Log4j 1.2
Library home page: http://logging.apache.org/log4j/1.2/
Path to dependency file: /ksa-web-root/ksa-security-web/pom.xml
Path to vulnerable library: /home/wss-scanner/.m2/repository/log4j/log4j/1.2.16/log4j-1.2.16.jar
Dependency Hierarchy: - ksa-security-web-3.9.2.pom (Root Library) - slf4j-log4j12-1.6.1.jar - :x: **log4j-1.2.16.jar** (Vulnerable Library)
Found in HEAD commit: f3f88b40d6fb433c739a83504cd0dfad346a4cf2
Found in base branch: master
### Reachability Analysis This vulnerability is potentially reachable ``` com.ksa.web.struts2.action.system.initialize.CheckConnectionAction (Application) -> org.slf4j.LoggerFactory (Extension) -> org.slf4j.impl.StaticLoggerBinder (Extension) -> org.slf4j.impl.Log4jLoggerFactory (Extension) ... -> org.apache.log4j.helpers.OptionConverter (Extension) -> org.apache.log4j.PropertyConfigurator (Extension) -> ❌ org.apache.log4j.jdbc.JDBCAppender (Vulnerable Component) ``` ### Vulnerability DetailsBy design, the JDBCAppender in Log4j 1.2.x accepts an SQL statement as a configuration parameter where the values to be inserted are converters from PatternLayout. The message converter, %m, is likely to always be included. This allows attackers to manipulate the SQL by entering crafted strings into input fields or headers of an application that are logged allowing unintended SQL queries to be executed. Note this issue only affects Log4j 1.x when specifically configured to use the JDBCAppender, which is not the default. Beginning in version 2.0-beta8, the JDBCAppender was re-introduced with proper support for parameterized SQL queries and further customization over the columns written to in logs. Apache Log4j 1.2 reached end of life in August 2015. Users should upgrade to Log4j 2 as it addresses numerous other issues from the previous versions.
Publish Date: 2022-01-18
URL: CVE-2022-23305
### CVSS 3 Score Details (9.6)Base Score Metrics: - Exploitability Metrics: - Attack Vector: Network - Attack Complexity: Low - Privileges Required: Low - User Interaction: None - Scope: Changed - Impact Metrics: - Confidentiality Impact: None - Integrity Impact: High - Availability Impact: High
For more information on CVSS3 Scores, click here. ### Suggested FixType: Upgrade version
Origin: https://reload4j.qos.ch/
Release Date: 2022-01-18
Fix Resolution: ch.qos.reload4j:reload4j:1.2.18.2
CVE-2017-9787
### Vulnerable Library - xwork-core-2.3.31.jarApache Struts 2
Library home page: http://struts.apache.org/xwork-core/
Path to dependency file: /ksa-web-core/pom.xml
Path to vulnerable library: /home/wss-scanner/.m2/repository/org/apache/struts/xwork/xwork-core/2.3.31/xwork-core-2.3.31.jar
Dependency Hierarchy: - ksa-security-web-3.9.2.pom (Root Library) - struts2-core-2.3.31.jar - :x: **xwork-core-2.3.31.jar** (Vulnerable Library)
Found in HEAD commit: f3f88b40d6fb433c739a83504cd0dfad346a4cf2
Found in base branch: master
### Reachability Analysis This vulnerability is potentially reachable ``` com.ksa.web.struts2.views.freemarker.ShiroFreemarkerManager (Application) -> freemarker.template.Configuration (Extension) -> freemarker.core._ObjectBuilderSettingEvaluator (Extension) -> org.apache.struts2.dispatcher.Dispatcher (Extension) ... -> com.opensymphony.xwork2.config.providers.XWorkConfigurationProvider (Extension) -> com.opensymphony.xwork2.ognl.OgnlUtil (Extension) -> ❌ com.opensymphony.xwork2.ognl.SecurityMemberAccess (Vulnerable Component) ``` ### Vulnerability DetailsWhen using a Spring AOP functionality to secure Struts actions it is possible to perform a DoS attack. Solution is to upgrade to Apache Struts version 2.5.12 or 2.3.33.
