Severity:
Important
Vendor:
The Apache Software Foundation
Versions Affected:
OFBiz 16.11.01 to 16.11.05
Description:
The java.io.ObjectInputStream is known to cause Java serialisation issues.
This issue here is exposed by the "webtools/control/httpService" URL,
and uses Java deserialization to
Severity:
Important
Vendor:
The Apache Software Foundation
Versions Affected:
OFBiz 16.11.01 to 16.11.05
Description:
The OFBiz HTTP engine (org.apache.ofbiz.service.engine.HttpEngine.java)
handles requests for HTTP services via the /webtools/control/httpService
endpoint. This service takes
Severity:
Important
Vendor:
The Apache Software Foundation
Versions Affected:
OFBiz 16.11.01 to 16.11.05
An RCE is possible by entering Freemarker markup in an OFBiz Form Widget
textarea field when encoding has been disabled on such a field. This was
the case for the Customer Request "story"
Severity:
Important
Vendor:
The Apache Software Foundation
Versions Affected:
OFBiz 16.11.01 to 16.11.05
Description:
The "Blog", "Forum", "Contact Us" screens of the template "ecommerce"
application bundled in Apache OFBiz are weak to Stored XSS attacks.
Mitigation:
Upgrade to 16.11.06
or
The Apache OFBiz community is pleased to announce the new release "Apache
OFBiz 16.11.06".
Apache OFBiz® is an open source product for the automation of enterprise
processes that includes framework components and business applications.
http://ofbiz.apache.org/
"Apache OFBiz 16.11.06" is the
Hi all,
Since I increase the sensibility of error message [1], we have on
different screen that take some time to rendering an error throw due to
transaction timeout.
By default each screen is rendering with the default timeout (60s) that
isn't enough when you have big data compilation or