Richg44 / easybuggy

Too buggy web application
Apache License 2.0
0 stars 0 forks source link

esapi-2.1.0.1.jar: 32 vulnerabilities (highest severity is: 8.1) reachable #39

Open mend-for-github-com[bot] opened 1 year ago

mend-for-github-com[bot] commented 1 year ago
Vulnerable Library - esapi-2.1.0.1.jar

The Enterprise Security API (ESAPI) project is an OWASP project to create simple strong security controls for every web platform. Security controls are not simple to build. You can read about the hundreds of pitfalls for unwary developers on the OWASP web site. By providing developers with a set of strong controls, we aim to eliminate some of the complexity of creating secure web applications. This can result in significant cost savings across the SDLC.

Library home page: http://www.owasp.org/index.php

Path to dependency file: /pom.xml

Path to vulnerable library: /home/wss-scanner/.m2/repository/org/owasp/esapi/esapi/2.1.0.1/esapi-2.1.0.1.jar

Vulnerabilities

CVE Severity CVSS Exploit Maturity EPSS Dependency Type Fixed in (esapi version) Remediation Possible** Reachability
WS-2023-0388 High 7.5 Not Defined esapi-2.1.0.1.jar Direct 2.5.2.0

Reachable

WS-2014-0034 High 7.5 Not Defined commons-fileupload-1.3.1.jar Transitive 2.4.0.0

Reachable

CVE-2023-24998 High 7.5 Not Defined 2.2% commons-fileupload-1.3.1.jar Transitive 2.5.2.0

Reachable

CVE-2022-34169 High 7.5 Not Defined 0.2% xalan-2.7.0.jar Transitive N/A*

Reachable

CVE-2022-29546 High 7.5 Not Defined 0.1% nekohtml-1.9.16.jar Transitive N/A*

Reachable

CVE-2022-28366 High 7.5 Not Defined 0.1% nekohtml-1.9.16.jar Transitive N/A*

Reachable

CVE-2022-24839 High 7.5 Not Defined 0.2% nekohtml-1.9.16.jar Transitive N/A*

Reachable

CVE-2022-23457 High 7.5 Not Defined 0.3% esapi-2.1.0.1.jar Direct 2.3.0.0

Reachable

CVE-2016-3092 High 7.5 Not Defined 5.5% commons-fileupload-1.3.1.jar Transitive 2.2.0.0

Reachable

CVE-2012-0881 High 7.5 Not Defined 1.3000001% xercesImpl-2.8.0.jar Transitive 2.5.3.0

Reachable

CVE-2016-1000031 High 7.3 Not Defined 5.9% commons-fileupload-1.3.1.jar Transitive 2.2.0.0

Reachable

CVE-2022-23437 Medium 6.5 Not Defined 0.5% xercesImpl-2.8.0.jar Transitive N/A*

Reachable

WS-2023-0429 Medium 6.1 Not Defined esapi-2.1.0.1.jar Direct no_fix

Reachable

CVE-2024-23635 Medium 6.1 Not Defined 0.0% antisamy-1.5.3.jar Transitive 2.5.4.0

Reachable

CVE-2023-43643 Medium 6.1 Not Defined 0.1% antisamy-1.5.3.jar Transitive 2.5.3.0

Reachable

CVE-2022-29577 Medium 6.1 Not Defined 0.1% antisamy-1.5.3.jar Transitive 2.3.0.0

Reachable

CVE-2022-28367 Medium 6.1 Not Defined 0.1% antisamy-1.5.3.jar Transitive 2.3.0.0

Reachable

CVE-2021-35043 Medium 6.1 Not Defined 0.1% antisamy-1.5.3.jar Transitive 2.3.0.0

Reachable

CVE-2017-14735 Medium 6.1 Not Defined 0.3% antisamy-1.5.3.jar Transitive 2.2.0.0

Reachable

CVE-2016-10006 Medium 6.1 Not Defined 0.1% antisamy-1.5.3.jar Transitive 2.2.0.0

Reachable

CVE-2013-4002 Medium 5.9 Not Defined 1.9% xercesImpl-2.8.0.jar Transitive 2.5.3.0

Reachable

CVE-2020-14338 Medium 5.3 Not Defined 0.1% xercesImpl-2.8.0.jar Transitive 2.5.3.0

Reachable

CVE-2009-2625 Medium 5.3 Not Defined 17.2% xercesImpl-2.8.0.jar Transitive 2.5.3.0

Reachable

CVE-2021-29425 Medium 4.8 Not Defined 0.2% commons-io-2.2.jar Transitive 2.5.3.0

Reachable

CVE-2012-5783 Medium 4.8 Not Defined 0.2% commons-httpclient-3.1.jar Transitive 2.2.0.0

Reachable

CVE-2016-2510 High 8.1 Not Defined 11.8% bsh-core-2.0b4.jar Transitive N/A*

Unreachable

CVE-2019-10086 High 7.3 Not Defined 0.4% commons-beanutils-core-1.8.3.jar Transitive N/A*

Unreachable

CVE-2014-0114 High 7.3 Not Defined 97.299995% commons-beanutils-core-1.8.3.jar Transitive N/A*

Unreachable

CVE-2014-0107 High 7.3 Not Defined 0.5% xalan-2.7.0.jar Transitive 2.5.0.0

Unreachable

CVE-2022-24891 Medium 5.4 Not Defined 0.2% esapi-2.1.0.1.jar Direct 2.3.0.0

Unreachable

CVE-2024-47554 High 7.5 Not Defined 0.0% commons-io-2.2.jar Transitive N/A*
CVE-2012-6153 Low 3.7 Not Defined 0.1% commons-httpclient-3.1.jar Transitive N/A*

*For some transitive vulnerabilities, there is no version of direct dependency with a fix. Check the "Details" section below to see if there is a version of transitive dependency where vulnerability is fixed.

**In some cases, Remediation PR cannot be created automatically for a vulnerability despite the availability of remediation

Details

Partial details (16 vulnerabilities) are displayed below due to a content size limitation in GitHub. To view information on the remaining vulnerabilities, navigate to the Mend Application.

WS-2023-0388 ### Vulnerable Library - esapi-2.1.0.1.jar

The Enterprise Security API (ESAPI) project is an OWASP project to create simple strong security controls for every web platform. Security controls are not simple to build. You can read about the hundreds of pitfalls for unwary developers on the OWASP web site. By providing developers with a set of strong controls, we aim to eliminate some of the complexity of creating secure web applications. This can result in significant cost savings across the SDLC.

Library home page: http://www.owasp.org/index.php

Path to dependency file: /pom.xml

Path to vulnerable library: /home/wss-scanner/.m2/repository/org/owasp/esapi/esapi/2.1.0.1/esapi-2.1.0.1.jar

Dependency Hierarchy: - :x: **esapi-2.1.0.1.jar** (Vulnerable Library)

Found in base branch: master

### Reachability Analysis This vulnerability is potentially reachable ``` org.t246osslab.easybuggy.core.servlets.AbstractServlet (Application) -> org.owasp.esapi.ESAPI (Extension) -> ❌ org.owasp.esapi.reference.DefaultHTTPUtilities (Vulnerable Component) ```

### Vulnerability Details

ESAPI 2.5.2.0 and later addressed the DoS vulnerability described in CVE-2023-24998, which Apache Commons FileUpload 1.5 attempted to remediate. But while writing up a new security bulletin regarding the impact on the affected ESAPI HTTPUtilities.getFileUploads methods (or more specifically those methods in the DefaultHTTPUtilities implementation class), I realized that a DoS vulnerability still persists in ESAPI and for that matter in Apache Commons FileUpload as well.

Publish Date: 2024-11-03

URL: WS-2023-0388

### Threat Assessment

Exploit Maturity: Not Defined

EPSS:

### CVSS 3 Score Details (7.5)

Base Score Metrics: - Exploitability Metrics: - Attack Vector: Network - Attack Complexity: Low - Privileges Required: None - User Interaction: None - Scope: Unchanged - Impact Metrics: - Confidentiality Impact: None - Integrity Impact: None - Availability Impact: High

For more information on CVSS3 Scores, click here.

### Suggested Fix

Type: Upgrade version

Origin: https://github.com/advisories/GHSA-7c2q-5qmr-v76q

Release Date: 2023-10-28

Fix Resolution: 2.5.2.0

In order to enable automatic remediation, please create workflow rules

WS-2014-0034 ### Vulnerable Library - commons-fileupload-1.3.1.jar

The Apache Commons FileUpload component provides a simple yet flexible means of adding support for multipart file upload functionality to servlets and web applications.

Library home page: http://www.apache.org/

Path to dependency file: /pom.xml

Path to vulnerable library: /home/wss-scanner/.m2/repository/commons-fileupload/commons-fileupload/1.3.1/commons-fileupload-1.3.1.jar

Dependency Hierarchy: - esapi-2.1.0.1.jar (Root Library) - :x: **commons-fileupload-1.3.1.jar** (Vulnerable Library)

Found in base branch: master

### Reachability Analysis This vulnerability is potentially reachable ``` org.t246osslab.easybuggy.core.servlets.AbstractServlet (Application) -> org.owasp.esapi.ESAPI (Extension) -> org.owasp.esapi.reference.DefaultHTTPUtilities (Extension) -> org.apache.commons.fileupload.servlet.ServletFileUpload (Extension) -> ❌ org.apache.commons.fileupload.FileUploadBase (Vulnerable Component) ```

### Vulnerability Details

The class FileUploadBase in Apache Commons Fileupload before 1.4 has potential resource leak - InputStream not closed on exception.

Publish Date: 2014-02-17

URL: WS-2014-0034

### Threat Assessment

Exploit Maturity: Not Defined

EPSS:

### CVSS 3 Score Details (7.5)

Base Score Metrics: - Exploitability Metrics: - Attack Vector: Network - Attack Complexity: Low - Privileges Required: None - User Interaction: None - Scope: Unchanged - Impact Metrics: - Confidentiality Impact: High - Integrity Impact: None - Availability Impact: None

For more information on CVSS3 Scores, click here.

### Suggested Fix

Type: Upgrade version

Release Date: 2014-02-17

Fix Resolution (commons-fileupload:commons-fileupload): 1.4

Direct dependency fix Resolution (org.owasp.esapi:esapi): 2.4.0.0

In order to enable automatic remediation, please create workflow rules

CVE-2023-24998 ### Vulnerable Library - commons-fileupload-1.3.1.jar

The Apache Commons FileUpload component provides a simple yet flexible means of adding support for multipart file upload functionality to servlets and web applications.

