SecurityTracker.com
    Home    |    View Topics    |    Search    |    Contact Us    |   

SecurityTracker
Archives


 


Category:   Application (Commerce)  >   Apache OFBiz Vendors:   Apache Software Foundation
Apache OFBiz Unspecified Flaw Lets Remote Users Execute Arbitrary Code
SecurityTracker Alert ID:  1026928
SecurityTracker URL:  http://securitytracker.com/id/1026928
CVE Reference:   CVE-2012-1622   (Links to External Site)
Date:  Apr 17 2012
Impact:   Execution of arbitrary code via network, User access via network
Fix Available:  Yes  Vendor Confirmed:  Yes  
Version(s): 10.04.01
Description:   A vulnerability was reported in Apache OFBiz. A remote user can execute arbitrary code on the target system.

No details were provided.

Jacopo Cappellato, Apache OFBiz project, reported this vulnerability.

Impact:   A remote user can execute arbitrary code on the target system.
Solution:   The vendor has issued a fix (10.04.02).
Vendor URL:  ofbiz.apache.org/ (Links to External Site)
Cause:   Not specified
Underlying OS:  Linux (Any), UNIX (Any), Windows (Any)

Message History:   None.


 Source Message Contents

Subject:  [CVE-2012-1622] Apache OFBiz information disclosure vulnerability

--Apple-Mail=_99F55024-B832-4266-8770-4E92B719D02C
Content-Transfer-Encoding: quoted-printable
Content-Type: text/plain;
	charset=us-ascii

CVE-2012-1622: Apache OFBiz 10.04 and later allows remote attackers to =
execute arbitrary code via unspecified vectors

Severity: Critical

Vendor:
The Apache Software Foundation - Apache OFBiz

=3D=3D=3D=3D=3D=3DVersions Affected=3D=3D=3D=3D=3D=3D

Apache OFBiz 10.04 (also known as 10.04.01)

=3D=3D=3D=3D=3D=3DDescription=3D=3D=3D=3D=3D=3D

Apache OFBiz 10.04 and later allows remote attackers to execute =
arbitrary code via unspecified vectors

=3D=3D=3D=3D=3D=3D Mitigation=3D=3D=3D=3D=3D=3D

10.04 users should upgrade to 10.04.02

=3D=3D=3D=3D=3D=3DCredit=3D=3D=3D=3D=3D=3D

This issue was discovered by Jacopo Cappellato, Apache OFBiz project=

--Apple-Mail=_99F55024-B832-4266-8770-4E92B719D02C
Content-Transfer-Encoding: 7bit
Content-Disposition: attachment;
	filename=signature.asc
Content-Type: application/pgp-signature;
	name=signature.asc
Content-Description: Message signed with OpenPGP using GPGMail

-----BEGIN PGP SIGNATURE-----
Version: GnuPG/MacGPG2 v2.0.14 (Darwin)

iQIcBAEBAgAGBQJPis5KAAoJEHpYCQiEevngkJIP/04x7FympWvcFm22aA2nv7eX
v6iL8D9VP8uy3EeClARr1WeiB/7iOHCpqWDH/e1e2UnKdN2qH89KacXS21X+Agfs
XnB1kHtolKpj8/3c1M1ZXu3cYTTAEuM1Ljfp0F2dUO6A7XhnbF05aJhXIWzC75iX
pmhvvHblgq0m1DInEHCP3o4xIYMOhwdXlH7ATcQFXohT4pQ9ZDq1awm3qTp1QFZ0
qvKy65/yIijq6LtqMJBu8eqWEueX0CDD2BcwVLavAtojJVbvTRc2xc4GxgfQv4xa
cDX152Lv5aXeujzFz2auddx9/lYlUSiOw5deO6lH8I7s4XLcG8XY5CCImX0zs9zn
8bUx7blFLmDZWdNxv2XxiX7vy8IlZp+Saul/mQMJUCtD8QY3/Ex7m1p504k6eMNM
v4sZGV0Qv1opCLgQt5Twr2ylaPJyuf2+rhaFbRX0lX4AfQFBZhoKhjOSXJLnsRhq
OoZ610OyqOiXbvJJm5Bg6lB1gK9N2LkOXYMI1qY005Ry2ZSLKVIBHfc39rhleueC
tYVSGaahu89Gip863Zxvj7EIhXx8kRrtoLBg8/v20Le4cNNOaGklolemTEqbTnkq
T3CzAjNWJM6Cs12QwrjdTpj8bGjogoTw7dci+k8joR2rgyhLs8nh/tr2jySX/RAL
0SXUKYG649BA2ZIk18vK
=oXpM
-----END PGP SIGNATURE-----

--Apple-Mail=_99F55024-B832-4266-8770-4E92B719D02C--
 
 


Go to the Top of This SecurityTracker Archive Page





Home   |    View Topics   |    Search   |    Contact Us

This web site uses cookies for web analytics. Learn More

Copyright 2021, SecurityGlobal.net LLC