[SECURITY] CVE-2018-17186 Apache Syncope

[SECURITY] CVE-2018-17186 Apache Syncope

Apache, File, Users, Should, Upgrade, Definition, Entitlements, Releases, Workflow, Administrator, Prior, Credit, This, Any, Assign, Affected, Also, Solution, Discovered, Https, References, Syncope

CVE-2018-17186: XXE on BPMN definitionsDescription:An administrator with workflow definition entitlements can use DTD to


CVE-2018-17186: XXE on BPMN definitions
Description:
An administrator with workflow definition entitlements can use DTD to
perform malicious operations, including but not limited to file read,
file write, and code execution.
Severity: Medium
Vendor: The Apache Software Foundation
Affects:
Releases prior to 2.1.2
Releases prior to 2.0.11
The unsupported Releases 1.2.x may be also affected.
Solution:
2.0.X users should upgrade to 2.0.11
2.1.X users should upgrade to 2.1.2
Mitigation:
Do not assign workflow definition entitlements to any administrator.
Credit:
This issue was discovered by Kevin Borras Soler and Joan Bono.
References:
https://syncope.apache.org/security

Zdroj: Apache

2018-11-06 10:05:59 1629 428Facebook | Twitter | Google+ | LinkedIn
Web PHP developer Milan Jankovec

<Milan Jankovec> Full Stack Web Developer

Vytváram webové stránky a aplikácie na mieru. Čistý a validný HTML5 kód na každej platforme, moderné animované CSS3 štýly a neuveriteľné JavaScript kúzla. Bezpečný a rýchly PHP kód bez obmedzení s geniálnou architektúrou databáz.

Najčítanejšie články

What's New in MySQL 5.6 Release Candidate

The MySQL 5.6 Release Candidate is an aggregation of the previous MySQL 5.6 Development Milestone Releases (DMR) and provides a true functio... čítať viac

MySQL 5.6: Improvements in Thread Pool

MySQL Thread Pool has now been updated for the MySQL 5.6 version. Obviously, with the much higher concurrency of the MySQL Server in 5.6 its... čítať viac

DBA and Developer Guide to MySQL 5.6

MySQL is the most trusted and depended-on open source database platform in use today. As such, 9 out of the top 10 most popular and highly-t... čítať viac

MySQL Applier for Hadoop

To support the growing emphasis on real-time operations, MySQL is releasing a new MySQL Applier for Hadoop to enable the replication of even... čítať viac

MySQL Cluster 7.3 GA: Increasing Developer Flexibility and Simplicity

The MySQL team at Oracle are excited to announce the immediate availability of the MySQL Cluster 7.3 Development Milestone Release GA releas... čítať viac

MySQL Cluster Auto-Installer: Video Tutorial

Learn how easy it is to deploy a MySQL Cluster database that has been configured to best meet your applications needs within your environmen... čítať viac

MySQL Replication Utilities: Video Tutorial

Learn how to use MySQL 5.6 and the MySQL Utilities to setup, monitor and manage your MySQL replication topology. See how a single command ca... čítať viac

MySQL 5.6 Replication - Enabling the Next Generation of Web & Cloud Services

The new MySQL 5.6.5 Development Milestone Release (DMR) introduces a much anticipated feature - Global Transaction Identifiers (GTIDs) for M... čítať viac

Dnešný výber

vWishlist (Joomla)

Joomla extension vWishlist (Joomla). vWishlist is a unique extension for Virtuemart in which user can add their Favorite or like Product to ... čítať viac

Apache Jackrabbit Oak 1.2.23 released

The Apache Jackrabbit community is pleased to announce the release ofApache Jackrabbit Oak 1.2.23. The release is availa... čítať viac

Magento Masters Spotlight: Raphael Petrini

2017 was our second year of our new top contributor program: Magento Masters. Many of you ask what it takes to be a Magento Master, so we fi... čítať viac

First Public Working Draft: Web Annotation Protocol Published

The Web Annotation Working Group has published a Working Draft of Web Annotation Protocol. Annotations are typically used to convey informat... čítať viac

First Public Working Draft: Device Memory

The Web Performance Working Group has published a First Public Working Draft of Device Memory. This document defines a H... čítať viac

Joomla 2.5.20 aktualizácia uvoľnená!

Vývojový tím oznamuje uvoľnenie aktualizácie Joomla 2.5.20. V týchto verziách opravili množstvo bezpečnostných chýb a pridali niekoľko vylep... čítať viac

Facebook Groups Auto Poster (Joomla)

Je dostupné nové rozšírenie pre redakčný systém Joomla pod názvom Facebook Groups Auto Poster (Joomla). This add-on is the solution for auto... čítať viac

BM Slider Master For VirtueMart (Joomla)

Je dostupné nové rozšírenie pre redakčný systém Joomla pod názvom BM Slider Master For VirtueMart (Joomla). - This is what you need for slid... čítať viac