{"uuid": "6238bd5d-1aef-4775-8510-1d1816cd1b8e", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2018-1304", "type": "published-proof-of-concept", "source": "https://t.me/CyberSecurityTechnologies/204", "content": "#exploit\n1. CVE-2018-1304:\nSecurity constraints defined by annotations of Servlets in Apache Tomcat 9.0.0.M1-9.0.4, 8.5.0-8.5.27, 8.0.0.RC1-8.0.49, 7.0.0-7.0.84 were only applied once a Servlet had been loaded. Because security constraints defined in this way apply to the URL pattern and any URLs below that point, it was possible - depending on the order Servlets were loaded - for some security constraints not to be applied. This could have exposed resources to users who were not authorised to access them\nhttps://github.com/knqyf263/CVE-2018-1304\nhttps://github.com/thariyarox/tomcat_CVE-2018-1304_testing \n\n2. CVE-2018-1306:\nThe PortletV3AnnotatedDemo Multipart Portlet war file code provided in Apache Pluto 3.0.0 could allow a remote attacker to obtain sensitive information, caused by the failure to restrict path information provided during a file upload\nhttps://github.com/JJSO12/Apache-Pluto-3.0.0--CVE-2018-1306 \n\n3. CVE-2018-1313:\nIn Apache Derby 10.3.1.4-10.14.1.0, a specially-crafted network packet can be used to request the Derby Network Server to boot a database whose location and contents are under the user's control\nhttps://github.com/tafamace/CVE-2018-1313", "creation_timestamp": "2022-06-18T11:47:22.000000Z"}