From owner-svn-ports-all@freebsd.org  Wed Nov 28 19:57:30 2018
Return-Path: <owner-svn-ports-all@freebsd.org>
Delivered-To: svn-ports-all@mailman.ysv.freebsd.org
Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1])
 by mailman.ysv.freebsd.org (Postfix) with ESMTP id A808C113BECC;
 Wed, 28 Nov 2018 19:57:30 +0000 (UTC) (envelope-from pi@FreeBSD.org)
Received: from mxrelay.nyi.freebsd.org (mxrelay.nyi.freebsd.org
 [IPv6:2610:1c1:1:606c::19:3])
 (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits))
 (Client CN "mxrelay.nyi.freebsd.org",
 Issuer "Let's Encrypt Authority X3" (verified OK))
 by mx1.freebsd.org (Postfix) with ESMTPS id 4B4D386865;
 Wed, 28 Nov 2018 19:57:30 +0000 (UTC) (envelope-from pi@FreeBSD.org)
Received: from repo.freebsd.org (repo.freebsd.org
 [IPv6:2610:1c1:1:6068::e6a:0])
 (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits))
 (Client did not present a certificate)
 by mxrelay.nyi.freebsd.org (Postfix) with ESMTPS id 228FB70F3;
 Wed, 28 Nov 2018 19:57:30 +0000 (UTC) (envelope-from pi@FreeBSD.org)
Received: from repo.freebsd.org ([127.0.1.37])
 by repo.freebsd.org (8.15.2/8.15.2) with ESMTP id wASJvTYw092012;
 Wed, 28 Nov 2018 19:57:29 GMT (envelope-from pi@FreeBSD.org)
Received: (from pi@localhost)
 by repo.freebsd.org (8.15.2/8.15.2/Submit) id wASJvTb7092011;
 Wed, 28 Nov 2018 19:57:29 GMT (envelope-from pi@FreeBSD.org)
Message-Id: <201811281957.wASJvTb7092011@repo.freebsd.org>
X-Authentication-Warning: repo.freebsd.org: pi set sender to pi@FreeBSD.org
 using -f
From: Kurt Jaeger <pi@FreeBSD.org>
Date: Wed, 28 Nov 2018 19:57:29 +0000 (UTC)
To: ports-committers@freebsd.org, svn-ports-all@freebsd.org,
 svn-ports-head@freebsd.org
Subject: svn commit: r486144 - head/security/vuxml
X-SVN-Group: ports-head
X-SVN-Commit-Author: pi
X-SVN-Commit-Paths: head/security/vuxml
X-SVN-Commit-Revision: 486144
X-SVN-Commit-Repository: ports
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit
X-Rspamd-Queue-Id: 4B4D386865
X-Spamd-Result: default: False [1.29 / 15.00];
 local_wl_from(0.00)[FreeBSD.org];
 NEURAL_SPAM_SHORT(0.37)[0.369,0];
 NEURAL_SPAM_MEDIUM(0.37)[0.366,0];
 NEURAL_SPAM_LONG(0.55)[0.554,0];
 ASN(0.00)[asn:11403, ipnet:2610:1c1:1::/48, country:US]
X-Rspamd-Server: mx1.freebsd.org
X-BeenThere: svn-ports-all@freebsd.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: SVN commit messages for the ports tree <svn-ports-all.freebsd.org>
List-Unsubscribe: <https://lists.freebsd.org/mailman/options/svn-ports-all>,
 <mailto:svn-ports-all-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/svn-ports-all/>
List-Post: <mailto:svn-ports-all@freebsd.org>
List-Help: <mailto:svn-ports-all-request@freebsd.org?subject=help>
List-Subscribe: <https://lists.freebsd.org/mailman/listinfo/svn-ports-all>,
 <mailto:svn-ports-all-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Wed, 28 Nov 2018 19:57:31 -0000

Author: pi
Date: Wed Nov 28 19:57:29 2018
New Revision: 486144
URL: https://svnweb.freebsd.org/changeset/ports/486144

Log:
  security/vuxml: document www/payara vulnerabilities
  
  PR:		233573
  Submitted by:	Dmytro Bilokha <dmytro@posteo.net>

Modified:
  head/security/vuxml/vuln.xml

Modified: head/security/vuxml/vuln.xml
==============================================================================
--- head/security/vuxml/vuln.xml	Wed Nov 28 19:22:56 2018	(r486143)
+++ head/security/vuxml/vuln.xml	Wed Nov 28 19:57:29 2018	(r486144)
@@ -58,6 +58,169 @@ Notes:
   * Do not forget port variants (linux-f10-libxml2, libxml2, etc.)
 -->
 <vuxml xmlns="http://www.vuxml.org/apps/vuxml-1">
+  <vuln vid="93f8e0ff-f33d-11e8-be46-0019dbb15b3f">
+    <topic>payara -- Default typing issue in Jackson Databind</topic>
+    <affects>
+      <package>
+	<name>payara</name>
+	<range><eq>4.1.2.181.3</eq></range>
+	<range><eq>4.1.2.182</eq></range>
+	<range><eq>5.181.3</eq></range>
+	<range><eq>5.182</eq></range>
+      </package>
+    </affects>
+    <description>
+      <body xmlns="http://www.w3.org/1999/xhtml">
+	<blockquote cite="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-7489">
+	  <p>FasterXML jackson-databind before 2.8.11.1 and 2.9.x before
+	    2.9.5 allows unauthenticated remote code execution because of
+	    an incomplete fix for the CVE-2017-7525 deserialization flaw.
+	    This is exploitable by sending maliciously crafted JSON input
+	    to the readValue method of the ObjectMapper, bypassing a
+	    blacklist that is ineffective if the c3p0 libraries are
+	    available in the classpath.</p>
+	</blockquote>
+      </body>
+    </description>
+    <references>
+      <url>https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-7489</url>
+      <cvename>CVE-2018-7489</cvename>
+    </references>
+    <dates>
+      <discovery>2018-02-26</discovery>
+      <entry>2018-11-28</entry>
+    </dates>
+  </vuln>
+
+  <vuln vid="22bc5327-f33f-11e8-be46-0019dbb15b3f">
+    <topic>payara -- Code execution via crafted PUT requests to JSPs</topic>
+    <affects>
+      <package>
+	<name>payara</name>
+	<range><eq>4.1.2.174</eq></range>
+      </package>
+    </affects>
+    <description>
+      <body xmlns="http://www.w3.org/1999/xhtml">
+	<blockquote cite="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-12615">
+	  <p>When running Apache Tomcat 7.0.0 to 7.0.79 on Windows with HTTP
+	    PUTs enabled (e.g. via setting the readonly initialisation
+	    parameter of the Default to false) it was possible to upload a
+	    JSP file to the server via a specially crafted request. This
+	    JSP could then be requested and any code it contained would be
+	    executed by the server.</p>
+	</blockquote>
+      </body>
+    </description>
+    <references>
+      <url>https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-12615</url>
+      <cvename>CVE-2017-12615</cvename>
+    </references>
+    <dates>
+      <discovery>2017-08-07</discovery>
+      <entry>2018-11-28</entry>
+    </dates>
+  </vuln>
+
+  <vuln vid="d70c9e18-f340-11e8-be46-0019dbb15b3f">
+    <topic>payara -- Multiple vulnerabilities</topic>
+    <affects>
+      <package>
+	<name>payara</name>
+	<range><eq>4.1.2.173</eq></range>
+      </package>
+    </affects>
+    <description>
+      <body xmlns="http://www.w3.org/1999/xhtml">
+	<blockquote cite="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1000031">
+	  <p>Apache Commons FileUpload before 1.3.3
+	    DiskFileItem File Manipulation Remote Code Execution.</p>
+	</blockquote>
+	<blockquote cite="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-3239">
+	  <p>Vulnerability in the Oracle GlassFish Server component of
+	    Oracle Fusion Middleware (subcomponent: Administration).
+	    Supported versions that are affected are 3.0.1 and 3.1.2.
+	    Easily exploitable vulnerability allows low privileged attacker
+	    with logon to the infrastructure where Oracle GlassFish Server
+	    executes to compromise Oracle GlassFish Server. Successful
+	    attacks of this vulnerability can result in unauthorized read
+	    access to a subset of Oracle GlassFish Server accessible data.
+	    CVSS v3.0 Base Score 3.3 (Confidentiality impacts).</p>
+	</blockquote>
+	<blockquote cite="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-3247">
+	  <p>Vulnerability in the Oracle GlassFish Server component of Oracle
+	  Fusion Middleware (subcomponent: Core). Supported versions that
+	  are affected are 2.1.1, 3.0.1 and 3.1.2. Easily exploitable
+	  vulnerability allows unauthenticated attacker with network access
+	  via SMTP to compromise Oracle GlassFish Server. Successful
+	  attacks require human interaction from a person other than the
+	  attacker. Successful attacks of this vulnerability can result in
+	  unauthorized update, insert or delete access to some of Oracle
+	  GlassFish Server accessible data. CVSS v3.0 Base Score 4.3
+	  (Integrity impacts).</p>
+	</blockquote>
+	<blockquote cite="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-3249">
+	  <p>Vulnerability in the Oracle GlassFish Server component of
+	    Oracle Fusion Middleware (subcomponent: Security). Supported
+	    versions that are affected are 2.1.1, 3.0.1 and 3.1.2.
+	    Easily exploitable vulnerability allows unauthenticated attacker
+	    with network access via LDAP to compromise Oracle GlassFish Server.
+	    Successful attacks of this vulnerability can result in unauthorized
+	    update, insert or delete access to some of Oracle GlassFish Server
+	    accessible data as well as unauthorized read access to a subset of
+	    Oracle GlassFish Server accessible data and unauthorized ability
+	    to cause a partial denial of service (partial DOS) of Oracle
+	    GlassFish Server. CVSS v3.0 Base Score 7.3 (Confidentiality,
+	    Integrity and Availability impacts).</p>
+	</blockquote>
+	<blockquote cite="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-3250">
+	  <p>Vulnerability in the Oracle GlassFish Server component of Oracle
+	    Fusion Middleware (subcomponent: Security). Supported versions that
+	    are affected are 2.1.1, 3.0.1 and 3.1.2. Easily exploitable
+	    vulnerability allows unauthenticated attacker with network access
+	    via HTTP to compromise Oracle GlassFish Server. Successful attacks
+	    of this vulnerability can result in unauthorized update, insert or
+	    delete access to some of Oracle GlassFish Server accessible data as
+	    well as unauthorized read access to a subset of Oracle GlassFish
+	    Server accessible data and unauthorized ability to cause a partial
+	    denial of service (partial DOS) of Oracle GlassFish Server.
+	    CVSS v3.0 Base Score 7.3 (Confidentiality, Integrity and
+	    Availability impacts).</p>
+	</blockquote>
+	<blockquote cite="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-5528">
+	  <p>Vulnerability in the Oracle GlassFish Server component of Oracle
+	    Fusion Middleware (subcomponent: Security). Supported versions that
+	    are affected are 2.1.1, 3.0.1 and 3.1.2. Difficult to exploit
+	    vulnerability allows unauthenticated attacker with network access
+	    via multiple protocols to compromise Oracle GlassFish Server. While
+	    the vulnerability is in Oracle GlassFish Server, attacks may
+	    significantly impact additional products. Successful attacks of this
+	    vulnerability can result in takeover of Oracle GlassFish Server.
+	    CVSS v3.0 Base Score 9.0 (Confidentiality, Integrity and
+	    Availability impacts).</p>
+	</blockquote>
+      </body>
+    </description>
+    <references>
+      <url>http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1000031</url>
+      <cvename>CVE-2016-1000031</cvename>
+      <url>https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-3239</url>
+      <cvename>CVE-2017-3239</cvename>
+      <url>https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-3247</url>
+      <cvename>CVE-2017-3247</cvename>
+      <url>https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-3249</url>
+      <cvename>CVE-2017-3249</cvename>
+      <url>https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-3250</url>
+      <cvename>CVE-2017-3250</cvename>
+      <url>https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-5528</url>
+      <cvename>CVE-2016-5528</cvename>
+    </references>
+    <dates>
+      <discovery>2016-06-16</discovery>
+      <entry>2018-11-28</entry>
+    </dates>
+  </vuln>
+
   <vuln vid="8a4aba2d-f33e-11e8-9416-001b217b3468">
     <topic>Gitlab -- Multiple vulnerabilities</topic>
     <affects>