by

August 22, 2018

Vulnerability Notification: Jenkins CI Server getOrCreate Policy Bypass

[Overview] Jenkins is an open source, continuous integration and delivery application based on Java development that runs in a Servlet container. Jenkins allows developers to automate the build process using Apache Ant, Apache Maven, and Shell scripts, allowing developers to focus more on business implementation. [Vulnerability Details] CVE-2018-1999001: The vulnerability is caused by the getOrCreate()…
More
Share
Tweet
Pin
Share5
5 Shares
by

August 6, 2018

Vulnerability Notification: Oracle WebLogic Server Activator Insecure Deserialization

[Overview] WebLogic Server is a Java application server platform for developing, integrating, deploying, and managing large distributed Web applications and database applications. Recently, Oracle released an update patch to fix the WebLogic Server deserialization vulnerability. [Vulnerability Details] CVE-2018-2893: The vulnerability is caused by deserializing suspicious data in a T3 protocol request. An unauthorized attacker could…
More
Share
Tweet
Pin
Share
0 Shares