33 matches found
Input validation
message/ax/AxMessage.java in OpenID4Java before 0.9.6 final, as used in JBoss Enterprise Application Platform 5.1 before 5.1.2, Step2, Kay Framework before 1.0.2, and possibly other products does not verify that Attribute Exchange AX information is signed, which allows remote attackers to modify...
CVE-2011-4314
message/ax/AxMessage.java in OpenID4Java before 0.9.6 final, as used in JBoss Enterprise Application Platform 5.1 before 5.1.2, Step2, Kay Framework before 1.0.2, and possibly other products does not verify that Attribute Exchange AX information is signed, which allows remote attackers to modify...
CVE-2011-4314
message/ax/AxMessage.java in OpenID4Java before 0.9.6 final, as used in JBoss Enterprise Application Platform 5.1 before 5.1.2, Step2, Kay Framework before 1.0.2, and possibly other products does not verify that Attribute Exchange AX information is signed, which allows remote attackers to modify...
CVE-2011-4314
CVE-2011-4314 affects OpenID4Java, where AxMessage.java did not verify that Attribute Exchange (AX) data is signed. This allows a remote attacker to modify AX information during MITM without detection. The issue is present in OpenID4Java prior to 0.9.6 final and is used by products such as JBoss ...
Low: Red Hat Security Advisory: JBoss Enterprise Web Platform 5.1.2 update
JBoss Enterprise Web Platform 5.1.2, which fixes one security issue, various bugs, and adds several enhancements is now available from the Red Hat Customer Portal. The Red Hat Security Response Team has rated this update as having low security impact. A Common Vulnerability Scoring System CVSS ba...
extension): MITM due to improper validation of AX attribute signatures
message/ax/AxMessage.java in OpenID4Java before 0.9.6 final, as used in JBoss Enterprise Application Platform 5.1 before 5.1.2, Step2, Kay Framework before 1.0.2, and possibly other products does not verify that Attribute Exchange AX information is signed, which allows remote attackers to modify...
Low: Red Hat Security Advisory: JBoss Enterprise Web Platform 5.1.2 update
Updated JBoss Enterprise Web Platform 5.1.2 packages that fix one security issue, various bugs, and add several enhancements are now available for Red Hat Enterprise Linux 4. The Red Hat Security Response Team has rated this update as having low security impact. A Common Vulnerability Scoring...
extension): MITM due to improper validation of AX attribute signatures
message/ax/AxMessage.java in OpenID4Java before 0.9.6 final, as used in JBoss Enterprise Application Platform 5.1 before 5.1.2, Step2, Kay Framework before 1.0.2, and possibly other products does not verify that Attribute Exchange AX information is signed, which allows remote attackers to modify...
Low: Red Hat Security Advisory: JBoss Enterprise Web Platform 5.1.2 update
Updated JBoss Enterprise Web Platform 5.1.2 packages that fix one security issue, various bugs, and add several enhancements are now available for Red Hat Enterprise Linux 5. The Red Hat Security Response Team has rated this update as having low security impact. A Common Vulnerability Scoring...
Low: Red Hat Security Advisory: JBoss Enterprise Web Platform 5.1.2 update
Updated JBoss Enterprise Web Platform 5.1.2 packages that fix one security issue, various bugs, and add several enhancements are now available for Red Hat Enterprise Linux 6. The Red Hat Security Response Team has rated this update as having low security impact. A Common Vulnerability Scoring...
Low: Red Hat Security Advisory: JBoss Enterprise Application Platform 5.1.2 update
Updated JBoss Enterprise Application Platform 5.1.2 packages that fix two security issues, various bugs, and add several enhancements are now available for Red Hat Enterprise Linux 6. The Red Hat Security Response Team has rated this update as having low security impact. Common Vulnerability...
extension): MITM due to improper validation of AX attribute signatures
message/ax/AxMessage.java in OpenID4Java before 0.9.6 final, as used in JBoss Enterprise Application Platform 5.1 before 5.1.2, Step2, Kay Framework before 1.0.2, and possibly other products does not verify that Attribute Exchange AX information is signed, which allows remote attackers to modify...
Red Hat Security Advisory 2011-1798-01
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ===================================================================== Red Hat Security Advisory Synopsis: Low: JBoss Enterprise Application Platform 5.1.2 update Advisory ID: RHSA-2011:1798-01 Product: JBoss Enterprise Application Platform Advisory UR...