Library home page: http://www.apache.org/

Path to dependency file: /pom.xml

Path to vulnerable library: /home/wss-scanner/.m2/repository/commons-fileupload/commons-fileupload/1.3.1/commons-fileupload-1.3.1.jar

Dependency Hierarchy: - esapi-2.1.0.1.jar (Root Library) - :x: **commons-fileupload-1.3.1.jar** (Vulnerable Library)

Found in base branch: master

### Reachability Analysis This vulnerability is potentially reachable ``` org.t246osslab.easybuggy.core.servlets.AbstractServlet (Application) -> org.owasp.esapi.ESAPI (Extension) -> org.owasp.esapi.reference.DefaultHTTPUtilities (Extension) -> org.apache.commons.fileupload.servlet.ServletFileUpload (Extension) -> ❌ org.apache.commons.fileupload.FileUploadBase (Vulnerable Component) ```

### Vulnerability Details

Apache Commons FileUpload before 1.5 does not limit the number of request parts to be processed resulting in the possibility of an attacker triggering a DoS with a malicious upload or series of uploads. Note that, like all of the file upload limits, the new configuration option (FileUploadBase#setFileCountMax) is not enabled by default and must be explicitly configured.

Publish Date: 2023-02-20

URL: CVE-2023-24998

### Threat Assessment

Exploit Maturity: Not Defined

EPSS: 2.2%

### CVSS 3 Score Details (7.5)

Base Score Metrics: - Exploitability Metrics: - Attack Vector: Network - Attack Complexity: Low - Privileges Required: None - User Interaction: None - Scope: Unchanged - Impact Metrics: - Confidentiality Impact: None - Integrity Impact: None - Availability Impact: High

For more information on CVSS3 Scores, click here.

### Suggested Fix

Type: Upgrade version

Origin: https://tomcat.apache.org/security-10.html

Release Date: 2023-02-20

Fix Resolution (commons-fileupload:commons-fileupload): 1.5

Direct dependency fix Resolution (org.owasp.esapi:esapi): 2.5.2.0

In order to enable automatic remediation, please create workflow rules

CVE-2022-34169 ### Vulnerable Library - xalan-2.7.0.jar

Path to dependency file: /pom.xml

Path to vulnerable library: /home/wss-scanner/.m2/repository/xalan/xalan/2.7.0/xalan-2.7.0.jar

Dependency Hierarchy: - esapi-2.1.0.1.jar (Root Library) - xom-1.2.5.jar - :x: **xalan-2.7.0.jar** (Vulnerable Library)

Found in base branch: master

### Reachability Analysis This vulnerability is potentially reachable ``` org.t246osslab.easybuggy.core.servlets.AbstractServlet (Application) -> org.owasp.esapi.ESAPI (Extension) -> org.owasp.esapi.reference.DefaultValidator (Extension) -> org.xml.sax.helpers.ParserAdapter$AttributeListAdapter (Extension) ... -> org.apache.xalan.xsltc.DOM (Extension) -> org.apache.xalan.xsltc.runtime.Hashtable (Extension) -> ❌ org.apache.xalan.xsltc.runtime.Hashtable$HashtableEnumerator (Vulnerable Component) ```

### Vulnerability Details

The Apache Xalan Java XSLT library is vulnerable to an integer truncation issue when processing malicious XSLT stylesheets. This can be used to corrupt Java class files generated by the internal XSLTC compiler and execute arbitrary Java bytecode. Users are recommended to update to version 2.7.3 or later. Note: Java runtimes (such as OpenJDK) include repackaged copies of Xalan.

Publish Date: 2022-07-19

URL: CVE-2022-34169

### Threat Assessment

Exploit Maturity: Not Defined

EPSS: 0.2%

### CVSS 3 Score Details (7.5)

Base Score Metrics: - Exploitability Metrics: - Attack Vector: Network - Attack Complexity: Low - Privileges Required: None - User Interaction: None - Scope: Unchanged - Impact Metrics: - Confidentiality Impact: None - Integrity Impact: High - Availability Impact: None

For more information on CVSS3 Scores, click here.

### Suggested Fix

Type: Upgrade version

Origin: https://github.com/advisories/GHSA-9339-86wc-4qgf

Release Date: 2022-07-19

Fix Resolution: xalan:xalan:2.7.3

CVE-2022-29546 ### Vulnerable Library - nekohtml-1.9.16.jar

An HTML parser and tag balancer.

Library home page: http://nekohtml.sourceforge.net/

Path to dependency file: /pom.xml

Path to vulnerable library: /home/wss-scanner/.m2/repository/net/sourceforge/nekohtml/nekohtml/1.9.16/nekohtml-1.9.16.jar

Dependency Hierarchy: - esapi-2.1.0.1.jar (Root Library) - antisamy-1.5.3.jar - :x: **nekohtml-1.9.16.jar** (Vulnerable Library)

Found in base branch: master

### Reachability Analysis This vulnerability is potentially reachable ``` org.t246osslab.easybuggy.core.servlets.AbstractServlet (Application) -> org.owasp.esapi.ESAPI (Extension) -> org.owasp.esapi.reference.DefaultValidator (Extension) -> org.owasp.validator.html.scan.AntiSamyDOMScanner (Extension) ... -> org.cyberneko.html.HTMLConfiguration (Extension) -> org.cyberneko.html.HTMLScanner (Extension) -> ❌ org.cyberneko.html.HTMLScanner$ContentScanner (Vulnerable Component) ```

### Vulnerability Details

HtmlUnit NekoHtml Parser before 2.61.0 suffers from a denial of service vulnerability. Crafted input associated with the parsing of Processing Instruction (PI) data leads to heap memory consumption. This is similar to CVE-2022-28366 but affects a much later version of the product.

