Lucene search

Veracode Vulnerability DatabaseVERACODE:6246

HistoryMay 08, 2018 - 5:55 a.m.

Insecure Defaults

2018-05-0805:55:18

Veracode Vulnerability Database

sca.analysiscenter.veracode.com

0.001 Low

EPSS

Percentile

48.9%

JSON

Apache Derby is vulnerable to insecure defaults. An attacker can send network packets to a Derby Network Server to maliciously boot a database under their control control. The attack is only possible when the Java Security Manager policy file permits the reading of database locations, which is the default configuration in affected versions.

CPENameOperatorVersion
apache derby network serverle10.14.1.0
apache derby network serverle10.14.1.0

CPE	Name	Operator	Version
	apache derby network server	le	10.14.1.0
	apache derby network server	le	10.14.1.0

References

www.securityfocus.com/bid/104140

issues.apache.org/jira/browse/DERBY-6986

lists.apache.org/thread.html/519eb0fd45642dcecd9ff74cb3e71c20a4753f7d82e2f07864b5108f@%3Cdev.drill.apache.org%3E

lists.apache.org/thread.html/b0656d359c7d40ec9f39c8cc61bca66802ef9a2a12ee199f5b0c1442@%3Cdev.drill.apache.org%3E

lists.apache.org/thread.html/f9bc3e55f4e28d1dcd1a69aae6d53e609a758e34d2869b4d798e13cc@%3Cissues.drill.apache.org%3E

lists.apache.org/thread.html/r437d94437e6aef31af689b1e7025d024d676fd1ea9901d74e3e9ae48@%3Cissues.hive.apache.org%3E

lists.apache.org/thread.html/r6755f48d4f5e44e39bba7dbf8d746678239d7f1f2cc108125519ce53@%3Cissues.hive.apache.org%3E

lists.apache.org/thread.html/re29ab90978e6c997377fb975f674f7514f6beb642bbf79deb45477e5@%3Cdev.hive.apache.org%3E

markmail.org/message/akkappppxcdqrgxk

www.linkedin.com/in/gregorydraperi/?locale=en_US

www.oracle.com/technetwork/security-advisory/cpujan2019-5072801.html

0.001 Low

EPSS

Percentile

48.9%

JSON

Related for VERACODE:6246