CVE-2010-5192

An XSS vulnerability in the Java Management Console of Blue Coat ProxySG (SGOS) affecting: SGOS < 4.3.4.1; SGOS < 5.4.5.1 (5.x); SGOS < 5.5.4.1 (5.5); SGOS

CVE-2010-5192

Cross-site scripting XSS vulnerability in the Java Management Console in Blue Coat ProxySG before SGOS 4.3.4.1, 5.x before SGOS 5.4.5.1, 5.5 before SGOS 5.5.4.1, and 6.x before SGOS 6.1.1.1 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors...

tomcat: password disclosure vulnerability

Apache Tomcat 5.5.x before 5.5.34, 6.x before 6.0.33, and 7.x before 7.0.17, when the MemoryUserDatabase is used, creates log entries containing passwords upon encountering errors in JMX user creation, which allows local users to obtain sensitive information by reading a log file...

Java RMI Server Insecure Default Configuration Java Code Execution

This file is part of the Metasploit Framework and may be subject to redistribution and commercial restrictions. Please see the Metasploit web site for more information on licensing and terms of use. http://metasploit.com/ require 'msf/core' class Metasploit3 'Java RMI Server Insecure Default...

RedHat JBoss Enterprise Application Platform JMX Console Authentication Bypass

Added: 06/07/2010 CVE: CVE-2010-0738 BID: 39710 OSVDB: 64171 Background JBoss Application Server AS is a full-featured open source Java application server that includes full support for J2EE-based APIs. JBoss AS runs on numerous operating systems e.g., Linux, FreeBSD, Mac OS X, and Microsoft...

JBoss EAP jmx authentication bypass with crafted HTTP request

The JMX-Console web application in JBossAs in Red Hat JBoss Enterprise Application Platform aka JBoss EAP or JBEAP 4.2 before 4.2.0.CP09 and 4.3 before 4.3.0.CP08 performs access control only for the GET and POST methods, which allows remote attackers to send requests to this application's GET...

JBoss EAP jmx authentication bypass with crafted HTTP request

No description is available for this CVE...

JBoss EAP Twiddle logs the JMX password

Twiddle in Red Hat JBoss Enterprise Application Platform aka JBoss EAP or JBEAP 4.2 before 4.2.0.CP08 and 4.3 before 4.3.0.CP07 writes the JMX password, and other command-line arguments, to the twiddle.log file, which allows local users to obtain sensitive information by reading this file...

JBoss EAP Twiddle logs the JMX password

Twiddle in Red Hat JBoss Enterprise Application Platform aka JBoss EAP or JBEAP 4.2 before 4.2.0.CP08 and 4.3 before 4.3.0.CP07 writes the JMX password, and other command-line arguments, to the twiddle.log file, which allows local users to obtain sensitive information by reading this file...

CVE-2009-2090

Unspecified vulnerability in wsadmin in the System Management/Repository component in IBM WebSphere Application Server WAS 7.0 before 7.0.0.5 allows remote attackers to bypass intended Java Management Extensions JMX Management Beans aka MBeans access restrictions, and cause a denial of service...

CVE-2009-2476

The Java Management Extensions JMX implementation in Sun Java SE 6 before Update 15, and OpenJDK, does not properly enforce OpenType checks, which allows context-dependent attackers to bypass intended access restrictions by leveraging finalizer resurrection to obtain a reference to a privileged...

OpenJDK OpenType checks can be bypassed (6736293)

The Java Management Extensions JMX implementation in Sun Java SE 6 before Update 15, and OpenJDK, does not properly enforce OpenType checks, which allows context-dependent attackers to bypass intended access restrictions by leveraging finalizer resurrection to obtain a reference to a privileged...

OpenJDK JMX allows illegal operations with local monitoring (6332953)

Unspecified vulnerability in the Java Management Extensions JMX management agent in Sun Java Runtime Environment JRE in JDK and JRE 6 Update 6 and earlier and JDK and JRE 5.0 Update 15 and earlier, when local monitoring is enabled, allows remote attackers to "perform unauthorized operations" via...

OpenJDK JMX allows illegal operations with local monitoring (6332953)

Unspecified vulnerability in the Java Management Extensions JMX management agent in Sun Java Runtime Environment JRE in JDK and JRE 6 Update 6 and earlier and JDK and JRE 5.0 Update 15 and earlier, when local monitoring is enabled, allows remote attackers to "perform unauthorized operations" via...

OpenJDK JMX allows illegal operations with local monitoring (6332953)

Unspecified vulnerability in the Java Management Extensions JMX management agent in Sun Java Runtime Environment JRE in JDK and JRE 6 Update 6 and earlier and JDK and JRE 5.0 Update 15 and earlier, when local monitoring is enabled, allows remote attackers to "perform unauthorized operations" via...

OpenJDK JMX allows illegal operations with local monitoring (6332953)

Unspecified vulnerability in the Java Management Extensions JMX management agent in Sun Java Runtime Environment JRE in JDK and JRE 6 Update 6 and earlier and JDK and JRE 5.0 Update 15 and earlier, when local monitoring is enabled, allows remote attackers to "perform unauthorized operations" via...

Sun Java JDK/JRE 5 < Update 16 Multiple Vulnerabilities

The version of Sun Java Runtime Environment JRE 5.0 installed on the remote host is affected by multiple security issues : - A vulnerability in the XML processing module of the JRE could allow an untrusted applet/application unauthorized access to certain URL resources 238628. - A buffer overflow...

OpenJDK JMX allows illegal operations with local monitoring (6332953)

Unspecified vulnerability in the Java Management Extensions JMX management agent in Sun Java Runtime Environment JRE in JDK and JRE 6 Update 6 and earlier and JDK and JRE 5.0 Update 15 and earlier, when local monitoring is enabled, allows remote attackers to "perform unauthorized operations" via...

OpenJDK JMX allows illegal operations with local monitoring (6332953)

Unspecified vulnerability in the Java Management Extensions JMX management agent in Sun Java Runtime Environment JRE in JDK and JRE 6 Update 6 and earlier and JDK and JRE 5.0 Update 15 and earlier, when local monitoring is enabled, allows remote attackers to "perform unauthorized operations" via...

CVE-2007-1419

The Java Management Extensions Remote API Remote Method Invocation over Internet Inter-ORB Protocol JMX RMI-IIOP API in Java Dynamic Management Kit 5.1 before 20070309 does not properly enforce the java.policy, which allows local users to obtain certain MBeans data access by operating a server...