The Vigil@nce team watches public vulnerabilities impacting your computers, and then offers security solutions, a vigilance database and tools to fix them.

Computer vulnerabilities of MuleSoft Mule ESB

Jetty: information disclosure via Timing Channel Attack
An attacker can bypass access restrictions to data via Timing Channel Attack of Jetty, in order to obtain sensitive information...
CVE-2017-9735, DLA-1020-1, DLA-1021-1, FEDORA-2017-03954b6dc4, FEDORA-2017-1206f87545, VIGILANCE-VUL-23170, ZOOKEEPER-2952
Mule Runtime: privilege escalation via OAuth/PingFederate
An attacker can bypass restrictions via OAuth/PingFederate of Mule Runtime, in order to escalate his privileges...
VIGILANCE-VUL-23126
MuleSoft Mule ESB: external XML entity injection
An attacker can transmit malicious XML data to MuleSoft Mule ESB, in order to read a file, scan sites, or trigger a denial of service...
VIGILANCE-VUL-22309
MuleSoft Mule ESB: multiple vulnerabilities
An attacker can use several vulnerabilities of MuleSoft Mule ESB...
VIGILANCE-VUL-21634
Mule: external XML entity injection
An attacker can transmit malicious XML data to Mule, in order to read a file, scan sites, or trigger a denial of service...
VIGILANCE-VUL-20847
xmlsec: vulnerability
A vulnerability of xmlsec was announced...
VIGILANCE-VUL-19757
Apache Commons Collections: code execution via InvokerTransformer
An attacker can send a malicious serialized Gadget Chain object to a Java application using Apache Commons Collections, in order to run shell code...
1119363, 1610582, 1970575, 1971370, 1971531, 1971533, 1971751, 1972261, 1972373, 1972565, 1972794, 1972839, 2011281, 7014463, 7022958, 9010052, BSA-2016-004, bulletinjul2016, c04953244, c05050545, c05206507, c05325823, c05327447, CERTFR-2015-AVI-484, CERTFR-2015-AVI-555, cisco-sa-20151209-java-deserialization, COLLECTIONS-580, cpuapr2017, cpuapr2018, cpujan2017, cpujan2018, cpujul2017, cpuoct2016, cpuoct2017, cpuoct2018, CVE-2015-4852, CVE-2015-6420, CVE-2015-6934, CVE-2015-7420-ERROR, CVE-2015-7450, CVE-2015-7501, CVE-2015-8545, CVE-2015-8765, CVE-2016-1985, CVE-2016-1997, CVE-2016-4373, CVE-2016-4398, DSA-3403-1, HPSBGN03542, HPSBGN03560, HPSBGN03630, HPSBGN03656, HPSBGN03670, JSA10838, NTAP-20151123-0001, RHSA-2015:2500-01, RHSA-2015:2501-01, RHSA-2015:2502-01, RHSA-2015:2516-01, RHSA-2015:2517-01, RHSA-2015:2521-01, RHSA-2015:2522-01, RHSA-2015:2523-01, RHSA-2015:2524-01, RHSA-2015:2534-01, RHSA-2015:2535-01, RHSA-2015:2536-01, RHSA-2015:2537-01, RHSA-2015:2538-01, RHSA-2015:2539-01, RHSA-2015:2540-01, RHSA-2015:2541-01, RHSA-2015:2542-01, RHSA-2015:2547-01, RHSA-2015:2548-01, RHSA-2015:2556-01, RHSA-2015:2557-01, RHSA-2015:2559-01, RHSA-2015:2560-01, RHSA-2015:2578-01, RHSA-2015:2579-01, RHSA-2015:2670-01, RHSA-2015:2671-01, RHSA-2016:0040-01, RHSA-2016:0118-01, SA110, SB10144, SOL30518307, VIGILANCE-VUL-18294, VMSA-2015-0009, VMSA-2015-0009.1, VMSA-2015-0009.2, VMSA-2015-0009.3, VMSA-2015-0009.4, VU#576313
Bouncy Castle, Oracle Java: disclosure of elliptic curve private keys
An attacker can use a vulnerability in the elliptic curve implementation of Bouncy Castle and Oracle Java, in order to obtain sensitive information...
1968485, 1972455, 9010041, 9010044, BSA-2016-002, CERTFR-2019-AVI-325, cpuapr2018, cpuapr2020, cpujan2017, cpujan2018, cpujan2019, cpujul2015, cpujul2017, cpujul2018, cpuoct2017, CVE-2015-2613, CVE-2015-7940, DSA-3417-1, FEDORA-2015-7d95466eda, JSA10939, NTAP-20150715-0001, NTAP-20151028-0001, openSUSE-SU-2015:1911-1, RHSA-2016:2035-01, RHSA-2016:2036-01, USN-3727-1, VIGILANCE-VUL-18168
Apache HttpComponents HttpClient: denial of service via Timeout
An attacker owning a malicious server can stop responding, to block clients using Apache HttpComponents HttpClient, in order to trigger a denial of service...
1259892, 2015815, CST-7122, CST-7123, CST-7124, CST-7125, CST-7126, CST-7127, CST-7128, CST-7129, CST-7130, CST-7131, CVE-2015-5262, FEDORA-2015-15588, FEDORA-2015-15589, USN-2769-1, VIGILANCE-VUL-18023
OpenSAML Java: incomplete certificate validation
An attacker can use any valid certificate on a malicious server, and then invite an Apache HttpClient 3 to connect there, in order to spy communications even if encryption is used...
5695611, 5695629, 5695653, 5695851, 964764, CVE-2014-3603, FEDORA-2015-10175, FEDORA-2015-10235, VIGILANCE-VUL-17608
Our database contains other pages. You can request a free trial to read them.

Display information about MuleSoft Mule ESB: