Design/Logic Flaw

The Portlet Bridge for JavaServer Faces in Red Hat JBoss Portal 6.2.0, when used in portlets with the default resource serving for GenericPortlet, does not properly restrict access to restricted resources, which allows remote attackers to obtain sensitive information via a URL with a modified...

CVE-2015-3244

The Portlet Bridge for JavaServer Faces in Red Hat JBoss Portal 6.2.0, when used with GenericPortlet's default resource serving, does not properly restrict access to restricted resources, enabling remote attackers to obtain sensitive information via a URL with a modified resource ID. Affected pro...

CVE-2015-3244

The Portlet Bridge for JavaServer Faces in Red Hat JBoss Portal 6.2.0, when used in portlets with the default resource serving for GenericPortlet, does not properly restrict access to restricted resources, which allows remote attackers to obtain sensitive information via a URL with a modified...

JSF: Information disclosure due to missing access restriction in portlet resource dispatching

It was found that JavaServer Faces PortletBridge-based portlets using GenericPortlet's default resource serving did not restrict access to resources within the web application. An attacker could set the resource ID field of a URL to potentially bypass security constraints and gain access to...

Moderate: Red Hat Security Advisory: Red Hat JBoss Portal 6.2.0 security update

An update for the PortletBridge component of Red Hat JBoss Portal 6.2.0 that fixes one security issue is now available from the Red Hat Customer Portal. Red Hat Product Security has rated this update as having Moderate security impact. A Common Vulnerability Scoring System CVSS base score, which...

Wedge Networks wedgeOS Management Console Detection (HTTP)

HTTP based detection of the Wedge Networks wedgeOS Management Console. SPDX-FileCopyrightText: 2015 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only if description...

JVN#56297719: JBoss RichFaces vulnerable to remote Java code execution

JBoss RichFaces is an Ajax-enabled component library for JavaServer Faces JSF. JBoss RichFaces contains a flaw in parsing the do parameter, which may result in arbitrary Java code execution. Impact When a specially crafted input is processed, arbitrary Java code may be executed on the application...

JSF: XSS due to insufficient escaping of user-supplied content in outputText tags and EL expressions

It was found that Mojarra JavaServer Faces did not properly escape user-supplied content in certain circumstances. Contents of outputText tags and raw EL expressions that immediately follow script or style elements were not escaped. A remote attacker could use a specially crafted URL to execute...

JSFTemplating, Mojarra Scales, GlassFish File Disclosure Vulnerabilities

No description provided by source. SEC Consult Security Advisory 20090901-0 ======================================================================= title: File disclosure vulnerability in JSFTemplating, Mojarra Scales and GlassFish Application Server v3 Admin console products: JSFTemplating...

Directory traversal

Multiple directory traversal vulnerabilities in MyFaces JavaServer Faces JSF in Apache MyFaces Core 2.0.x before 2.0.12 and 2.1.x before 2.1.6 allow remote attackers to read arbitrary files via a .. dot dot in the 1 ln parameter to faces/javax.faces.resource/web.xml or 2 the PATHINFO to...

CVE-2011-4367

Multiple directory traversal vulnerabilities in MyFaces JavaServer Faces JSF in Apache MyFaces Core 2.0.x before 2.0.12 and 2.1.x before 2.1.6 allow remote attackers to read arbitrary files via a .. dot dot in the 1 ln parameter to faces/javax.faces.resource/web.xml or 2 the PATHINFO to...

CVE-2011-4367

This CVE concerns Apache MyFaces Core (JSF) path traversal in MyFaces JSF. Affected versions are Core 2.0.x before 2.0.12 and 2.1.x before 2.1.6. An attacker can read arbitrary files by supplying a .. sequence via the ln parameter to faces/javax.faces.resource/web.xml or via PATH_INFO to faces/ja...

Oracle JavaServer Faces Multiple Partial Directory Traversals

The remote web server contains a JavaServer Faces application that is affected by multiple partial directory traversal vulnerabilities : - A defect exists in the handling of a resource identifier that allows for directory traversal within the application. - A defect exists in the handling of a...

Oracle JavaServer Faces contains multiple vulnerabilities

Overview Oracle JavaServer Faces contains multiple vulnerabilities which could allow an attacker to obtain sensitive information. Description Oracle JavaServer Faces contains multiple vulnerabilities which could allow an attacker to obtain sensitive information.Alex Kouzemtchenko and Jon Passki o...

Oracle GlassFish Server 2.1.13.0.1 - Multiple Subcomponent Resource Identifier Traversal Arbitrary File Access

Oracle GlassFish Server 2.1.13.0.1 - Multiple Subcomponent Resource Identifier Traversal Arbitrary File Access source: https://www.securityfocus.com/bid/63052/info Oracle JavaServer Faces is prone to multiple directory-traversal vulnerabilities. Exploiting these issues may allow an attacker to...

RHEL 5 / 6 : richfaces (RHSA-2013:1042)

Updated richfaces packages that fix one security issue are now available for Red Hat JBoss Enterprise Application Platform 5.2.0 for Red Hat Enterprise Linux 4, 5, and 6. The Red Hat Security Response Team has rated this update as having critical security impact. A Common Vulnerability Scoring...

Critical: Red Hat Security Advisory: richfaces security update

Updated richfaces packages that fix one security issue are now available for Red Hat JBoss Web Platform 5.2.0 for Red Hat Enterprise Linux 4, 5, and 6. The Red Hat Security Response Team has rated this update as having critical security impact. A Common Vulnerability Scoring System CVSS base scor...

Critical: Red Hat Security Advisory: richfaces security update

Updated richfaces packages that fix one security issue are now available for Red Hat JBoss Enterprise Application Platform 5.2.0 for Red Hat Enterprise Linux 4, 5, and 6. The Red Hat Security Response Team has rated this update as having critical security impact. A Common Vulnerability Scoring...

RHEL 5 : JBoss EAP (RHSA-2008:0828)

Updated JBoss Enterprise Application Platform JBoss EAP packages that fix various security issues are now available for Red Hat Enterprise Linux 5. This update has been rated as having moderate security impact by the Red Hat Security Response Team. JBoss EAP is a middleware platform for Java 2...

DEBIAN-CVE-2011-4358

Unspecified vulnerability in Oracle GlassFish Enterprise Server 3.0.1 and 3.1.1 allows remote attackers to affect confidentiality and integrity, related to JSF...