62 matches found
JBossSX/PicketBox: World readable audit.log file
It was found that the security auditing functionality provided by PicketBox and JBossSX, both security frameworks for Java applications, used a world-readable audit.log file to record sensitive information. A local user could possibly use this flaw to gain access to the sensitive information in t...
JBossSX/PicketBox: World readable audit.log file
It was found that the security auditing functionality provided by PicketBox and JBossSX, both security frameworks for Java applications, used a world-readable audit.log file to record sensitive information. A local user could possibly use this flaw to gain access to the sensitive information in t...
Important: Red Hat Security Advisory: Red Hat JBoss Fuse Service Works 6.0.0 security update
Red Hat JBoss Fuse Service Works 6.0.0 roll up patch 4, which fixes multiple security issues and various bugs, is now available from the Red Hat Customer Portal. Red Hat Product Security has rated this update as having Important security impact. Common Vulnerability Scoring System CVSS base score...
JBossSX/PicketBox: World readable audit.log file
It was found that the security auditing functionality provided by PicketBox and JBossSX, both security frameworks for Java applications, used a world-readable audit.log file to record sensitive information. A local user could possibly use this flaw to gain access to the sensitive information in t...
PicketBox JBossSX Arbitrary File Execution Vulnerability
PicketBox is a set of java security framework , it provides developers with authentication , authorization , auditing and security mapping functions . An arbitrary file execution vulnerability exists in PicketBox JBossSX, which allows remote authenticated users to exploit the vulnerability to rea...
Input validation
PicketBox and JBossSX, as used in Red Hat JBoss Enterprise Application Platform JBEAP 6.2.2 and JBoss BRMS before 6.0.3 roll up patch 2, allows remote authenticated users to read and modify the application sever configuration and state by deploying a crafted application...
CVE-2014-0005
PicketBox and JBossSX, as used in Red Hat JBoss Enterprise Application Platform JBEAP 6.2.2 and JBoss BRMS before 6.0.3 roll up patch 2, allows remote authenticated users to read and modify the application sever configuration and state by deploying a crafted application...
CVE-2014-0005
CVE-2014-0005 affects PicketBox/JBossSX used in Red Hat JBoss EAP 6.2.2 and JBoss BRMS before 6.0.3 roll up patch 2; the issue allows remote authenticated users to read/modify the application server configuration and state by deploying a crafted application. The NVD notes a LOW (3.6) base score w...
CVE-2014-0005
PicketBox and JBossSX, as used in Red Hat JBoss Enterprise Application Platform JBEAP 6.2.2 and JBoss BRMS before 6.0.3 roll up patch 2, allows remote authenticated users to read and modify the application sever configuration and state by deploying a crafted application...
PicketBox/JBossSX: Unauthorized access to and modification of application server configuration and state by application
It was identified that PicketBox/JBossSX allowed any deployed application to alter or read the underlying application server configuration and state without any authorization checks. An attacker able to deploy applications could use this flaw to circumvent security constraints applied to other...
Important: Red Hat Security Advisory: Red Hat JBoss BRMS 6.0.3 security update
Red Hat JBoss BRMS 6.0.3 roll up patch 2, which fixes multiple security issues, several bugs, and adds various enhancements, is now available from the Red Hat Customer Portal. Red Hat Product Security has rated this update as having Important security impact. Common Vulnerability Scoring System...
JBossSX/PicketBox: World readable audit.log file
It was found that the security auditing functionality provided by PicketBox and JBossSX, both security frameworks for Java applications, used a world-readable audit.log file to record sensitive information. A local user could possibly use this flaw to gain access to the sensitive information in t...
Important: Red Hat Security Advisory: Red Hat JBoss Operations Network 3.3.0 update
Red Hat JBoss Operations Network 3.2.3, which fixes multiple security issues and several bugs, is now available from the Red Hat Customer Portal. Red Hat Product Security has rated this update as having Important security impact. Common Vulnerability Scoring System CVSS base scores, which give...
CVE-2014-0059
JBoss SX and PicketBox, as used in Red Hat JBoss Enterprise Application Platform EAP before 6.2.3, use world-readable permissions on audit.log, which allows local users to obtain sensitive information by reading this file...
CVE-2014-0059
CVE-2014-0059 affects Red Hat JBoss EAP 6.x where JBoss SX and PicketBox leave audit.log world-readable. The issue enables local users to read sensitive data from the audit log (e.g., usernames/passwords). Red Hat addressed this in EAP 6.2.3 via RHSA-2014:0563/0564 updates; apply the JBoss EAP 6....
CVE-2014-0059
JBoss SX and PicketBox, as used in Red Hat JBoss Enterprise Application Platform EAP before 6.2.3, use world-readable permissions on audit.log, which allows local users to obtain sensitive information by reading this file...
JBossSX/PicketBox: World readable audit.log file
It was found that the security auditing functionality provided by PicketBox and JBossSX, both security frameworks for Java applications, used a world-readable audit.log file to record sensitive information. A local user could possibly use this flaw to gain access to the sensitive information in t...
Moderate: Red Hat Security Advisory: Red Hat JBoss Data Grid 6.3.0 update
Red Hat JBoss Data Grid 6.3.0, which fixes multiple security issues, various bugs, and adds enhancements, is now available from the Red Hat Customer Portal. The Red Hat Security Response Team has rated this update as having Moderate security impact. Common Vulnerability Scoring System CVSS base...
JBossSX/PicketBox: World readable audit.log file
It was found that the security auditing functionality provided by PicketBox and JBossSX, both security frameworks for Java applications, used a world-readable audit.log file to record sensitive information. A local user could possibly use this flaw to gain access to the sensitive information in t...
Low: Red Hat Security Advisory: Red Hat JBoss Enterprise Application Platform 6.2.3 update
Updated packages that provide Red Hat JBoss Enterprise Application Platform 6.2.3 and fix one security issue, several bugs, and add various enhancements are now available for Red Hat Enterprise Linux 5. The Red Hat Security Response Team has rated this update as having Low security impact. A Comm...