[Full-disclosure] [CVE-2012-1622] Apache OFBiz information disclosure vulnerability
Jacopo Cappellato
jacopoc at apache.org
Sun Apr 15 14:34:02 BST 2012
CVE-2012-1622: Apache OFBiz 10.04 and later allows remote attackers to execute arbitrary code via unspecified vectors
Severity: Critical
Vendor:
The Apache Software Foundation - Apache OFBiz
======Versions Affected======
Apache OFBiz 10.04 (also known as 10.04.01)
======Description======
Apache OFBiz 10.04 and later allows remote attackers to execute arbitrary code via unspecified vectors
====== Mitigation======
10.04 users should upgrade to 10.04.02
======Credit======
This issue was discovered by Jacopo Cappellato, Apache OFBiz project
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 841 bytes
Desc: Message signed with OpenPGP using GPGMail
Url : http://lists.grok.org.uk/pipermail/full-disclosure/attachments/20120415/ee6916d8/attachment-0001.bin
Full-Disclosure is hosted and sponsored by Secunia.