Uploaded image for project: 'Teiid'
  1. Teiid
  2. TEIID-3811

Teiid Embedded with remote JDBC susceptible to exploit with common-collections in classpath

    Details

    • Type: Quality Risk
    • Status: Closed (View Workflow)
    • Priority: Critical
    • Resolution: Done
    • Affects Version/s: None
    • Fix Version/s: 8.12.2, 8.13
    • Component/s: Embedded
    • Labels:
      None

      Description

      This issue is to add at least a documentation note warning against - http://foxglovesecurity.com/2015/11/06/what-do-weblogic-websphere-jboss-jenkins-opennms-and-your-application-have-in-common-this-vulnerability/

      While remote JDBC is not enabled by default and common-collections is not in the classpath it is possible that common-collections could be picked up from the environment.

        Gliffy Diagrams

          Attachments

            Activity

              People

              • Assignee:
                shawkins Steven Hawkins
                Reporter:
                shawkins Steven Hawkins
              • Votes:
                0 Vote for this issue
                Watchers:
                2 Start watching this issue

                Dates

                • Created:
                  Updated:
                  Resolved: