Skip to content

Commit

Permalink
Publish Advisories
Browse files Browse the repository at this point in the history 
GHSA-55j7-f5wf-43m4
GHSA-76vr-72mv-mf3q
GHSA-jgm2-m5cg-f66g
  • Loading branch information
@advisory-database
advisory-database[bot] committed Jul 13, 2022
1 parent c48948d commit f4713bb
Show file tree
Hide file tree
Showing 3 changed files with 154 additions and 77 deletions.
77 changes: 65 additions & 12 deletions ...A-55j7-f5wf-43m4/GHSA-55j7-f5wf-43m4.json → ...A-55j7-f5wf-43m4/GHSA-55j7-f5wf-43m4.json
View file
@@ -1,17 +1,74 @@
{
"schema_version": "1.2.0",
"id": "GHSA-55j7-f5wf-43m4",
"modified": "2022-05-13T01:09:21Z",
"modified": "2022-07-13T21:28:21Z",
"published": "2022-05-13T01:09:21Z",
"aliases": [
"CVE-2012-3451"
],
"summary": "Remote web-service operation execution in Apache CXF",
"details": "Apache CXF before 2.4.9, 2.5.x before 2.5.5, and 2.6.x before 2.6.2 allows remote attackers to execute unintended web-service operations by sending a header with a SOAP Action String that is inconsistent with the message body.",
"severity": [

],
"affected": [

{
"package": {
"ecosystem": "Maven",
"name": "org.apache.cxf:cxf"
},
"ranges": [
{
"type": "ECOSYSTEM",
"events": [
{
"introduced": "0"
},
{
"fixed": "2.4.9"
}
]
}
]
},
{
"package": {
"ecosystem": "Maven",
"name": "org.apache.cxf:cxf"
},
"ranges": [
{
"type": "ECOSYSTEM",
"events": [
{
"introduced": "2.5.0"
},
{
"fixed": "2.5.5"
}
]
}
]
},
{
"package": {
"ecosystem": "Maven",
"name": "org.apache.cxf:cxf"
},
"ranges": [
{
"type": "ECOSYSTEM",
"events": [
{
"introduced": "2.6.0"
},
{
"fixed": "2.6.2"
}
]
}
]
}
],
"references": [
{
Expand Down Expand Up @@ -92,22 +149,18 @@
},
{
"type": "WEB",
"url": "http://secunia.com/advisories/51607"
},
{
"type": "WEB",
"url": "http://secunia.com/advisories/52183"
"url": "http://svn.apache.org/viewvc?view=revision&revision=1368559"
},
{
"type": "WEB",
"url": "http://svn.apache.org/viewvc?view=revision&revision=1368559"
"type": "PACKAGE",
"url": "https://github.com/apache/cxf"
}
],
"database_specific": {
"cwe_ids": [
"CWE-20"

],
"severity": "MODERATE",
"github_reviewed": false
"severity": "HIGH",
"github_reviewed": true
}
}
68 changes: 45 additions & 23 deletions ...A-76vr-72mv-mf3q/GHSA-76vr-72mv-mf3q.json → ...A-76vr-72mv-mf3q/GHSA-76vr-72mv-mf3q.json
View file
@@ -1,17 +1,55 @@
{
"schema_version": "1.2.0",
"id": "GHSA-76vr-72mv-mf3q",
"modified": "2022-05-17T00:57:51Z",
"modified": "2022-07-13T21:29:42Z",
"published": "2022-05-17T00:57:51Z",
"aliases": [
"CVE-2012-4431"
],
"summary": "Cross-Site Request Forgery in Apache Tomcat",
"details": "org/apache/catalina/filters/CsrfPreventionFilter.java in Apache Tomcat 6.x before 6.0.36 and 7.x before 7.0.32 allows remote attackers to bypass the cross-site request forgery (CSRF) protection mechanism via a request that lacks a session identifier.",
"severity": [

],
"affected": [

{
"package": {
"ecosystem": "Maven",
"name": "org.apache.tomcat:tomcat"
},
"ranges": [
{
"type": "ECOSYSTEM",
"events": [
{
"introduced": "6.0.0"
},
{
"fixed": "6.0.36"
}
]
}
]
},
{
"package": {
"ecosystem": "Maven",
"name": "org.apache.tomcat:tomcat"
},
"ranges": [
{
"type": "ECOSYSTEM",
"events": [
{
"introduced": "7.0.0"
},
{
"fixed": "7.0.32"
}
]
}
]
}
],
"references": [
{
Expand All @@ -26,10 +64,6 @@
"type": "WEB",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A18541"
},
{
"type": "WEB",
"url": "http://archives.neohapsis.com/archives/bugtraq/2012-12/0045.html"
},
{
"type": "WEB",
"url": "http://lists.opensuse.org/opensuse-updates/2012-12/msg00089.html"
Expand Down Expand Up @@ -74,18 +108,10 @@
"type": "WEB",
"url": "http://rhn.redhat.com/errata/RHSA-2013-0648.html"
},
{
"type": "WEB",
"url": "http://rhn.redhat.com/errata/RHSA-2013-1437.html"
},
{
"type": "WEB",
"url": "http://rhn.redhat.com/errata/RHSA-2013-1853.html"
},
{
"type": "WEB",
"url": "http://secunia.com/advisories/57126"
},
{
"type": "WEB",
"url": "http://svn.apache.org/viewvc/tomcat/tc7.0.x/trunk/java/org/apache/catalina/filters/CsrfPreventionFilter.java?r1=1393088&r2=1393087&pathrev=1393088"
Expand All @@ -108,22 +134,18 @@
},
{
"type": "WEB",
"url": "http://www.securityfocus.com/bid/56814"
},
{
"type": "WEB",
"url": "http://www.securitytracker.com/id?1027834"
"url": "http://www.ubuntu.com/usn/USN-1685-1"
},
{
"type": "WEB",
"url": "http://www.ubuntu.com/usn/USN-1685-1"
"type": "PACKAGE",
"url": "https://github.com/apache/tomcat"
}
],
"database_specific": {
"cwe_ids": [

"CWE-352"
],
"severity": "MODERATE",
"github_reviewed": false
"github_reviewed": true
}
}
86 changes: 44 additions & 42 deletions ...A-jgm2-m5cg-f66g/GHSA-jgm2-m5cg-f66g.json → ...A-jgm2-m5cg-f66g/GHSA-jgm2-m5cg-f66g.json
View file
@@ -1,35 +1,65 @@
{
"schema_version": "1.2.0",
"id": "GHSA-jgm2-m5cg-f66g",
"modified": "2022-05-17T00:59:04Z",
"modified": "2022-07-13T21:29:14Z",
"published": "2022-05-17T00:59:04Z",
"aliases": [
"CVE-2012-3546"
],
"summary": "Authentication Bypass in Apache Tomcat",
"details": "org/apache/catalina/realm/RealmBase.java in Apache Tomcat 6.x before 6.0.36 and 7.x before 7.0.30, when FORM authentication is used, allows remote attackers to bypass security-constraint checks by leveraging a previous setUserPrincipal call and then placing /j_security_check at the end of a URI.",
"severity": [

],
"affected": [

{
"package": {
"ecosystem": "Maven",
"name": "org.apache.tomcat:tomcat"
},
"ranges": [
{
"type": "ECOSYSTEM",
"events": [
{
"introduced": "6.0.0"
},
{
"fixed": "6.0.36"
}
]
}
]
},
{
"package": {
"ecosystem": "Maven",
"name": "org.apache.tomcat:tomcat"
},
"ranges": [
{
"type": "ECOSYSTEM",
"events": [
{
"introduced": "7.0.0"
},
{
"fixed": "7.0.30"
}
]
}
]
}
],
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2012-3546"
},
{
"type": "WEB",
"url": "https://h20566.www2.hp.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c03748878"
},
{
"type": "WEB",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A19305"
},
{
"type": "WEB",
"url": "http://archives.neohapsis.com/archives/bugtraq/2012-12/0044.html"
},
{
"type": "WEB",
"url": "http://lists.opensuse.org/opensuse-updates/2012-12/msg00089.html"
Expand Down Expand Up @@ -98,10 +128,6 @@
"type": "WEB",
"url": "http://rhn.redhat.com/errata/RHSA-2013-0192.html"
},
{
"type": "WEB",
"url": "http://rhn.redhat.com/errata/RHSA-2013-0193.html"
},
{
"type": "WEB",
"url": "http://rhn.redhat.com/errata/RHSA-2013-0194.html"
Expand All @@ -114,10 +140,6 @@
"type": "WEB",
"url": "http://rhn.redhat.com/errata/RHSA-2013-0196.html"
},
{
"type": "WEB",
"url": "http://rhn.redhat.com/errata/RHSA-2013-0197.html"
},
{
"type": "WEB",
"url": "http://rhn.redhat.com/errata/RHSA-2013-0198.html"
Expand Down Expand Up @@ -146,18 +168,6 @@
"type": "WEB",
"url": "http://rhn.redhat.com/errata/RHSA-2013-0642.html"
},
{
"type": "WEB",
"url": "http://secunia.com/advisories/51984"
},
{
"type": "WEB",
"url": "http://secunia.com/advisories/52054"
},
{
"type": "WEB",
"url": "http://secunia.com/advisories/57126"
},
{
"type": "WEB",
"url": "http://svn.apache.org/viewvc/tomcat/tc7.0.x/trunk/java/org/apache/catalina/realm/RealmBase.java?r1=1377892&r2=1377891&pathrev=1377892"
Expand All @@ -179,23 +189,15 @@
"url": "http://tomcat.apache.org/security-7.html"
},
{
"type": "WEB",
"url": "http://www.securityfocus.com/bid/56812"
},
{
"type": "WEB",
"url": "http://www.securitytracker.com/id?1027833"
},
{
"type": "WEB",
"url": "http://www.ubuntu.com/usn/USN-1685-1"
"type": "PACKAGE",
"url": "https://github.com/apache/tomcat"
}
],
"database_specific": {
"cwe_ids": [

"CWE-287"
],
"severity": "MODERATE",
"github_reviewed": false
"github_reviewed": true
}
}

0 comments on commit f4713bb

Please sign in to comment.