Publish Date: 2022-04-25

URL: CVE-2022-29546

### Threat Assessment

Exploit Maturity: Not Defined

EPSS: 0.1%

### CVSS 3 Score Details (7.5)

Base Score Metrics: - Exploitability Metrics: - Attack Vector: Network - Attack Complexity: Low - Privileges Required: None - User Interaction: None - Scope: Unchanged - Impact Metrics: - Confidentiality Impact: None - Integrity Impact: None - Availability Impact: High

For more information on CVSS3 Scores, click here.

### Suggested Fix

Type: Upgrade version

Release Date: 2022-04-25

Fix Resolution: net.sourceforge.htmlunit:neko-htmlunit:2.61.0

CVE-2022-28366 ### Vulnerable Library - nekohtml-1.9.16.jar

An HTML parser and tag balancer.

Library home page: http://nekohtml.sourceforge.net/

Path to dependency file: /pom.xml

Path to vulnerable library: /home/wss-scanner/.m2/repository/net/sourceforge/nekohtml/nekohtml/1.9.16/nekohtml-1.9.16.jar

Dependency Hierarchy: - esapi-2.1.0.1.jar (Root Library) - antisamy-1.5.3.jar - :x: **nekohtml-1.9.16.jar** (Vulnerable Library)

Found in base branch: master

### Reachability Analysis This vulnerability is potentially reachable ``` org.t246osslab.easybuggy.core.servlets.AbstractServlet (Application) -> org.owasp.esapi.ESAPI (Extension) -> org.owasp.esapi.reference.DefaultValidator (Extension) -> org.owasp.validator.html.AntiSamy (Extension) ... -> org.cyberneko.html.parsers.SAXParser (Extension) -> org.cyberneko.html.HTMLConfiguration (Extension) -> ❌ org.cyberneko.html.HTMLTagBalancingListener (Vulnerable Component) ```

### Vulnerability Details

Certain Neko-related HTML parsers allow a denial of service via crafted Processing Instruction (PI) input that causes excessive heap memory consumption. In particular, this issue exists in HtmlUnit-Neko through 2.26, and is fixed in 2.27. This issue also exists in CyberNeko HTML through 1.9.22 (also affecting OWASP AntiSamy before 1.6.6), but 1.9.22 is the last version of CyberNeko HTML. NOTE: this may be related to CVE-2022-24839.

Publish Date: 2022-04-21

URL: CVE-2022-28366

### Threat Assessment

Exploit Maturity: Not Defined

EPSS: 0.1%

### CVSS 3 Score Details (7.5)

Base Score Metrics: - Exploitability Metrics: - Attack Vector: Network - Attack Complexity: Low - Privileges Required: None - User Interaction: None - Scope: Unchanged - Impact Metrics: - Confidentiality Impact: None - Integrity Impact: None - Availability Impact: High

For more information on CVSS3 Scores, click here.

### Suggested Fix

Type: Upgrade version

Origin: https://github.com/advisories/GHSA-g9hh-vvx3-v37v

Release Date: 2022-04-21

Fix Resolution: net.sourceforge.htmlunit:neko-htmlunit:2.27

CVE-2022-24839 ### Vulnerable Library - nekohtml-1.9.16.jar

An HTML parser and tag balancer.

Library home page: http://nekohtml.sourceforge.net/

Path to dependency file: /pom.xml

Path to vulnerable library: /home/wss-scanner/.m2/repository/net/sourceforge/nekohtml/nekohtml/1.9.16/nekohtml-1.9.16.jar

Dependency Hierarchy: - esapi-2.1.0.1.jar (Root Library) - antisamy-1.5.3.jar - :x: **nekohtml-1.9.16.jar** (Vulnerable Library)

Found in base branch: master

### Reachability Analysis This vulnerability is potentially reachable ``` org.t246osslab.easybuggy.core.servlets.AbstractServlet (Application) -> org.owasp.esapi.ESAPI (Extension) -> org.owasp.esapi.reference.DefaultValidator (Extension) -> org.owasp.validator.html.scan.AntiSamyDOMScanner (Extension) ... -> org.cyberneko.html.HTMLConfiguration (Extension) -> org.cyberneko.html.HTMLScanner (Extension) -> ❌ org.cyberneko.html.HTMLScanner$ContentScanner (Vulnerable Component) ```

### Vulnerability Details

org.cyberneko.html is an html parser written in Java. The fork of `org.cyberneko.html` used by Nokogiri (Rubygem) raises a `java.lang.OutOfMemoryError` exception when parsing ill-formed HTML markup. Users are advised to upgrade to `>= 1.9.22.noko2`. Note: The upstream library `org.cyberneko.html` is no longer maintained. Nokogiri uses its own fork of this library located at https://github.com/sparklemotion/nekohtml and this CVE applies only to that fork. Other forks of nekohtml may have a similar vulnerability.

Publish Date: 2022-04-11

URL: CVE-2022-24839

### Threat Assessment

Exploit Maturity: Not Defined

EPSS: 0.2%

### CVSS 3 Score Details (7.5)

Base Score Metrics: - Exploitability Metrics: - Attack Vector: Network - Attack Complexity: Low - Privileges Required: None - User Interaction: None - Scope: Unchanged - Impact Metrics: - Confidentiality Impact: None - Integrity Impact: None - Availability Impact: High

For more information on CVSS3 Scores, click here.

