RHEL 5 : JBoss EAP (RHSA-2014:0564)

Updated packages that provide Red Hat JBoss Enterprise Application Platform 6.2.3 and fix one security issue, several bugs, and add various enhancements are now available for Red Hat Enterprise Linux 5. The Red Hat Security Response Team has rated this update as having Low security impact. A Comm...

JBossSX/PicketBox: World readable audit.log file

It was found that the security auditing functionality provided by PicketBox and JBossSX, both security frameworks for Java applications, used a world-readable audit.log file to record sensitive information. A local user could possibly use this flaw to gain access to the sensitive information in t...

Low: Red Hat Security Advisory: Red Hat JBoss Enterprise Application Platform 6.2.3 update

Updated packages that provide Red Hat JBoss Enterprise Application Platform 6.2.3 and fix one security issue, several bugs, and add various enhancements are now available for Red Hat Enterprise Linux 6. The Red Hat Security Response Team has rated this update as having Low security impact. A Comm...

JBossSX/PicketBox: World readable audit.log file

It was found that the security auditing functionality provided by PicketBox and JBossSX, both security frameworks for Java applications, used a world-readable audit.log file to record sensitive information. A local user could possibly use this flaw to gain access to the sensitive information in t...

RHEL 5 : Red Hat JBoss Enterprise Application Platform 6.2.2 update (Moderate) (RHSA-2014:0343)

The remote Redhat Enterprise Linux 5 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2014:0343 advisory. - tomcat: multiple content-length header poisoning flaws CVE-2013-4286 - PicketBox/JBossSX: Unauthorized access to and modification of...

PicketBox/JBossSX: Unauthorized access to and modification of application server configuration and state by application

It was identified that PicketBox/JBossSX allowed any deployed application to alter or read the underlying application server configuration and state without any authorization checks. An attacker able to deploy applications could use this flaw to circumvent security constraints applied to other...

JBoss Enterprise Application Platform 6.1.1 Update (RHSA-2013:1209)

The version of JBoss Enterprise Application Platform installed on the remote system is affected by the following issues : - Flaws in the modinfo, modstatus, modimagemap, modldap, and modproxyftp modules can allow an attacker to perform cross-site scripting XSS attacks. CVE-2012-3499 - Flaws in th...

JBoss Portal 6.1.0 Update (RHSA-2013:1437)

The version of JBoss Enterprise Portal Platform on the remote system is affected by the following issues: - A flaw in CSRF prevention filter in JBoss Web could allow remote attackers to bypass the cross-site request forgery CSRF protection mechanism via a request that lacks a session identifier...

PicketBox: Insecure storage of masked passwords

PicketBox, as used in Red Hat JBoss Enterprise Application Platform before 6.1.1, allows local users to obtain the admin encryption key by reading the Vault data file...

Important: Red Hat Security Advisory: Red Hat JBoss Data Grid 6.2.0 update

Red Hat JBoss Data Grid 6.2.0, which fixes multiple security issues, various bugs, and adds enhancements, is now available from the Red Hat Customer Portal. The Red Hat Security Response Team has rated this update as having important security impact. Common Vulnerability Scoring System CVSS base...

PicketBox: Insecure storage of masked passwords

PicketBox, as used in Red Hat JBoss Enterprise Application Platform before 6.1.1, allows local users to obtain the admin encryption key by reading the Vault data file...

CVE-2013-1921

PicketBox, as used in Red Hat JBoss Enterprise Application Platform before 6.1.1, allows local users to obtain the admin encryption key by reading the Vault data file...

Input validation

PicketBox, as used in Red Hat JBoss Enterprise Application Platform before 6.1.1, allows local users to obtain the admin encryption key by reading the Vault data file...

CVE-2013-1921

PicketBox, as used in Red Hat JBoss Enterprise Application Platform before 6.1.1, allows local users to obtain the admin encryption key by reading the Vault data file...

CVE-2013-1921

CVE-2013-1921 affects PicketBox data vault in Red Hat JBoss Enterprise Application Platform (EAP) 6.1.x prior to 6.1.1. A local attacker can read the Vault data file and obtain the admin encryption key, exposing encrypted credentials. The issue is reported in multiple advisories (e.g., RHSA-2013:...

RHEL 5 : Red Hat JBoss Enterprise Application Platform 6.1.1 update (Moderate) (RHSA-2013:1207)

The remote Redhat Enterprise Linux 5 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2013:1207 advisory. Red Hat JBoss Enterprise Application Platform 6 is a platform for Java applications based on JBoss Application Server 7. This release serves...

RHEL 6 : Red Hat JBoss Enterprise Application Platform 6.1.1 update (Moderate) (RHSA-2013:1208)

The remote Redhat Enterprise Linux 6 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2013:1208 advisory. Red Hat JBoss Enterprise Application Platform 6 is a platform for Java applications based on JBoss Application Server 7. This release serves...

PicketBox: Insecure storage of masked passwords

PicketBox, as used in Red Hat JBoss Enterprise Application Platform before 6.1.1, allows local users to obtain the admin encryption key by reading the Vault data file...

PicketBox: Insecure storage of masked passwords

PicketBox, as used in Red Hat JBoss Enterprise Application Platform before 6.1.1, allows local users to obtain the admin encryption key by reading the Vault data file...

Moderate: Red Hat Security Advisory: Red Hat JBoss Enterprise Application Platform 6.1.1 update

Red Hat JBoss Enterprise Application Platform 6.1.1, which fixes multiple security issues, various bugs, and adds enhancements, is now available for Red Hat Enterprise Linux 6. The Red Hat Security Response Team has rated this update as having moderate security impact. Common Vulnerability Scorin...