Publish Date: 2017-07-13
URL: CVE-2017-9787
### CVSS 3 Score Details (7.5)Base Score Metrics: - Exploitability Metrics: - Attack Vector: Network - Attack Complexity: Low - Privileges Required: None - User Interaction: None - Scope: Unchanged - Impact Metrics: - Confidentiality Impact: None - Integrity Impact: None - Availability Impact: High
For more information on CVSS3 Scores, click here. ### Suggested FixType: Upgrade version
Release Date: 2017-07-13
Fix Resolution: org.apache.struts:struts2-core:2.3.33,org.apache.struts:struts2-core:2.5.12
CVE-2021-29425
### Vulnerable Library - commons-io-2.1.jarThe Commons IO library contains utility classes, stream implementations, file filters, file comparators and endian classes.
Library home page: http://commons.apache.org/io/
Path to dependency file: /ksa-web-root/ksa-logistics-web/pom.xml
Path to vulnerable library: /home/wss-scanner/.m2/repository/commons-io/commons-io/2.1/commons-io-2.1.jar
Dependency Hierarchy: - ksa-security-web-3.9.2.pom (Root Library) - struts2-core-2.3.31.jar - :x: **commons-io-2.1.jar** (Vulnerable Library)
Found in HEAD commit: f3f88b40d6fb433c739a83504cd0dfad346a4cf2
Found in base branch: master
### Reachability Analysis This vulnerability is potentially reachable ``` com.ksa.web.struts2.action.system.backup.DeleteAction (Application) -> org.apache.commons.io.FileUtils (Extension) -> ❌ org.apache.commons.io.FilenameUtils (Vulnerable Component) ``` ### Vulnerability DetailsIn Apache Commons IO before 2.7, When invoking the method FileNameUtils.normalize with an improper input string, like "//../foo", or "\\..\foo", the result would be the same value, thus possibly providing access to files in the parent directory, but not further above (thus "limited" path traversal), if the calling code would use the result to construct a path value.
Publish Date: 2021-04-13
URL: CVE-2021-29425
### CVSS 3 Score Details (4.7)Base Score Metrics: - Exploitability Metrics: - Attack Vector: Network - Attack Complexity: High - Privileges Required: None - User Interaction: None - Scope: Unchanged - Impact Metrics: - Confidentiality Impact: Low - Integrity Impact: Low - Availability Impact: None
For more information on CVSS3 Scores, click here. ### Suggested FixType: Upgrade version
Origin: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-29425
Release Date: 2021-04-13
Fix Resolution: commons-io:commons-io:2.7
CVE-2020-9488
### Vulnerable Library - log4j-1.2.16.jarApache Log4j 1.2
Library home page: http://logging.apache.org/log4j/1.2/
Path to dependency file: /ksa-web-root/ksa-security-web/pom.xml
Path to vulnerable library: /home/wss-scanner/.m2/repository/log4j/log4j/1.2.16/log4j-1.2.16.jar
Dependency Hierarchy: - ksa-security-web-3.9.2.pom (Root Library) - slf4j-log4j12-1.6.1.jar - :x: **log4j-1.2.16.jar** (Vulnerable Library)
Found in HEAD commit: f3f88b40d6fb433c739a83504cd0dfad346a4cf2
Found in base branch: master
### Reachability Analysis This vulnerability is potentially reachable ``` com.ksa.web.struts2.action.system.initialize.CheckConnectionAction (Application) -> org.slf4j.LoggerFactory (Extension) -> org.slf4j.impl.StaticLoggerBinder (Extension) -> org.slf4j.impl.Log4jLoggerFactory (Extension) ... -> org.apache.log4j.helpers.OptionConverter (Extension) -> org.apache.log4j.PropertyConfigurator (Extension) -> ❌ org.apache.log4j.net.SMTPAppender (Vulnerable Component) ``` ### Vulnerability DetailsImproper validation of certificate with host mismatch in Apache Log4j SMTP appender. This could allow an SMTPS connection to be intercepted by a man-in-the-middle attack which could leak any log messages sent through that appender. Fixed in Apache Log4j 2.12.3 and 2.13.1
Publish Date: 2020-04-27