### Suggested Fix

Type: Upgrade version

Origin: https://github.com/sparklemotion/nekohtml/security/advisories/GHSA-9849-p7jc-9rmv

Release Date: 2022-04-11

Fix Resolution: net.sourceforge.nekohtml:nekohtml:1.9.22.noko2

CVE-2022-23457 ### Vulnerable Library - esapi-2.1.0.1.jar

The Enterprise Security API (ESAPI) project is an OWASP project to create simple strong security controls for every web platform. Security controls are not simple to build. You can read about the hundreds of pitfalls for unwary developers on the OWASP web site. By providing developers with a set of strong controls, we aim to eliminate some of the complexity of creating secure web applications. This can result in significant cost savings across the SDLC.

Library home page: http://www.owasp.org/index.php

Path to dependency file: /pom.xml

Path to vulnerable library: /home/wss-scanner/.m2/repository/org/owasp/esapi/esapi/2.1.0.1/esapi-2.1.0.1.jar

Dependency Hierarchy: - :x: **esapi-2.1.0.1.jar** (Vulnerable Library)

Found in base branch: master

### Reachability Analysis This vulnerability is potentially reachable ``` org.t246osslab.easybuggy.core.servlets.AbstractServlet (Application) -> org.owasp.esapi.ESAPI (Extension) -> org.owasp.esapi.reference.AbstractAuthenticator (Extension) -> ❌ org.owasp.esapi.reference.AbstractAuthenticator$1 (Vulnerable Component) ```

### Vulnerability Details

ESAPI (The OWASP Enterprise Security API) is a free, open source, web application security control library. Prior to version 2.3.0.0, the default implementation of `Validator.getValidDirectoryPath(String, String, File, boolean)` may incorrectly treat the tested input string as a child of the specified parent directory. This potentially could allow control-flow bypass checks to be defeated if an attack can specify the entire string representing the 'input' path. This vulnerability is patched in release 2.3.0.0 of ESAPI. As a workaround, it is possible to write one's own implementation of the Validator interface. However, maintainers do not recommend this.

Publish Date: 2022-04-25

URL: CVE-2022-23457

### Threat Assessment

Exploit Maturity: Not Defined

EPSS: 0.3%

### CVSS 3 Score Details (7.5)

Base Score Metrics: - Exploitability Metrics: - Attack Vector: Network - Attack Complexity: High - Privileges Required: Low - User Interaction: None - Scope: Unchanged - Impact Metrics: - Confidentiality Impact: High - Integrity Impact: High - Availability Impact: High

For more information on CVSS3 Scores, click here.

### Suggested Fix

Type: Upgrade version

Origin: https://github.com/ESAPI/esapi-java-legacy/security/advisories/GHSA-8m5h-hrqm-pxm2

Release Date: 2022-04-25

Fix Resolution: 2.3.0.0

In order to enable automatic remediation, please create workflow rules

CVE-2016-3092 ### Vulnerable Library - commons-fileupload-1.3.1.jar

The Apache Commons FileUpload component provides a simple yet flexible means of adding support for multipart file upload functionality to servlets and web applications.

Library home page: http://www.apache.org/

Path to dependency file: /pom.xml

Path to vulnerable library: /home/wss-scanner/.m2/repository/commons-fileupload/commons-fileupload/1.3.1/commons-fileupload-1.3.1.jar

Dependency Hierarchy: - esapi-2.1.0.1.jar (Root Library) - :x: **commons-fileupload-1.3.1.jar** (Vulnerable Library)

Found in base branch: master

### Reachability Analysis This vulnerability is potentially reachable ``` org.t246osslab.easybuggy.core.servlets.AbstractServlet (Application) -> org.owasp.esapi.ESAPI (Extension) -> org.owasp.esapi.reference.DefaultHTTPUtilities (Extension) -> org.apache.commons.fileupload.servlet.ServletFileUpload (Extension) -> org.apache.commons.fileupload.FileUploadBase (Extension) -> org.apache.commons.fileupload.FileUploadBase$FileItemIteratorImpl$FileItemStreamImpl (Extension) -> ❌ org.apache.commons.fileupload.MultipartStream (Vulnerable Component) ```

### Vulnerability Details

The MultipartStream class in Apache Commons Fileupload before 1.3.2, as used in Apache Tomcat 7.x before 7.0.70, 8.x before 8.0.36, 8.5.x before 8.5.3, and 9.x before 9.0.0.M7 and other products, allows remote attackers to cause a denial of service (CPU consumption) via a long boundary string.

Publish Date: 2016-07-04

URL: CVE-2016-3092

### Threat Assessment

Exploit Maturity: Not Defined

EPSS: 5.5%

### CVSS 3 Score Details (7.5)

Base Score Metrics: - Exploitability Metrics: - Attack Vector: Network - Attack Complexity: Low - Privileges Required: None - User Interaction: None - Scope: Unchanged - Impact Metrics: - Confidentiality Impact: None - Integrity Impact: None - Availability Impact: High

For more information on CVSS3 Scores, click here.

### Suggested Fix

Type: Upgrade version

Origin: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-3092

Release Date: 2016-07-04

Fix Resolution (commons-fileupload:commons-fileupload): 1.3.2

Direct dependency fix Resolution (org.owasp.esapi:esapi): 2.2.0.0

In order to enable automatic remediation, please create workflow rules

CVE-2012-0881 ### Vulnerable Library - xercesImpl-2.8.0.jar

Xerces2 is the next generation of high performance, fully compliant XML parsers in the Apache Xerces family. This new version of Xerces introduces the Xerces Native Interface (XNI), a complete framework for building parser components and configurations that is extremely modular and easy to program.

