CVE-2013-2165

ResourceBuilderImpl.java in the RichFaces 3.x through 5.x implementation in Red Hat JBoss Web Framework Kit before 2.3.0, Red Hat JBoss Web Platform through 5.2.0, Red Hat JBoss Enterprise Application Platform through 4.3.0 CP10 and 5.x through 5.2.0, Red Hat JBoss BRMS through 5.3.1, Red Hat JBo...

Moderate: Red Hat Security Advisory: JBoss Operations Network 3.1.2 update

JBoss Operations Network 3.1.2, which fixes one security issue and several bugs, is now available from the Red Hat Customer Portal. The Red Hat Security Response Team has rated this update as having moderate security impact. A Common Vulnerability Scoring System CVSS base score, which gives a...

GWT: unknown XSS flaw

Cross-site scripting XSS vulnerability in Google Web Toolkit GWT 2.4 through 2.5 Final, as used in JBoss Operations Network ON 3.1.1 and possibly other products, allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. NOTE: this issue exists because of an incomplet...

CVE-2012-5920

Cross-site scripting XSS vulnerability in Google Web Toolkit GWT 2.4 through 2.5 Final, as used in JBoss Operations Network ON 3.1.1 and possibly other products, allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. NOTE: this issue exists because of an incomplet...

Cross site scripting

Cross-site scripting XSS vulnerability in Google Web Toolkit GWT 2.4 through 2.5 Final, as used in JBoss Operations Network ON 3.1.1 and possibly other products, allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. NOTE: this issue exists because of an incomplet...

CVE-2012-5920

Cross-site scripting XSS vulnerability in Google Web Toolkit GWT 2.4 through 2.5 Final, as used in JBoss Operations Network ON 3.1.1 and possibly other products, allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. NOTE: this issue exists because of an incomplet...

CVE-2012-5920

CVE-2012-5920 is an XSS vulnerability in Google Web Toolkit (GWT) 2.4–2.5 Final, used in JBoss Operations Network 3.1.1 and potentially other products. It stems from an incomplete fix for CVE-2012-4563 and allows remote attackers to inject arbitrary script/HTML via unspecified vectors. Red Hat/IB...

Low: Red Hat Security Advisory: jboss-ec2-eap security update

An updated jboss-ec2-eap package that fixes one security issue is now available for JBoss Enterprise Application Platform 5.1.2 for Red Hat Enterprise Linux 6 running on the Amazon Web Services AWS Elastic Compute Cloud EC2. The Red Hat Security Response Team has rated this update as having low...

Moderate: Red Hat Security Advisory: JBoss Operations Network 3.1.1 update

JBoss Operations Network 3.1.1, which fixes one security issue, several bugs, and adds enhancements, is now available from the Red Hat Customer Portal. The Red Hat Security Response Team has rated this update as having moderate security impact. A Common Vulnerability Scoring System CVSS base scor...

Moderate: Red Hat Security Advisory: JBoss Operations Network 3.1.0 update

JBoss Operations Network 3.1.0, which fixes one security issue, several bugs, and adds enhancements, is now available from the Red Hat Customer Portal. The Red Hat Security Response Team has rated this update as having moderate security impact. A Common Vulnerability Scoring System CVSS base scor...

Important: Red Hat Security Advisory: JBoss Operations Network 3.0.1 update

JBoss Operations Network 3.0.1, which fixes multiple security issues and several bugs, is now available from the Red Hat Customer Portal. The Red Hat Security Response Team has rated this update as having important security impact. Common Vulnerability Scoring System CVSS base scores, which give...

JON: Unapproved agents can connect using the name of an existing approved agent

Red Hat JBoss Operations Network JON before 2.4.2 and 3.0.x before 3.0.1 does not check the JON agent key, which allows remote attackers to spoof the identity of arbitrary agents via the registered agent name...

JON: LDAP authentication allows any user access if bind credentials are bad

Red Hat JBoss Operations Network JON 3.0.x before 3.0.1, 2.4.2, and earlier, when LDAP authentication is enabled and the LDAP bind account credentials are invalid, allows remote attackers to login to LDAP-based accounts via an arbitrary password in a login request...

Important: Red Hat Security Advisory: JBoss Operations Network 2.4.2 security update

An update for JBoss Operations Network 2.4.2 that fixes one security issue is now available from the Red Hat Customer Portal. The Red Hat Security Response Team has rated this update as having important security impact. A Common Vulnerability Scoring System CVSS base score, which gives a detailed...

JBoss Operations Network多个安全限制绕过漏洞

BUGTRAQ ID: 51827 CVE ID: CVE-2011-4573,CVE-2012-0052,CVE-2012-0062 JBoss Operations Network是基于Java EE的开源网络管理软件。 JBoss Operations Network在实现上存在多个安全限制绕过漏洞，成功利用后可允许攻击者绕过某些安全限制、获取敏感信息或执行非法操作。 0 RedHat JBoss Operations Network 2.4.1 厂商补丁： RedHat ------ 目前厂商已经发布了升级补丁以修复这个安全问题，请到厂商的主页下载：...

Important: Red Hat Security Advisory: JBoss Operations Network 2.4.2 update

JBoss Operations Network 2.4.2, which fixes multiple security issues and several bugs, is now available from the Red Hat Customer Portal. The Red Hat Security Response Team has rated this update as having important security impact. Common Vulnerability Scoring System CVSS base scores, which give...

JON: Unapproved agents can hijack an approved agent's endpoint by using a null security token

Red Hat JBoss Operations Network JON before 2.4.2 and 3.0.x before 3.0.1 allows remote attackers to hijack agent sessions via an agent registration request without a security token...

JON: Incorrect delete permissions check

Red Hat JBoss Operations Network JON before 2.4.2 does not properly enforce "modify resource" permissions for remote authenticated users when deleting a plug-in configuration update from the group connection properties history, which prevents such activities from being recorded in the audit trail...

CVE-2011-3206

Multiple cross-site scripting XSS vulnerabilities in the administration interface in RHQ 4.2.0, as used in JBoss Operations Network aka JON or JBoss ON before 3.0, allow remote attackers to inject arbitrary web script or HTML via unspecified vectors...

Cross site scripting

Multiple cross-site scripting XSS vulnerabilities in the administration interface in RHQ 4.2.0, as used in JBoss Operations Network aka JON or JBoss ON before 3.0, allow remote attackers to inject arbitrary web script or HTML via unspecified vectors...