URL: CVE-2020-9488
### CVSS 3 Score Details (3.7)Base Score Metrics: - Exploitability Metrics: - Attack Vector: Network - Attack Complexity: High - Privileges Required: None - User Interaction: None - Scope: Unchanged - Impact Metrics: - Confidentiality Impact: Low - Integrity Impact: None - Availability Impact: None
For more information on CVSS3 Scores, click here. ### Suggested FixType: Upgrade version
Origin: https://reload4j.qos.ch/
Release Date: 2020-04-27
Fix Resolution: ch.qos.reload4j:reload4j:1.2.18.3
CVE-2020-9493
### Vulnerable Library - log4j-1.2.16.jarApache Log4j 1.2
Library home page: http://logging.apache.org/log4j/1.2/
Path to dependency file: /ksa-web-root/ksa-security-web/pom.xml
Path to vulnerable library: /home/wss-scanner/.m2/repository/log4j/log4j/1.2.16/log4j-1.2.16.jar
Dependency Hierarchy: - ksa-security-web-3.9.2.pom (Root Library) - slf4j-log4j12-1.6.1.jar - :x: **log4j-1.2.16.jar** (Vulnerable Library)
Found in HEAD commit: f3f88b40d6fb433c739a83504cd0dfad346a4cf2
Found in base branch: master
### Reachability AnalysisThe vulnerable code is unreachable
### Vulnerability DetailsA deserialization flaw was found in Apache Chainsaw versions prior to 2.1.0 which could lead to malicious code execution.
Publish Date: 2021-06-16
URL: CVE-2020-9493
### CVSS 3 Score Details (9.8)Base Score Metrics: - Exploitability Metrics: - Attack Vector: Network - Attack Complexity: Low - Privileges Required: None - User Interaction: None - Scope: Unchanged - Impact Metrics: - Confidentiality Impact: High - Integrity Impact: High - Availability Impact: High
For more information on CVSS3 Scores, click here. ### Suggested FixType: Upgrade version
Origin: https://www.openwall.com/lists/oss-security/2021/06/16/1
Release Date: 2021-06-16
Fix Resolution: ch.qos.reload4j:reload4j:1.2.18.1
CVE-2019-17571
### Vulnerable Library - log4j-1.2.16.jarApache Log4j 1.2
Library home page: http://logging.apache.org/log4j/1.2/
Path to dependency file: /ksa-web-root/ksa-security-web/pom.xml
Path to vulnerable library: /home/wss-scanner/.m2/repository/log4j/log4j/1.2.16/log4j-1.2.16.jar
Dependency Hierarchy: - ksa-security-web-3.9.2.pom (Root Library) - slf4j-log4j12-1.6.1.jar - :x: **log4j-1.2.16.jar** (Vulnerable Library)
Found in HEAD commit: f3f88b40d6fb433c739a83504cd0dfad346a4cf2
Found in base branch: master
### Reachability AnalysisThe vulnerable code is unreachable
### Vulnerability DetailsIncluded in Log4j 1.2 is a SocketServer class that is vulnerable to deserialization of untrusted data which can be exploited to remotely execute arbitrary code when combined with a deserialization gadget when listening to untrusted network traffic for log data. This affects Log4j versions up to 1.2 up to 1.2.17.
Publish Date: 2019-12-20
URL: CVE-2019-17571
### CVSS 3 Score Details (9.8)Base Score Metrics: - Exploitability Metrics: - Attack Vector: Network - Attack Complexity: Low - Privileges Required: None - User Interaction: None - Scope: Unchanged - Impact Metrics: - Confidentiality Impact: High - Integrity Impact: High - Availability Impact: High
For more information on CVSS3 Scores, click here. ### Suggested FixType: Upgrade version
Origin: test
Release Date: 2019-12-20
Fix Resolution: test
CVE-2016-1000031
### Vulnerable Library - commons-fileupload-1.2.2.jarThe FileUpload component provides a simple yet flexible means of adding support for multipart file upload functionality to servlets and web applications.