Library home page: http://www.apache.org/

Path to dependency file: /pom.xml

Path to vulnerable library: /home/wss-scanner/.m2/repository/xerces/xercesImpl/2.8.0/xercesImpl-2.8.0.jar

Dependency Hierarchy: - esapi-2.1.0.1.jar (Root Library) - xom-1.2.5.jar - :x: **xercesImpl-2.8.0.jar** (Vulnerable Library)

Found in base branch: master

### Reachability Analysis This vulnerability is potentially reachable ``` org.t246osslab.easybuggy.core.servlets.AbstractServlet (Application) -> org.owasp.esapi.ESAPI (Extension) -> org.owasp.esapi.reference.DefaultValidator (Extension) -> org.apache.xerces.dom.DocumentImpl (Extension) ... -> org.apache.xerces.impl.dtd.XMLDTDValidator (Extension) -> org.apache.xerces.impl.dtd.BalancedDTDGrammar (Extension) -> ❌ org.apache.xerces.impl.dtd.DTDGrammar$QNameHashtable (Vulnerable Component) ```

### Vulnerability Details

Apache Xerces2 Java Parser before 2.12.0 allows remote attackers to cause a denial of service (CPU consumption) via a crafted message to an XML service, which triggers hash table collisions.

Publish Date: 2017-10-30

URL: CVE-2012-0881

### Threat Assessment

Exploit Maturity: Not Defined

EPSS: 1.3000001%

### CVSS 3 Score Details (7.5)

Base Score Metrics: - Exploitability Metrics: - Attack Vector: Network - Attack Complexity: Low - Privileges Required: None - User Interaction: None - Scope: Unchanged - Impact Metrics: - Confidentiality Impact: None - Integrity Impact: None - Availability Impact: High

For more information on CVSS3 Scores, click here.

### Suggested Fix

Type: Upgrade version

Origin: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-0881

Release Date: 2017-10-30

Fix Resolution (xerces:xercesImpl): 2.12.0

Direct dependency fix Resolution (org.owasp.esapi:esapi): 2.5.3.0

In order to enable automatic remediation, please create workflow rules

CVE-2016-1000031 ### Vulnerable Library - commons-fileupload-1.3.1.jar

The Apache Commons FileUpload component provides a simple yet flexible means of adding support for multipart file upload functionality to servlets and web applications.

Library home page: http://www.apache.org/

Path to dependency file: /pom.xml

Path to vulnerable library: /home/wss-scanner/.m2/repository/commons-fileupload/commons-fileupload/1.3.1/commons-fileupload-1.3.1.jar

Dependency Hierarchy: - esapi-2.1.0.1.jar (Root Library) - :x: **commons-fileupload-1.3.1.jar** (Vulnerable Library)

Found in base branch: master

### Reachability Analysis This vulnerability is potentially reachable ``` org.t246osslab.easybuggy.core.servlets.AbstractServlet (Application) -> org.owasp.esapi.ESAPI (Extension) -> org.owasp.esapi.reference.DefaultHTTPUtilities (Extension) -> org.apache.commons.fileupload.disk.DiskFileItemFactory (Extension) -> ❌ org.apache.commons.fileupload.disk.DiskFileItem (Vulnerable Component) ```

### Vulnerability Details

Apache Commons FileUpload before 1.3.3 DiskFileItem File Manipulation Remote Code Execution

Publish Date: 2016-10-25

URL: CVE-2016-1000031

### Threat Assessment

Exploit Maturity: Not Defined

EPSS: 5.9%

### CVSS 3 Score Details (7.3)

Base Score Metrics: - Exploitability Metrics: - Attack Vector: Network - Attack Complexity: Low - Privileges Required: None - User Interaction: None - Scope: Unchanged - Impact Metrics: - Confidentiality Impact: Low - Integrity Impact: Low - Availability Impact: Low

For more information on CVSS3 Scores, click here.

### Suggested Fix

Type: Upgrade version

Origin: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1000031

Release Date: 2016-10-25

Fix Resolution (commons-fileupload:commons-fileupload): 1.3.3

Direct dependency fix Resolution (org.owasp.esapi:esapi): 2.2.0.0

In order to enable automatic remediation, please create workflow rules

CVE-2022-23437 ### Vulnerable Library - xercesImpl-2.8.0.jar

Xerces2 is the next generation of high performance, fully compliant XML parsers in the Apache Xerces family. This new version of Xerces introduces the Xerces Native Interface (XNI), a complete framework for building parser components and configurations that is extremely modular and easy to program.

Library home page: http://www.apache.org/

Path to dependency file: /pom.xml

Path to vulnerable library: /home/wss-scanner/.m2/repository/xerces/xercesImpl/2.8.0/xercesImpl-2.8.0.jar

Dependency Hierarchy: - esapi-2.1.0.1.jar (Root Library) - xom-1.2.5.jar - :x: **xercesImpl-2.8.0.jar** (Vulnerable Library)

Found in base branch: master

### Reachability Analysis This vulnerability is potentially reachable ``` org.t246osslab.easybuggy.core.servlets.AbstractServlet (Application) -> org.owasp.esapi.ESAPI (Extension) -> org.owasp.esapi.reference.DefaultValidator (Extension) -> org.apache.xerces.dom.DOMNormalizer (Extension) ... -> org.apache.xml.serialize.DOMSerializerImpl (Extension) -> org.apache.xerces.impl.XMLEntityManager (Extension) -> ❌ org.apache.xerces.impl.XMLEntityScanner (Vulnerable Component) ```

### Vulnerability Details

There's a vulnerability within the Apache Xerces Java (XercesJ) XML parser when handling specially crafted XML document payloads. This causes, the XercesJ XML parser to wait in an infinite loop, which may sometimes consume system resources for prolonged duration. This vulnerability is present within XercesJ version 2.12.1 and the previous versions.

