[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[CVE-2012-1622] Apache OFBiz information disclosure vulnerability

To: security@xxxxxxxxxx, Ofbiz User ML <user@xxxxxxxxxxxxxxxx>, dev@xxxxxxxxxxxxxxxx, full-disclosure@xxxxxxxxxxxxxxxxx, bugtraq@xxxxxxxxxxxxxxxxx
Subject: [CVE-2012-1622] Apache OFBiz information disclosure vulnerability
From: Jacopo Cappellato <jacopoc@xxxxxxxxxx>
Date: Sun, 15 Apr 2012 15:34:02 +0200

CVE-2012-1622: Apache OFBiz 10.04 and later allows remote attackers to execute 
arbitrary code via unspecified vectors

Severity: Critical

Vendor:
The Apache Software Foundation - Apache OFBiz

======Versions Affected======

Apache OFBiz 10.04 (also known as 10.04.01)

======Description======

Apache OFBiz 10.04 and later allows remote attackers to execute arbitrary code 
via unspecified vectors

====== Mitigation======

10.04 users should upgrade to 10.04.02

======Credit======

This issue was discovered by Jacopo Cappellato, Apache OFBiz project

Attachment: signature.asc
Description: Message signed with OpenPGP using GPGMail

Prev by Date: [CVE-2012-1621] Apache OFBiz information disclosure vulnerability
Next by Date: FastPath Webchat | Multiple Cross Site Scripting Vulnerabilities
Previous by thread: [CVE-2012-1621] Apache OFBiz information disclosure vulnerability
Next by thread: FastPath Webchat | Multiple Cross Site Scripting Vulnerabilities
Index(es):
- Date
- Thread