Library home page: http://commons.apache.org/fileupload/
Path to dependency file: /ksa-web-root/ksa-statistics-web/pom.xml
Path to vulnerable library: /home/wss-scanner/.m2/repository/commons-fileupload/commons-fileupload/1.2.2/commons-fileupload-1.2.2.jar
Dependency Hierarchy: - ksa-security-web-3.9.2.pom (Root Library) - struts2-core-2.3.31.jar - :x: **commons-fileupload-1.2.2.jar** (Vulnerable Library)
Found in HEAD commit: f3f88b40d6fb433c739a83504cd0dfad346a4cf2
Found in base branch: master
### Reachability AnalysisThe vulnerable code is unreachable
### Vulnerability DetailsApache Commons FileUpload before 1.3.3 DiskFileItem File Manipulation Remote Code Execution
Publish Date: 2016-10-25
URL: CVE-2016-1000031
### CVSS 3 Score Details (9.8)Base Score Metrics: - Exploitability Metrics: - Attack Vector: Network - Attack Complexity: Low - Privileges Required: None - User Interaction: None - Scope: Unchanged - Impact Metrics: - Confidentiality Impact: High - Integrity Impact: High - Availability Impact: High
For more information on CVSS3 Scores, click here. ### Suggested FixType: Upgrade version
Origin: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1000031
Release Date: 2016-10-25
Fix Resolution: 1.3.3
CVE-2022-23307
### Vulnerable Library - log4j-1.2.16.jarApache Log4j 1.2
Library home page: http://logging.apache.org/log4j/1.2/
Path to dependency file: /ksa-web-root/ksa-security-web/pom.xml
Path to vulnerable library: /home/wss-scanner/.m2/repository/log4j/log4j/1.2.16/log4j-1.2.16.jar
Dependency Hierarchy: - ksa-security-web-3.9.2.pom (Root Library) - slf4j-log4j12-1.6.1.jar - :x: **log4j-1.2.16.jar** (Vulnerable Library)
Found in HEAD commit: f3f88b40d6fb433c739a83504cd0dfad346a4cf2
Found in base branch: master
### Reachability AnalysisThe vulnerable code is unreachable
### Vulnerability DetailsCVE-2020-9493 identified a deserialization issue that was present in Apache Chainsaw. Prior to Chainsaw V2.0 Chainsaw was a component of Apache Log4j 1.2.x where the same issue exists.
Publish Date: 2022-01-18
URL: CVE-2022-23307
### CVSS 3 Score Details (8.8)Base Score Metrics: - Exploitability Metrics: - Attack Vector: Network - Attack Complexity: Low - Privileges Required: Low - User Interaction: None - Scope: Unchanged - Impact Metrics: - Confidentiality Impact: High - Integrity Impact: High - Availability Impact: High
For more information on CVSS3 Scores, click here. ### Suggested FixType: Upgrade version
Release Date: 2022-01-18
Fix Resolution: ch.qos.reload4j:reload4j:1.2.18.1
CVE-2022-23302
### Vulnerable Library - log4j-1.2.16.jarApache Log4j 1.2
Library home page: http://logging.apache.org/log4j/1.2/
Path to dependency file: /ksa-web-root/ksa-security-web/pom.xml
Path to vulnerable library: /home/wss-scanner/.m2/repository/log4j/log4j/1.2.16/log4j-1.2.16.jar
Dependency Hierarchy: - ksa-security-web-3.9.2.pom (Root Library) - slf4j-log4j12-1.6.1.jar - :x: **log4j-1.2.16.jar** (Vulnerable Library)
Found in HEAD commit: f3f88b40d6fb433c739a83504cd0dfad346a4cf2
Found in base branch: master
### Reachability AnalysisThe vulnerable code is unreachable
### Vulnerability DetailsJMSSink in all versions of Log4j 1.x is vulnerable to deserialization of untrusted data when the attacker has write access to the Log4j configuration or if the configuration references an LDAP service the attacker has access to. The attacker can provide a TopicConnectionFactoryBindingName configuration causing JMSSink to perform JNDI requests that result in remote code execution in a similar fashion to CVE-2021-4104. Note this issue only affects Log4j 1.x when specifically configured to use JMSSink, which is not the default. Apache Log4j 1.2 reached end of life in August 2015. Users should upgrade to Log4j 2 as it addresses numerous other issues from the previous versions.