Publish Date: 2022-01-24

URL: CVE-2022-23437

### Threat Assessment

Exploit Maturity: Not Defined

EPSS: 0.5%

### CVSS 3 Score Details (6.5)

Base Score Metrics: - Exploitability Metrics: - Attack Vector: Network - Attack Complexity: Low - Privileges Required: None - User Interaction: Required - Scope: Unchanged - Impact Metrics: - Confidentiality Impact: None - Integrity Impact: None - Availability Impact: High

For more information on CVSS3 Scores, click here.

### Suggested Fix

Type: Upgrade version

Origin: https://github.com/advisories/GHSA-h65f-jvqw-m9fj

Release Date: 2022-01-24

Fix Resolution: xerces:xercesImpl:2.12.2

WS-2023-0429 ### Vulnerable Library - esapi-2.1.0.1.jar

The Enterprise Security API (ESAPI) project is an OWASP project to create simple strong security controls for every web platform. Security controls are not simple to build. You can read about the hundreds of pitfalls for unwary developers on the OWASP web site. By providing developers with a set of strong controls, we aim to eliminate some of the complexity of creating secure web applications. This can result in significant cost savings across the SDLC.

Library home page: http://www.owasp.org/index.php

Path to dependency file: /pom.xml

Path to vulnerable library: /home/wss-scanner/.m2/repository/org/owasp/esapi/esapi/2.1.0.1/esapi-2.1.0.1.jar

Dependency Hierarchy: - :x: **esapi-2.1.0.1.jar** (Vulnerable Library)

Found in base branch: master

### Reachability Analysis This vulnerability is potentially reachable ``` org.t246osslab.easybuggy.core.servlets.AbstractServlet (Application) -> org.owasp.esapi.ESAPI (Extension) -> org.owasp.esapi.reference.AbstractAuthenticator (Extension) -> ❌ org.owasp.esapi.Logger$EventType (Vulnerable Component) ```

### Vulnerability Details

The Validator.isValidSafeHTML method can result in false negatives where it reports some input as safe (i.e., returns true), but really isn't, and using that same input as-is can in certain circumstances result in XSS vulnerabilities. Because this method cannot be fixed, it is being deprecated and will be removed in one years time from when this advisory is published. Note that all versions of ESAPI, that have this method (which dates back to at least the ESAPI 1.3 release more than 15 years ago) have this issue and it will continue to exist until these two methods are removed in a future ESAPI release.

Publish Date: 2024-11-03

URL: WS-2023-0429

### Threat Assessment

Exploit Maturity: Not Defined

EPSS:

### CVSS 3 Score Details (6.1)

Base Score Metrics: - Exploitability Metrics: - Attack Vector: Network - Attack Complexity: Low - Privileges Required: None - User Interaction: Required - Scope: Changed - Impact Metrics: - Confidentiality Impact: Low - Integrity Impact: Low - Availability Impact: None

For more information on CVSS3 Scores, click here.

### Suggested Fix

Type: Upgrade version

Origin: https://github.com/advisories/GHSA-r68h-jhhj-9jvm

Release Date: 2023-11-24

Fix Resolution: no_fix

In order to enable automatic remediation, please create workflow rules

CVE-2024-23635 ### Vulnerable Library - antisamy-1.5.3.jar

The OWASP AntiSamy project is a collection of APIs for safely allowing users to supply their own HTML and CSS without exposing the site to XSS vulnerabilities.

Library home page: http://www.owasp.org/

Path to dependency file: /pom.xml

Path to vulnerable library: /home/wss-scanner/.m2/repository/org/owasp/antisamy/antisamy/1.5.3/antisamy-1.5.3.jar

Dependency Hierarchy: - esapi-2.1.0.1.jar (Root Library) - :x: **antisamy-1.5.3.jar** (Vulnerable Library)

Found in base branch: master

### Reachability Analysis This vulnerability is potentially reachable ``` org.t246osslab.easybuggy.core.servlets.AbstractServlet (Application) -> org.owasp.esapi.ESAPI (Extension) -> org.owasp.esapi.reference.DefaultValidator (Extension) -> org.owasp.esapi.reference.validation.HTMLValidationRule (Extension) -> org.owasp.validator.html.AntiSamy (Extension) -> ❌ org.owasp.validator.html.scan.AntiSamyDOMScanner (Vulnerable Component) ```

### Vulnerability Details

AntiSamy is a library for performing fast, configurable cleansing of HTML coming from untrusted sources. Prior to 1.7.5, there is a potential for a mutation XSS (mXSS) vulnerability in AntiSamy caused by flawed parsing of the HTML being sanitized. To be subject to this vulnerability the `preserveComments` directive must be enabled in your policy file. As a result, certain crafty inputs can result in elements in comment tags being interpreted as executable when using AntiSamy's sanitized output. Patched in AntiSamy 1.7.5 and later.

Publish Date: 2024-02-02

URL: CVE-2024-23635

### Threat Assessment

Exploit Maturity: Not Defined

EPSS: 0.0%

### CVSS 3 Score Details (6.1)

Base Score Metrics: - Exploitability Metrics: - Attack Vector: Network - Attack Complexity: Low - Privileges Required: None - User Interaction: Required - Scope: Changed - Impact Metrics: - Confidentiality Impact: Low - Integrity Impact: Low - Availability Impact: None

For more information on CVSS3 Scores, click here.

### Suggested Fix

Type: Upgrade version

Origin: https://github.com/nahsra/antisamy/security/advisories/GHSA-2mrq-w8pv-5pvq

Release Date: 2024-02-02

Fix Resolution (org.owasp.antisamy:antisamy): 1.7.5

Direct dependency fix Resolution (org.owasp.esapi:esapi): 2.5.4.0

In order to enable automatic remediation, please create workflow rules

CVE-2023-43643 ### Vulnerable Library - antisamy-1.5.3.jar

The OWASP AntiSamy project is a collection of APIs for safely allowing users to supply their own HTML and CSS without exposing the site to XSS vulnerabilities.

Library home page: http://www.owasp.org/

Path to dependency file: /pom.xml

Path to vulnerable library: /home/wss-scanner/.m2/repository/org/owasp/antisamy/antisamy/1.5.3/antisamy-1.5.3.jar

Dependency Hierarchy: - esapi-2.1.0.1.jar (Root Library) - :x: **antisamy-1.5.3.jar** (Vulnerable Library)

Found in base branch: master

### Reachability Analysis This vulnerability is potentially reachable ``` org.t246osslab.easybuggy.core.servlets.AbstractServlet (Application) -> org.owasp.esapi.ESAPI (Extension) -> org.owasp.esapi.reference.DefaultValidator (Extension) -> org.owasp.esapi.reference.validation.HTMLValidationRule (Extension) -> org.owasp.validator.html.AntiSamy (Extension) -> org.owasp.validator.html.scan.AntiSamyDOMScanner (Extension) -> ❌ org.owasp.validator.html.scan.AbstractAntiSamyScanner (Vulnerable Component) ```

### Vulnerability Details

AntiSamy is a library for performing fast, configurable cleansing of HTML coming from untrusted sources. Prior to version 1.7.4, there is a potential for a mutation XSS (mXSS) vulnerability in AntiSamy caused by flawed parsing of the HTML being sanitized. To be subject to this vulnerability the `preserveComments` directive must be enabled in your policy file and also allow for certain tags at the same time. As a result, certain crafty inputs can result in elements in comment tags being interpreted as executable when using AntiSamy's sanitized output. This issue has been patched in AntiSamy 1.7.4 and later.

Publish Date: 2023-10-09

URL: CVE-2023-43643

### Threat Assessment

Exploit Maturity: Not Defined

EPSS: 0.1%

### CVSS 3 Score Details (6.1)

Base Score Metrics: - Exploitability Metrics: - Attack Vector: Network - Attack Complexity: Low - Privileges Required: None - User Interaction: Required - Scope: Changed - Impact Metrics: - Confidentiality Impact: Low - Integrity Impact: Low - Availability Impact: None

For more information on CVSS3 Scores, click here.

### Suggested Fix

Type: Upgrade version

Origin: https://www.cve.org/CVERecord?id=CVE-2023-43643

Release Date: 2023-10-09

Fix Resolution (org.owasp.antisamy:antisamy): 1.7.4

Direct dependency fix Resolution (org.owasp.esapi:esapi): 2.5.3.0

In order to enable automatic remediation, please create workflow rules

CVE-2022-29577 ### Vulnerable Library - antisamy-1.5.3.jar

The OWASP AntiSamy project is a collection of APIs for safely allowing users to supply their own HTML and CSS without exposing the site to XSS vulnerabilities.

Library home page: http://www.owasp.org/

Path to dependency file: /pom.xml

Path to vulnerable library: /home/wss-scanner/.m2/repository/org/owasp/antisamy/antisamy/1.5.3/antisamy-1.5.3.jar

Dependency Hierarchy: - esapi-2.1.0.1.jar (Root Library) - :x: **antisamy-1.5.3.jar** (Vulnerable Library)

Found in base branch: master

### Reachability Analysis This vulnerability is potentially reachable ``` org.t246osslab.easybuggy.core.servlets.AbstractServlet (Application) -> org.owasp.esapi.ESAPI (Extension) -> org.owasp.esapi.reference.DefaultValidator (Extension) -> org.owasp.esapi.reference.validation.HTMLValidationRule (Extension) -> org.owasp.validator.html.AntiSamy (Extension) -> ❌ org.owasp.validator.html.scan.AntiSamyDOMScanner (Vulnerable Component) ```

### Vulnerability Details

OWASP AntiSamy before 1.6.7 allows XSS via HTML tag smuggling on STYLE content with crafted input. The output serializer does not properly encode the supposed Cascading Style Sheets (CSS) content. NOTE: this issue exists because of an incomplete fix for CVE-2022-28367.

Publish Date: 2022-04-21

URL: CVE-2022-29577

### Threat Assessment

Exploit Maturity: Not Defined

EPSS: 0.1%

### CVSS 3 Score Details (6.1)

Base Score Metrics: - Exploitability Metrics: - Attack Vector: Network - Attack Complexity: Low - Privileges Required: None - User Interaction: Required - Scope: Changed - Impact Metrics: - Confidentiality Impact: Low - Integrity Impact: Low - Availability Impact: None

For more information on CVSS3 Scores, click here.

### Suggested Fix

Type: Upgrade version

Origin: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-29577

Release Date: 2022-04-21

Fix Resolution (org.owasp.antisamy:antisamy): 1.6.7

Direct dependency fix Resolution (org.owasp.esapi:esapi): 2.3.0.0

In order to enable automatic remediation, please create workflow rules


In order to enable automatic remediation for this issue, please create workflow rules