腾讯网

Apache Jackrabbit最新漏洞可导致JNDI注入与远程代码执行

Apache软件基金会近日披露了Apache Jackrabbit Core和JCR Commons组件中的一个重要漏洞(编号CVE-2025-58782)。该漏洞影响1.0.0至2.22.1版本,当系统使用JndiRepositoryFactory时,可能引发JNDI(Java命名和目录接口)注入风险。 根据官方邮件列表披露:"接受来自不可信用户的JNDI URI ...
eWeek

HPE Warns of JNDI Java Injection Flaws

eSpeaks’ Corey Noles talks with Rob Israch, President of Tipalti, about what it means to lead with Global-First Finance and how companies can build scalable, compliant operations in an increasingly ...
InfoWorld

J2EE or J2SE? JNDI works with both

JNDI, the Java Naming and Directory Interface, allows applications to access various naming and directory services via a common interface. The figure below shows the JNDI architecture. Like JDBC (Java ...
TheServerSide

Intercepting JNDI Filters

Suppose you have an existing J2EE application with EJB's, RMI objects, JMS destinations and other objects bound into a JNDI registry. During the course of the project ...
GIGAZINE

Why does the vulnerability 'Log4Shell (CVE-2021-44228)' found in Java's Log4j library have ...

A version of Apache Log4j, a Java log output library, that fixes the zero-day vulnerability 'CVE-2021-44228 ', commonly known as ' Log4Shell ', for remote code execution will be released on December ...