Publish Date: 2022-01-18
URL: CVE-2022-23302
### CVSS 3 Score Details (8.8)Base Score Metrics: - Exploitability Metrics: - Attack Vector: Network - Attack Complexity: Low - Privileges Required: Low - User Interaction: None - Scope: Unchanged - Impact Metrics: - Confidentiality Impact: High - Integrity Impact: High - Availability Impact: High
For more information on CVSS3 Scores, click here. ### Suggested FixType: Upgrade version
Origin: https://reload4j.qos.ch/
Release Date: 2022-01-18
Fix Resolution: ch.qos.reload4j:reload4j:1.2.18.1
WS-2014-0034
### Vulnerable Library - commons-fileupload-1.2.2.jarThe FileUpload component provides a simple yet flexible means of adding support for multipart file upload functionality to servlets and web applications.
Library home page: http://commons.apache.org/fileupload/
Path to dependency file: /ksa-web-root/ksa-statistics-web/pom.xml
Path to vulnerable library: /home/wss-scanner/.m2/repository/commons-fileupload/commons-fileupload/1.2.2/commons-fileupload-1.2.2.jar
Dependency Hierarchy: - ksa-security-web-3.9.2.pom (Root Library) - struts2-core-2.3.31.jar - :x: **commons-fileupload-1.2.2.jar** (Vulnerable Library)
Found in HEAD commit: f3f88b40d6fb433c739a83504cd0dfad346a4cf2
Found in base branch: master
### Reachability AnalysisThe vulnerable code is unreachable
### Vulnerability DetailsThe class FileUploadBase in Apache Commons Fileupload before 1.4 has potential resource leak - InputStream not closed on exception.
Publish Date: 2014-02-17
URL: WS-2014-0034
### CVSS 3 Score Details (7.5)Base Score Metrics: - Exploitability Metrics: - Attack Vector: Network - Attack Complexity: Low - Privileges Required: None - User Interaction: None - Scope: Unchanged - Impact Metrics: - Confidentiality Impact: High - Integrity Impact: None - Availability Impact: None
For more information on CVSS3 Scores, click here. ### Suggested FixType: Upgrade version
Release Date: 2014-02-17
Fix Resolution: 1.4
CVE-2023-26464
### Vulnerable Library - log4j-1.2.16.jarApache Log4j 1.2
Library home page: http://logging.apache.org/log4j/1.2/
Path to dependency file: /ksa-web-root/ksa-security-web/pom.xml
Path to vulnerable library: /home/wss-scanner/.m2/repository/log4j/log4j/1.2.16/log4j-1.2.16.jar
Dependency Hierarchy: - ksa-security-web-3.9.2.pom (Root Library) - slf4j-log4j12-1.6.1.jar - :x: **log4j-1.2.16.jar** (Vulnerable Library)
Found in HEAD commit: f3f88b40d6fb433c739a83504cd0dfad346a4cf2
Found in base branch: master
### Reachability AnalysisThe vulnerable code is unreachable
### Vulnerability Details** UNSUPPORTED WHEN ASSIGNED ** When using the Chainsaw or SocketAppender components with Log4j 1.x on JRE less than 1.7, an attacker that manages to cause a logging entry involving a specially-crafted (ie, deeply nested) hashmap or hashtable (depending on which logging component is in use) to be processed could exhaust the available memory in the virtual machine and achieve Denial of Service when the object is deserialized. This issue affects Apache Log4j before 2. Affected users are recommended to update to Log4j 2.x. NOTE: This vulnerability only affects products that are no longer supported by the maintainer.
