腾讯网

Apache Jackrabbit最新漏洞可导致JNDI注入与远程代码执行

Apache软件基金会近日披露了Apache Jackrabbit Core和JCR Commons组件中的一个重要漏洞(编号CVE-2025-58782)。该漏洞影响1.0.0至2.22.1版本,当系统使用JndiRepositoryFactory时,可能引发JNDI(Java命名和目录接口)注入风险。 根据官方邮件列表披露:"接受来自不可信用户的JNDI URI ...
ZDNet

JFrog researchers find JNDI vulnerability in H2 database consoles similar to Log4Shell

In a blog post, the company said that CVE-2021-42392 should not be as widespread as Log4Shell, even though it is a critical issue with a similar root cause. JFrog explained that the Java Naming and ...
eWeek

HPE Warns of JNDI Java Injection Flaws

eSpeaks’ Corey Noles talks with Rob Israch, President of Tipalti, about what it means to lead with Global-First Finance and how companies can build scalable, compliant operations in an increasingly ...
GIGAZINE

Why does the vulnerability 'Log4Shell (CVE-2021-44228)' found in Java's Log4j library have ...

A version of Apache Log4j, a Java log output library, that fixes the zero-day vulnerability 'CVE-2021-44228 ', commonly known as ' Log4Shell ', for remote code execution will be released on December ...
TheServerSide

Intercepting JNDI Filters

Suppose you have an existing J2EE application with EJB's, RMI objects, JMS destinations and other objects bound into a JNDI registry. During the course of the project ...
CSOonline

Apache Log4j vulnerability actively exploited, impacting millions of Java-based apps

The vulnerability affects not only Java-based applications and services that use the library directly, but also many other popular Java components and development frameworks that rely on it. Attackers ...
InfoWorld

J2EE or J2SE? JNDI works with both

JNDI, the Java Naming and Directory Interface, allows applications to access various naming and directory services via a common interface. The figure below shows the JNDI architecture. Like JDBC (Java ...