August 2018 - Hillstone Networks

August 22, 2018

Vulnerability Notification: Jenkins CI Server getOrCreate Policy Bypass

[Overview] Jenkins is an open source, continuous integration and delivery application based on Java development that runs in a Servlet container. Jenkins allows developers to automate the build process using Apache Ant, Apache Maven, and Shell scripts, allowing developers to focus more on business implementation. [Vulnerability Details] CVE-2018-1999001: The vulnerability is caused by the getOrCreate()…

by Zeyao Hu

August 6, 2018

Vulnerability Notification: Oracle WebLogic Server Activator Insecure Deserialization

[Overview] WebLogic Server is a Java application server platform for developing, integrating, deploying, and managing large distributed Web applications and database applications. Recently, Oracle released an update patch to fix the WebLogic Server deserialization vulnerability. [Vulnerability Details] CVE-2018-2893: The vulnerability is caused by deserializing suspicious data in a T3 protocol request. An unauthorized attacker could…

Month: August 2018

Vulnerability Notification: Jenkins CI Server getOrCreate Policy Bypass

Vulnerability Notification: Oracle WebLogic Server Activator Insecure Deserialization

Hillstone Networks News & Press