Publish Date: 2023-03-10
URL: CVE-2023-26464
### CVSS 3 Score Details (7.5)Base Score Metrics: - Exploitability Metrics: - Attack Vector: Network - Attack Complexity: Low - Privileges Required: None - User Interaction: None - Scope: Unchanged - Impact Metrics: - Confidentiality Impact: None - Integrity Impact: None - Availability Impact: High
For more information on CVSS3 Scores, click here. ### Suggested FixType: Upgrade version
Origin: https://github.com/advisories/GHSA-vp98-w2p3-mv35
Release Date: 2023-03-10
Fix Resolution: org.apache.logging.log4j:log4j-core:2.0
CVE-2023-24998
### Vulnerable Library - commons-fileupload-1.2.2.jarThe FileUpload component provides a simple yet flexible means of adding support for multipart file upload functionality to servlets and web applications.
Library home page: http://commons.apache.org/fileupload/
Path to dependency file: /ksa-web-root/ksa-statistics-web/pom.xml
Path to vulnerable library: /home/wss-scanner/.m2/repository/commons-fileupload/commons-fileupload/1.2.2/commons-fileupload-1.2.2.jar
Dependency Hierarchy: - ksa-security-web-3.9.2.pom (Root Library) - struts2-core-2.3.31.jar - :x: **commons-fileupload-1.2.2.jar** (Vulnerable Library)
Found in HEAD commit: f3f88b40d6fb433c739a83504cd0dfad346a4cf2
Found in base branch: master
### Reachability AnalysisThe vulnerable code is unreachable
### Vulnerability DetailsApache Commons FileUpload before 1.5 does not limit the number of request parts to be processed resulting in the possibility of an attacker triggering a DoS with a malicious upload or series of uploads. Note that, like all of the file upload limits, the new configuration option (FileUploadBase#setFileCountMax) is not enabled by default and must be explicitly configured.
Publish Date: 2023-02-20
URL: CVE-2023-24998
### CVSS 3 Score Details (7.5)Base Score Metrics: - Exploitability Metrics: - Attack Vector: Network - Attack Complexity: Low - Privileges Required: None - User Interaction: None - Scope: Unchanged - Impact Metrics: - Confidentiality Impact: None - Integrity Impact: None - Availability Impact: High
For more information on CVSS3 Scores, click here. ### Suggested FixType: Upgrade version
Origin: https://tomcat.apache.org/security-10.html
Release Date: 2023-02-20
Fix Resolution: commons-fileupload:commons-fileupload:1.5;org.apache.tomcat:tomcat-coyote:8.5.85,9.0.71,10.1.5,11.0.0-M3;org.apache.tomcat.embed:tomcat-embed-core:8.5.85,9.0.71,10.1.5,11.0.0-M3;org.apache.tomcat:tomcat-util:8.5.85,9.0.71,10.1.5,11.0.0-M3;org.apache.tomcat:tomcat-catalina:8.5.85,9.0.71,10.1.5,11.0.0-M3
CVE-2017-9804
### Vulnerable Library - xwork-core-2.3.31.jarApache Struts 2
Library home page: http://struts.apache.org/xwork-core/
Path to dependency file: /ksa-web-core/pom.xml
Path to vulnerable library: /home/wss-scanner/.m2/repository/org/apache/struts/xwork/xwork-core/2.3.31/xwork-core-2.3.31.jar
Dependency Hierarchy: - ksa-security-web-3.9.2.pom (Root Library) - struts2-core-2.3.31.jar - :x: **xwork-core-2.3.31.jar** (Vulnerable Library)
Found in HEAD commit: f3f88b40d6fb433c739a83504cd0dfad346a4cf2
Found in base branch: master
### Reachability AnalysisThe vulnerable code is unreachable
### Vulnerability DetailsIn Apache Struts 2.3.7 through 2.3.33 and 2.5 through 2.5.12, if an application allows entering a URL in a form field and built-in URLValidator is used, it is possible to prepare a special URL which will be used to overload server process when performing validation of the URL. NOTE: this vulnerability exists because of an incomplete fix for S2-047 / CVE-2017-7672.
