12 matches found
EUVD-2012-2367
Malware in sbrugna...
VulnCheck KEV: CVE-2011-4085
The servlets invoked by httpha-invoker in JBoss Enterprise Application Platform before 5.1.2, SOA Platform before 5.2.0, BRMS Platform before 5.3.0, and Portal Platform before 4.3 CP07 perform access control only for the GET and POST methods, which allow remote attackers to bypass authentication ...
jexboss
This is an offensive tool for Java Deserialization Vulnerabilities. The tool is called JexBoss and is used to verify and exploit vulnerabilities in JBoss Application Server and other Java platforms, frameworks, and applications. The tool is written in Python and has a command-line interface. It c...
PT-2013-1463 · Red Hat · Web Platform +3
Name of the Vulnerable Software and Affected Versions: JBoss Enterprise Application Platform EAP versions prior to 5.2.0 Web Platform EWP versions prior to 5.2.0 BRMS Platform versions prior to 5.3.1 SOA Platform versions prior to 5.3.1 Description: A cross-site scripting XSS issue exists in the...
Cache: NonManagedConnectionFactory will log password in clear text when an exception occurs
The NonManagedConnectionFactory in JBoss Enterprise Application Platform EAP 5.1.2 and 5.2.0, Web Platform EWP 5.1.2 and 5.2.0, and BRMS Platform before 5.3.1 logs the username and password in cleartext when an exception is thrown, which allows local users to obtain sensitive information by readi...
CSRF on jmx-console allows invocation of operations on mbeans
Cross-site request forgery CSRF vulnerability in the JMX Console jmx-console in JBoss Enterprise Portal Platform before 5.2.2, BRMS Platform 5.3.0 before roll up patch1, and SOA Platform 5.3.0 allows remote authenticated users to hijack the authentication of arbitrary users for requests that...
JBoss: AuthorizationInterceptor allows JMX operation to proceed despite authorization failure
The AuthorizationInterceptor in JBoss Enterprise Application Platform EAP before 5.2.0, Web Platform EWP before 5.2.0, BRMS Platform before 5.3.1, and SOA Platform before 5.3.1 does not properly restrict access, which allows remote authenticated users to bypass intended role restrictions and...
Cache: NonManagedConnectionFactory will log password in clear text when an exception occurs
The NonManagedConnectionFactory in JBoss Enterprise Application Platform EAP 5.1.2 and 5.2.0, Web Platform EWP 5.1.2 and 5.2.0, and BRMS Platform before 5.3.1 logs the username and password in cleartext when an exception is thrown, which allows local users to obtain sensitive information by readi...
CSRF on jmx-console allows invocation of operations on mbeans
Cross-site request forgery CSRF vulnerability in the JMX Console jmx-console in JBoss Enterprise Portal Platform before 5.2.2, BRMS Platform 5.3.0 before roll up patch1, and SOA Platform 5.3.0 allows remote authenticated users to hijack the authentication of arbitrary users for requests that...
Cache: NonManagedConnectionFactory will log password in clear text when an exception occurs
The NonManagedConnectionFactory in JBoss Enterprise Application Platform EAP 5.1.2 and 5.2.0, Web Platform EWP 5.1.2 and 5.2.0, and BRMS Platform before 5.3.1 logs the username and password in cleartext when an exception is thrown, which allows local users to obtain sensitive information by readi...
CSRF on jmx-console allows invocation of operations on mbeans
Cross-site request forgery CSRF vulnerability in the JMX Console jmx-console in JBoss Enterprise Portal Platform before 5.2.2, BRMS Platform 5.3.0 before roll up patch1, and SOA Platform 5.3.0 allows remote authenticated users to hijack the authentication of arbitrary users for requests that...
JNDI: unauthenticated remote write access is permitted by default
The 1 JNDI service, 2 HA-JNDI service, and 3 HAJNDIFactory invoker servlet in JBoss Enterprise Application Platform 4.3.0 CP10 and 5.1.2, Web Platform 5.1.2, SOA Platform 4.2.0.CP05 and 4.3.0.CP05, Portal Platform 4.3 CP07 and 5.2.x before 5.2.2, and BRMS Platform before 5.3.0 do not properly...