This can be used to execute arbitrary code on the machine.
The WebDriver endpoint of Selenium Server (Grid) is vulnerable to DNS rebinding.
The attack vector is: Triggered by browsing to to a malicious remote web server. The component is: WebDriver endpoint of Selenium Grid / Selenium Standalone Server. The impact is: execute arbitrary code (remote). Selenium Selenium Grid (formerly Selenium Standalone Server) Fixed in 4.0.0-alpha-7 is affected by: DNS rebinding. This affects WSO2 API Manager 2.2.0 and above through 4.0.0 WSO2 Identity Server 5.2.0 and above through 5.11.0 WSO2 Identity Server Analytics 5.4.0, 5.4.1, 5.5.0, and 5.6.0 WSO2 Identity Server as Key Manager 5.3.0 and above through 5.10.0 and WSO2 Enterprise Integrator 6.2.0 and above through 6.6.0.
/././repository/deployment/server/webapps directory. The attacker must use a /fileupload endpoint with a Content-Disposition directory traversal sequence to reach a directory under the web root, such as a. A reflected XSS issue exists in the Management Console of several WSO2 products.
0 kommentar(er)