Publish Date: 2017-09-05
URL: CVE-2017-9804
### CVSS 3 Score Details (7.5)Base Score Metrics: - Exploitability Metrics: - Attack Vector: Network - Attack Complexity: Low - Privileges Required: None - User Interaction: None - Scope: Unchanged - Impact Metrics: - Confidentiality Impact: None - Integrity Impact: None - Availability Impact: High
For more information on CVSS3 Scores, click here. ### Suggested FixType: Upgrade version
Release Date: 2017-09-05
Fix Resolution: org.apache.struts:struts2-core:2.3.34,org.apache.struts:struts2-core:2.5.13
CVE-2016-3092
### Vulnerable Library - commons-fileupload-1.2.2.jarThe FileUpload component provides a simple yet flexible means of adding support for multipart file upload functionality to servlets and web applications.
Library home page: http://commons.apache.org/fileupload/
Path to dependency file: /ksa-web-root/ksa-statistics-web/pom.xml
Path to vulnerable library: /home/wss-scanner/.m2/repository/commons-fileupload/commons-fileupload/1.2.2/commons-fileupload-1.2.2.jar
Dependency Hierarchy: - ksa-security-web-3.9.2.pom (Root Library) - struts2-core-2.3.31.jar - :x: **commons-fileupload-1.2.2.jar** (Vulnerable Library)
Found in HEAD commit: f3f88b40d6fb433c739a83504cd0dfad346a4cf2
Found in base branch: master
### Reachability AnalysisThe vulnerable code is unreachable
### Vulnerability DetailsThe MultipartStream class in Apache Commons Fileupload before 1.3.2, as used in Apache Tomcat 7.x before 7.0.70, 8.x before 8.0.36, 8.5.x before 8.5.3, and 9.x before 9.0.0.M7 and other products, allows remote attackers to cause a denial of service (CPU consumption) via a long boundary string.
Publish Date: 2016-07-04
URL: CVE-2016-3092
### CVSS 3 Score Details (7.5)Base Score Metrics: - Exploitability Metrics: - Attack Vector: Network - Attack Complexity: Low - Privileges Required: None - User Interaction: None - Scope: Unchanged - Impact Metrics: - Confidentiality Impact: None - Integrity Impact: None - Availability Impact: High
For more information on CVSS3 Scores, click here. ### Suggested FixType: Upgrade version
Origin: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-3092
Release Date: 2016-07-04
Fix Resolution: org.apache.tomcat.embed:tomcat-embed-core:9.0.0.M8,8.5.3,8.0.36,7.0.70,org.apache.tomcat:tomcat-coyote:9.0.0.M8,8.5.3,8.0.36,7.0.70,commons-fileupload:commons-fileupload:1.3.2
CVE-2014-0050
### Vulnerable Library - commons-fileupload-1.2.2.jarThe FileUpload component provides a simple yet flexible means of adding support for multipart file upload functionality to servlets and web applications.
Library home page: http://commons.apache.org/fileupload/
Path to dependency file: /ksa-web-root/ksa-statistics-web/pom.xml
Path to vulnerable library: /home/wss-scanner/.m2/repository/commons-fileupload/commons-fileupload/1.2.2/commons-fileupload-1.2.2.jar
Dependency Hierarchy: - ksa-security-web-3.9.2.pom (Root Library) - struts2-core-2.3.31.jar - :x: **commons-fileupload-1.2.2.jar** (Vulnerable Library)
Found in HEAD commit: f3f88b40d6fb433c739a83504cd0dfad346a4cf2
Found in base branch: master
### Reachability AnalysisThe vulnerable code is unreachable
### Vulnerability DetailsMultipartStream.java in Apache Commons FileUpload before 1.3.1, as used in Apache Tomcat, JBoss Web, and other products, allows remote attackers to cause a denial of service (infinite loop and CPU consumption) via a crafted Content-Type header that bypasses a loop's intended exit conditions.
