CVE-2020-5902 | CVE-2020-5902 BIG-IP
kandi X-RAY | CVE-2020-5902 Summary
kandi X-RAY | CVE-2020-5902 Summary
CVE-2020-5902 BIG-IP
Support
Quality
Security
License
Reuse
Top functions reviewed by kandi - BETA
- Display the servlet
- Run tmsh command
- Is the user authorized?
- Check whether the Csrf is valid
- Display the jsp web service
- Checks if the file is whitelisted
- Determines if a file can be accessed
- Read a JSON object from a file
- Display the service
- Lists a directory recursively
- Lists a directory and its contents
- Display jsp service
- Save a file
- Query a database query
- Adds items to a row
- Get the ExpressionFactory
- Returns the instance manager
CVE-2020-5902 Key Features
CVE-2020-5902 Examples and Code Snippets
Community Discussions
Trending Discussions on CVE-2020-5902
QUESTION
I'm trying to access the deserialize static method within the hsqldb (2.5.1) InOutUtil class. When I run it, java -cp hsqldb.jar:. testcode
I get:
...ANSWER
Answered 2020-Aug-06 at 00:29The exploit you linked to refers to HSQLDB version 1.8.0 which has been obsolete since the release of version 2.0 in 2010. However, aspects of the the security framework remain the same up to the latest version of HyperSQL.
A database user with even the DBA credentials cannot execute any arbitrary static method that happens to be in the classpath of the database server. A sysadmin who starts the database server can issue an allow-list of the specific static methods that are allowed to run as callable procedures, using the
hsqldb.method_class_names
Java System property with the list. See: http://hsqldb.org/doc/2.0/guide/sqlroutines-chapt.html#src_jrt_access_controlThe listed safe static methods can then be turned into SQL callable procedures only by DBA credentials. EXECUTE privileges on the procedures are granted by the DBA.
Versions 2.x of HyperSQL generally improve upon the older security framework, for example allows secure password hash algorithms, password check and retention policies, including external authentication via LDAP and other frameworks.
Community Discussions, Code Snippets contain sources that include Stack Exchange Network
Vulnerabilities
No vulnerabilities reported
Install CVE-2020-5902
You can use CVE-2020-5902 like any standard Java library. Please include the the jar files in your classpath. You can also use any IDE and you can run and debug the CVE-2020-5902 component as you would do with any other Java program. Best practice is to use a build tool that supports dependency management such as Maven or Gradle. For Maven installation, please refer maven.apache.org. For Gradle installation, please refer gradle.org .
Support
Reuse Trending Solutions
Find, review, and download reusable Libraries, Code Snippets, Cloud APIs from over 650 million Knowledge Items
Find more librariesStay Updated
Subscribe to our newsletter for trending solutions and developer bootcamps
Share this Page