[<prev] [next>] [day] [month] [year] [list]
Message-Id: <4F378887-E697-44E7-976C-48B9B7475C4D@apache.org>
Date: Sun, 15 Apr 2012 15:34:02 +0200
From: Jacopo Cappellato <jacopoc@...che.org>
To: security@...che.org, Ofbiz User ML <user@...iz.apache.org>,
dev@...iz.apache.org, full-disclosure@...ts.grok.org.uk,
bugtraq@...urityfocus.com
Cc: mmadou@...com
Subject: [CVE-2012-1622] Apache OFBiz information
disclosure vulnerability
CVE-2012-1622: Apache OFBiz 10.04 and later allows remote attackers to execute arbitrary code via unspecified vectors
Severity: Critical
Vendor:
The Apache Software Foundation - Apache OFBiz
======Versions Affected======
Apache OFBiz 10.04 (also known as 10.04.01)
======Description======
Apache OFBiz 10.04 and later allows remote attackers to execute arbitrary code via unspecified vectors
====== Mitigation======
10.04 users should upgrade to 10.04.02
======Credit======
This issue was discovered by Jacopo Cappellato, Apache OFBiz project
Download attachment "signature.asc" of type "application/pgp-signature" (842 bytes)
_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/
Powered by blists - more mailing lists