Publish Date: 2014-03-28
URL: CVE-2014-0050
### CVSS 3 Score Details (7.3)Base Score Metrics: - Exploitability Metrics: - Attack Vector: Network - Attack Complexity: Low - Privileges Required: None - User Interaction: None - Scope: Unchanged - Impact Metrics: - Confidentiality Impact: Low - Integrity Impact: Low - Availability Impact: Low
For more information on CVSS3 Scores, click here. ### Suggested FixType: Upgrade version
Origin: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0050
Release Date: 2014-03-28
Fix Resolution: 1.3.2
CVE-2013-2186
### Vulnerable Library - commons-fileupload-1.2.2.jarThe FileUpload component provides a simple yet flexible means of adding support for multipart file upload functionality to servlets and web applications.
Library home page: http://commons.apache.org/fileupload/
Path to dependency file: /ksa-web-root/ksa-statistics-web/pom.xml
Path to vulnerable library: /home/wss-scanner/.m2/repository/commons-fileupload/commons-fileupload/1.2.2/commons-fileupload-1.2.2.jar
Dependency Hierarchy: - ksa-security-web-3.9.2.pom (Root Library) - struts2-core-2.3.31.jar - :x: **commons-fileupload-1.2.2.jar** (Vulnerable Library)
Found in HEAD commit: f3f88b40d6fb433c739a83504cd0dfad346a4cf2
Found in base branch: master
### Reachability AnalysisThe vulnerable code is unreachable
### Vulnerability DetailsThe DiskFileItem class in Apache Commons FileUpload, as used in Red Hat JBoss BRMS 5.3.1; JBoss Portal 4.3 CP07, 5.2.2, and 6.0.0; and Red Hat JBoss Web Server 1.0.2 allows remote attackers to write to arbitrary files via a NULL byte in a file name in a serialized instance.
Publish Date: 2013-10-28
URL: CVE-2013-2186
### CVSS 3 Score Details (7.3)Base Score Metrics: - Exploitability Metrics: - Attack Vector: Network - Attack Complexity: Low - Privileges Required: None - User Interaction: None - Scope: Unchanged - Impact Metrics: - Confidentiality Impact: Low - Integrity Impact: Low - Availability Impact: Low
For more information on CVSS3 Scores, click here. ### Suggested FixType: Upgrade version
Origin: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-2186
Release Date: 2013-10-28
Fix Resolution: commons-fileupload:commons-fileupload:1.3.1
CVE-2013-0248
### Vulnerable Library - commons-fileupload-1.2.2.jarThe FileUpload component provides a simple yet flexible means of adding support for multipart file upload functionality to servlets and web applications.
Library home page: http://commons.apache.org/fileupload/
Path to dependency file: /ksa-web-root/ksa-statistics-web/pom.xml
Path to vulnerable library: /home/wss-scanner/.m2/repository/commons-fileupload/commons-fileupload/1.2.2/commons-fileupload-1.2.2.jar
Dependency Hierarchy: - ksa-security-web-3.9.2.pom (Root Library) - struts2-core-2.3.31.jar - :x: **commons-fileupload-1.2.2.jar** (Vulnerable Library)
Found in HEAD commit: f3f88b40d6fb433c739a83504cd0dfad346a4cf2
Found in base branch: master
### Reachability AnalysisThe vulnerable code is unreachable
### Vulnerability DetailsThe default configuration of javax.servlet.context.tempdir in Apache Commons FileUpload 1.0 through 1.2.2 uses the /tmp directory for uploaded files, which allows local users to overwrite arbitrary files via an unspecified symlink attack.
Publish Date: 2013-03-15
URL: CVE-2013-0248
### CVSS 3 Score Details (4.0)Base Score Metrics: - Exploitability Metrics: - Attack Vector: Local - Attack Complexity: High - Privileges Required: None - User Interaction: None - Scope: Unchanged - Impact Metrics: - Confidentiality Impact: None - Integrity Impact: Low - Availability Impact: Low
For more information on CVSS3 Scores, click here. ### Suggested FixType: Upgrade version
Origin: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-0248
Release Date: 2013-03-15
Fix Resolution: 1.3