Fedora: Security Advisory for jaxb-istack-commons (FEDORA-2024-129d8ca6fc)

The remote host is missing an update for the SPDX-FileCopyrightText: 2024 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

[SECURITY] Fedora 40 Update: jaxb-istack-commons-4.2.0-8.fc40

Code shared between JAXP, JAXB, SAAJ, and JAX-WS projects...

Security Bulletin: IBM App Connect Enterprise and IBM Integration Bus are vulnerable to SOAPAction spoofing when processing JAX-WS Web Services requests (CVE-2022-38712)

Summary IBM App Connect Enterprise and IBM Integration Bus are vulnerable to SOAPAction spoofing when processing JAX-WS Web Services requests CVE-2022-38712. The fix includes the IBM Websphere Application Server APAR PH49111 Vulnerability Details CVEID:CVE-2022-38712 DESCRIPTION: IBM WebSphere...

Security Bulletin: IBM WebSphere Application Server shipped with Jazz for Service Management (JazzSM) is vulnerable to SOAPAction spoofing (CVE-2022-38712)

Summary IBM WebSphere Application Server is vulnerable to SOAPAction spoofing when processing JAX-WS Web Services requests. This has been addressed. Vulnerability Details Refer to the security bulletins listed in the Remediation/Fixes section Affected Products and Versions Affected Products|...

K16352: Multiple OpenJDK vulnerabilities

Security Advisory Description CVE-2015-0383 Unspecified vulnerability in Oracle Java SE 5.0u75, 6u85, 7u72, and 8u25; Java SE Embedded 7u71 and 8u6; and JRockit R27.8.4 and R28.3.4 allows local users to affect integrity and availability via unknown vectors related to Hotspot. CVE-2014-6601...

SUSE CVE-2008-3105

Unspecified vulnerability in the JAX-WS client and service in Sun Java Runtime Environment JRE in JDK and JRE 6 Update 6 and earlier allows remote attackers to access URLs or cause a denial of service via unknown vectors involving "processing of XML data" by a trusted application...

SUSE CVE-2008-5347

Multiple unspecified vulnerabilities in Java Runtime Environment JRE for Sun JDK and JRE 6 Update 10 and earlier allow untrusted applets and applications to gain privileges via vectors related to access to inner classes in the 1 JAX-WS and 2 JAXB packages...

SUSE CVE-2012-5076

Unspecified vulnerability in the Java Runtime Environment JRE component in Oracle Java SE 7 Update 7 and earlier allows remote attackers to affect confidentiality, integrity, and availability, related to JAX-WS...

SUSE CVE-2013-0435

Unspecified vulnerability in the Java Runtime Environment JRE component in Oracle Java SE 7 through Update 11 and 6 through Update 38, and OpenJDK 6 and 7, allows remote attackers to affect confidentiality via vectors related to JAX-WS. NOTE: the previous information is from the February 2013 CPU...

SUSE CVE-2013-2415

Unspecified vulnerability in the Java Runtime Environment JRE component in Oracle Java SE 7 Update 17 and earlier, and OpenJDK 6 and 7, allows local users to affect confidentiality via vectors related to JAX-WS. NOTE: the previous information is from the April 2013 CPU. Oracle has not commented o...

SUSE CVE-2014-0458

Unspecified vulnerability in Oracle Java SE 6u71, 7u51, and 8, and Java SE Embedded 7u51, allows remote attackers to affect confidentiality, integrity, and availability via vectors related to JAX-WS, a different vulnerability than CVE-2014-0452 and CVE-2014-2423...

SUSE CVE-2015-0412

Unspecified vulnerability in Oracle Java SE 6u85, 7u72, and 8u25 allows remote attackers to affect confidentiality, integrity, and availability via vectors related to JAX-WS...

SUSE CVE-2017-10350

Vulnerability in the Java SE, Java SE Embedded component of Oracle Java SE subcomponent: JAX-WS. Supported versions that are affected are Java SE: 7u151, 8u144 and 9; Java SE Embedded: 8u144. Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protoco...

Security Bulletin: Speech to Text, Text to Speech ICP, WebSphere Application Server Liberty Fix

Summary A vulnerability in Apache CXF affecting WebSphere Liberty JAX-WS has been fixed in Liberty: 20.0.0.5. This fix is included in ICP Watson Text to Speech, Speech to Text v1.1.2 GA: 6/19/20. Vulnerability Details CVEID:CVE-2019-17573 DESCRIPTION: Apache CXF is vulnerable to cross-site...

Security Bulletin: WebSphere Application Server is vulnerable to SOAPAction spoofing when processing JAX-WS Web Services requests which affects Content Collector for Email

Summary WebSphere Application Server is vulnerable to SOAPAction spoofing when processing JAX-WS Web Services requests. Vulnerability Details CVEID:CVE-2022-38712 DESCRIPTION: IBM WebSphere Application Server 7.0, 8.0, 8.5, and 9.0 Web services could allow a man-in-the-middle attacker to conduct...

Security Bulletin: IBM Tivoli Composite Application Manager for Application Diagnostics Installed WebSphere Application Server is vulnerable to SOAPAction spoofing when processing JAX-WS Web Services requests (CVE-2022-38712)

Summary The security issue described in CVE-2022-38712 has been identified in the WebSphere Application Server included as part of IBM Tivoli Composite Application Manager for Application Diagnostics Vulnerability Details Refer to the security bulletins listed in the Remediation/Fixes section...

Spring WS Samples upgraded for Spring Boot 3.0!

With the recent announcement of Spring Boot 3.0 going GA, some of you may be interested in upgrading your Spring Web Services-based applications to take full advantage of this. The Spring WS team has upgraded our set of sample apps to help you carry that out. The main branch now tracks the versio...

Security Bulletin: IBM WebSphere Application Server is vulnerable to SOAPAction spoofing (CVE-2022-38712)

Summary IBM WebSphere Application Server is vulnerable to SOAPAction spoofing when processing JAX-WS Web Services requests. This has been addressed. Vulnerability Details CVEID:CVE-2022-38712 DESCRIPTION: IBM WebSphere Application Server Web services could allow a man-in-the-middle attacker to...

Improper Input Validation in Apache CXF

Apache CXF supports sending and receiving attachments via either the JAX-WS or JAX-RS specifications. It is possible to craft a message attachment header that could lead to a Denial of Service DoS attack on a CXF web service provider. Both JAX-WS and JAX-RS services are vulnerable to this attack...

Security Bulletin: A vulnerability has been identified in IBM WebSphere Application Server Liberty shipped with IBM Tivoli Netcool Impact (CVE-2022-22310)

Summary IBM WebSphere Liberty is shipped as a component of IBM Tivoli Netcool Impact. Information about a security vulnerability affecting IBM WebSphere Liberty has been published in a security bulletin. Vulnerability Details CVEID: CVE-2022-22310 DESCRIPTION: IBM WebSphere Application Server...