Authenticated File Read Vulnerability in JasperReports (CVE-2018-5430)
In Summary : The process in auditing publicly accessible application is to review the reported CVE and security disclosure history, looki...
https://updatesinfosec.blogspot.com/2018/05/authenticated-file-read-vulnerability.html
In Summary :
The process in auditing publicly accessible application is to review the reported CVE and security disclosure history, looking for any areas of interest or current vulnerabilities that an adversary could leverage. Fortunately, this installation was using the latest version of the software. This provided our researchers with the opportunity to download the Community Edition (CE) and begin our work there. JasperReports is written in Java, and part of our app [...]
kindly refer the following link as follow up :
https://ift.tt/2rkUGef
The process in auditing publicly accessible application is to review the reported CVE and security disclosure history, looking for any areas of interest or current vulnerabilities that an adversary could leverage. Fortunately, this installation was using the latest version of the software. This provided our researchers with the opportunity to download the Community Edition (CE) and begin our work there. JasperReports is written in Java, and part of our app [...]
kindly refer the following link as follow up :
https://ift.tt/2rkUGef
