8 matches found
EUVD-2014-8016
Malware in sbrugna...
Console: HTTPOnly and Secure attributes not set on cookies in Red Hat AMQ
It was found that Hawtio console does not set HTTPOnly or Secure attributes on cookies. An attacker could use this flaw to rerieve an authenticated user's SessionID, and possibly conduct further attacks with the permissions of the authenticated user...
Console: HTTPOnly and Secure attributes not set on cookies in Red Hat AMQ
It was found that Hawtio console does not set HTTPOnly or Secure attributes on cookies. An attacker could use this flaw to rerieve an authenticated user's SessionID, and possibly conduct further attacks with the permissions of the authenticated user...
Red Hat JBoss A-MQ Hawtio console security bypass vulnerability
Red Hat JBoss A-MQ is an open source messaging platform from Red Hat, Inc. that integrates applications and devices and provides various messaging modes to support real-time messaging. The platform is used to integrate applications , endpoints and devices , and provides a variety of messaging...
Console: CORS headers set to allow all in Red Hat AMQ
It was found that the Hawtio console setting for the Access-Control-Allow-Origin header permits unrestricted sharing allow all. An attacker could use this flaw to access sensitive information or perform other attacks...
Design/Logic Flaw
Red Hat JBoss Fuse before 6.2.0 allows remote authenticated users to bypass intended restrictions and access the HawtIO console by leveraging an account defined in the users.properties file...
CVE-2014-8175
The CVE-2014-8175 entry affects Red Hat JBoss Fuse
CVE-2014-8175
Red Hat JBoss Fuse before 6.2.0 allows remote authenticated users to bypass intended restrictions and access the HawtIO console by leveraging an account defined in the users.properties file...