CVE-2016-0710: Apache Jetspeed vulnerable to SQL Injection
(updated )
Multiple SQL injection vulnerabilities in the User Manager service in Apache Jetspeed before 2.3.1 allow remote attackers to execute arbitrary SQL commands via the (1) role or (2) user parameter to services/usermanager/users/.
References
- github.com/advisories/GHSA-88f6-79x2-xqf3
- mail-archives.apache.org/mod_mbox/portals-jetspeed-user/201603.mbox/%3C046318A1-226E-453F-9394-B84F1A33E6A4%40bluesunrise.com%3E
- mail-archives.apache.org/mod_mbox/portals-jetspeed-user/201603.mbox/%3C046318A1-226E-453F-9394-B84F1A33E6A4@bluesunrise.com%3E
- nvd.nist.gov/vuln/detail/CVE-2016-0710
- portals.apache.org/jetspeed-2/security-reports.html
- www.exploit-db.com/exploits/39643
Code Behaviors & Features
Detect and mitigate CVE-2016-0710 with GitLab Dependency Scanning
Secure your software supply chain by verifying that all open source dependencies used in your projects contain no disclosed vulnerabilities. Learn more about Dependency Scanning →