932 matches found
RHEL 7 : Red Hat JBoss Enterprise Application Platform 6.3.1 update (Low) (RHSA-2014:1287)
The remote Redhat Enterprise Linux 7 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2014:1287 advisory. Red Hat JBoss Enterprise Application Platform 6 is a platform for Java applications based on JBoss Application Server 7. It was discovered that the...
[SE-2014-01] Missing patches / inaccurate information regarding Oracle Oct CPU
Hello All, We've been recently informed by a 3rd party that Oracle planned to release fixes for the vulnerabilities covered by our SE-2014-01 1 project in Nov 2014. We initially thought that someone mistakenly took Oct for Nov Oracle CPU was released on Oct 14, 2014, but the credibility of the...
java-1.8.0-openjdk security update
1:1.8.0.25-1.b17 - Update to October CPU patch update. - Resolves: RHBZ1148896 1:1.8.0.20-3.b26 - fixed headless policytool moved to normal - jre/bin/policytool added to not headless exclude list - updated aarch694 source - ppc64le synced from fedora - Resolves: rhbz1081073 1:1.8.0.20-2.b26 -...
JDK: unspecified vulnerability fixed in 6u85, 7u71 and 8u25 (Deployment)
Unspecified vulnerability in Oracle Java SE 6u81, 7u67, and 8u20 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Deployment, a different vulnerability than CVE-2014-4288, CVE-2014-6503, and CVE-2014-6532...
CVE-2014-6485
Unspecified vulnerability in Oracle Java SE 8u20 and JavaFX 2.2.65 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors...
java-1.7.0-openjdk security and bug fix update
1:1.7.0.65-2.5.3.1.0.1.el70 - Update DISTRONAME in specfile 1:1.7.0.65-2.5.3.1 - Bump to 2.5.3 for latest security fixes. - Remove obsolete patches. - Add hsbootstrap option to pre-build HotSpot when required. - Resolves: rhbz1148893...
OpenJDK: StAX parser parameter entity XXE (JAXP, 8039533)
It was discovered that the StAX XML parser in the JAXP component in OpenJDK performed expansion of external parameter entities even when external entity substitution was disabled. A remote attacker could use this flaw to perform XML eXternal Entity XXE attack against applications using the StAX...
Java: XML signature spoofing
A flaw was found in the way Apache Santuario XML Security for Java validated XML signatures. Santuario allowed a signature to specify an arbitrary canonicalization algorithm, which would be applied to the SignedInfo XML fragment. A remote attacker could exploit this to spoof an XML signature via ...
DEBIAN-CVE-2014-3558
ReflectionHelper org.hibernate.validator.util.ReflectionHelper in Hibernate Validator 4.1.0 before 4.2.1, 4.3.x before 4.3.2, and 5.x before 5.1.2 allows attackers to bypass Java Security Manager JSM restrictions and execute restricted reflection calls via a crafted application...
CVE-2014-3558
ReflectionHelper org.hibernate.validator.util.ReflectionHelper in Hibernate Validator 4.1.0 before 4.2.1, 4.3.x before 4.3.2, and 5.x before 5.1.2 allows attackers to bypass Java Security Manager JSM restrictions and execute restricted reflection calls via a crafted application...
CVE-2014-3558
ReflectionHelper org.hibernate.validator.util.ReflectionHelper in Hibernate Validator 4.1.0 before 4.2.1, 4.3.x before 4.3.2, and 5.x before 5.1.2 allows attackers to bypass Java Security Manager JSM restrictions and execute restricted reflection calls via a crafted application...
CVE-2014-3558
ReflectionHelper org.hibernate.validator.util.ReflectionHelper in Hibernate Validator 4.1.0 before 4.2.1, 4.3.x before 4.3.2, and 5.x before 5.1.2 allows attackers to bypass Java Security Manager JSM restrictions and execute restricted reflection calls via a crafted application...
Design/Logic Flaw
ReflectionHelper org.hibernate.validator.util.ReflectionHelper in Hibernate Validator 4.1.0 before 4.2.1, 4.3.x before 4.3.2, and 5.x before 5.1.2 allows attackers to bypass Java Security Manager JSM restrictions and execute restricted reflection calls via a crafted application...
UBUNTU-CVE-2014-3558
ReflectionHelper org.hibernate.validator.util.ReflectionHelper in Hibernate Validator 4.1.0 before 4.2.1, 4.3.x before 4.3.2, and 5.x before 5.1.2 allows attackers to bypass Java Security Manager JSM restrictions and execute restricted reflection calls via a crafted application...
CVE-2014-3558
CVE-2014-3558 affects Hibernate Validator: ReflectionHelper in Hibernate Validator 4.1.0 before 4.2.1, 4.3.x before 4.3.2, and 5.x before 5.1.2. Root cause is the ReflectionHelper usage that can bypass the Java Security Manager restrictions, allowing a crafted application to execute restricted re...
CVE-2014-3558
ReflectionHelper org.hibernate.validator.util.ReflectionHelper in Hibernate Validator 4.1.0 before 4.2.1, 4.3.x before 4.3.2, and 5.x before 5.1.2 allows attackers to bypass Java Security Manager JSM restrictions and execute restricted reflection calls via a crafted application...
RHEL 5 : Red Hat JBoss Enterprise Application Platform 6.3.1 update (Low) (RHSA-2014:1286)
The remote Redhat Enterprise Linux 5 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2014:1286 advisory. Red Hat JBoss Enterprise Application Platform 6 is a platform for Java applications based on JBoss Application Server 7. It was discovered that the...
6: JSM policy not respected by deployed applications
It was found that Java Security Manager permissions configured via a policy file were not properly applied, causing all deployed applications to be granted the java.security.AllPermission permission. In certain cases, an attacker could use this flaw to circumvent expected security measures to...
Important: Red Hat Security Advisory: Red Hat JBoss BRMS 6.0.3 update
Red Hat JBoss BRMS 6.0.3, which fixes multiple security issues, several bugs, and adds various enhancements, is now available from the Red Hat Customer Portal. Red Hat Product Security has rated this update as having Important security impact. Common Vulnerability Scoring System CVSS base scores,...
6: JSM policy not respected by deployed applications
It was found that Java Security Manager permissions configured via a policy file were not properly applied, causing all deployed applications to be granted the java.security.AllPermission permission. In certain cases, an attacker could use this flaw to circumvent expected security measures to...