Lucene search
K

166 matches found

RedHat Linux
RedHat Linux
added 2019/06/10 4:44 p.m.6 views

picketlink: reflected XSS in SAMLRequest via RelayState parameter

It was found that a SAMLRequest containing a script could be processed by Picketlink versions shipped in Jboss Application Platform 7.2.x and 7.1.x. An attacker could use this to send a malicious script to achieve cross-site scripting and obtain unauthorized information or conduct further attacks...

5.4CVSS5.6AI score0.00697EPSS
Exploits0References4
RedHat Linux
RedHat Linux
added 2019/06/10 4:44 p.m.10 views

picketlink: URL injection via xinclude parameter

It was found that Picketlink as shipped with Jboss Enterprise Application Platform 7.2 would accept an xinclude parameter in SAMLresponse XML. An attacker could use this flaw to send a URL to achieve cross-site scripting or possibly conduct further attacks...

9CVSS5.6AI score0.00927EPSS
Exploits0References4
RedHat Linux
RedHat Linux
added 2019/06/10 4:41 p.m.5 views

picketlink: reflected XSS in SAMLRequest via RelayState parameter

It was found that a SAMLRequest containing a script could be processed by Picketlink versions shipped in Jboss Application Platform 7.2.x and 7.1.x. An attacker could use this to send a malicious script to achieve cross-site scripting and obtain unauthorized information or conduct further attacks...

5.4CVSS5.6AI score0.00697EPSS
Exploits0References4
RedHat Linux
RedHat Linux
added 2019/06/10 4:41 p.m.3 views

picketlink: URL injection via xinclude parameter

It was found that Picketlink as shipped with Jboss Enterprise Application Platform 7.2 would accept an xinclude parameter in SAMLresponse XML. An attacker could use this flaw to send a URL to achieve cross-site scripting or possibly conduct further attacks...

9CVSS5.6AI score0.00927EPSS
Exploits0References4
RedHat Linux
RedHat Linux
added 2019/06/10 4:39 p.m.5 views

picketlink: reflected XSS in SAMLRequest via RelayState parameter

It was found that a SAMLRequest containing a script could be processed by Picketlink versions shipped in Jboss Application Platform 7.2.x and 7.1.x. An attacker could use this to send a malicious script to achieve cross-site scripting and obtain unauthorized information or conduct further attacks...

5.4CVSS5.6AI score0.00697EPSS
Exploits0References4
RedHat Linux
RedHat Linux
added 2019/06/10 4:39 p.m.5 views

picketlink: URL injection via xinclude parameter

It was found that Picketlink as shipped with Jboss Enterprise Application Platform 7.2 would accept an xinclude parameter in SAMLresponse XML. An attacker could use this flaw to send a URL to achieve cross-site scripting or possibly conduct further attacks...

9CVSS5.6AI score0.00927EPSS
Exploits0References4
RedHat Linux
RedHat Linux
added 2019/03/04 5:36 p.m.187 views

Moderate: Red Hat Security Advisory: Red Hat JBoss Web Server 5.0 Service Pack 2 security and bug fix update

An update is now available for Red Hat JBoss Web Server 5.0 for RHEL 6 and Red Hat JBoss Web Server 5.0 for RHEL 7. Red Hat Product Security has rated this release as having a security impact of Moderate. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity ratin...

9.8CVSS7AI score0.21979EPSS
Exploits0References18
RedHat Linux
RedHat Linux
added 2019/03/04 5:35 p.m.143 views

Moderate: Red Hat Security Advisory: Red Hat JBoss Web Server 5.0 Service Pack 2 security and bug fix update

An update is now available for Red Hat JBoss Web Server 5.0 for RHEL 6 and Red Hat JBoss Web Server 5.0 for RHEL 7. Red Hat Product Security has rated this release as having a security impact of Moderate. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity ratin...

9.8CVSS7AI score0.21979EPSS
Exploits0References19
Tenable Nessus
Tenable Nessus
added 2019/01/24 12:0 a.m.53 views

RHEL 7 : Red Hat JBoss Enterprise Application Platform 7.2.0 (RHSA-2019:0137)

The remote Redhat Enterprise Linux 7 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2019:0137 advisory. This enhancement adds the new Red Hat JBoss Enterprise Application Platform 7.2.0 packages to Red Hat Enterprise Linux 7. This release serves as a...

6.5CVSS6.9AI score0.02457EPSS
Exploits0References57
BDU FSTEC
BDU FSTEC
added 2019/01/23 12:0 a.m.8 views

The vulnerability in the StaxParserUtil class of Picketlink software for managing security and application identification in Java applications allows a perpetrator to disclose protected information.

The vulnerability of the StaxParserUtil class in Picketlink software for managing security and application identification in Java applications is related to deficiencies in the processing of input data during SAML message analysis. Exploiting this vulnerability allows a malicious actor to disclos...

6.5CVSS6.7AI score0.02457EPSS
Exploits0References7Affected Software1
RedHat Linux
RedHat Linux
added 2019/01/22 4:40 p.m.135 views

Moderate: Red Hat Security Advisory: Red Hat JBoss Enterprise Application Platform 7.2.0 security update

Updated packages that provide Red Hat JBoss Enterprise Application Platform 7.2.0, fix several bugs, and add various enhancements are now available for Red Hat Enterprise Linux 6. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scorin...

6.5CVSS6.8AI score0.02457EPSS
Exploits0References54
RedHat Linux
RedHat Linux
added 2019/01/22 4:40 p.m.3 views

keycloak: SAML request parser replaces special strings with system properties

It was found that while parsing the SAML messages the StaxParserUtil class of Picketlink replaces special strings for obtaining attribute values with system property. This could allow an attacker to determine values of system properties at the attacked system by formatting the SAML request ID fie...

6.5CVSS6.6AI score0.02457EPSS
Exploits0References4
RedHat Linux
RedHat Linux
added 2019/01/22 4:30 p.m.4 views

keycloak: SAML request parser replaces special strings with system properties

It was found that while parsing the SAML messages the StaxParserUtil class of Picketlink replaces special strings for obtaining attribute values with system property. This could allow an attacker to determine values of system properties at the attacked system by formatting the SAML request ID fie...

6.5CVSS6.6AI score0.02457EPSS
Exploits0References4
Veracode
Veracode
added 2019/01/15 9:7 a.m.13 views

Authorization Bypass In The InvokeNextValue Function

The invokeNextValve function in identity/federation/bindings/tomcat/idp/AbstractIDPValve.java in PicketLink before 2.8.0.Beta1 does not properly check role based authorization, which allows remote authenticated users to gain access to restricted application resources via a 1 direct request or 2...

4CVSS6AI score0.01913EPSS
Exploits0References24Affected Software75
Veracode
Veracode
added 2019/01/15 8:56 a.m.20 views

XML External Entity (XXE)

picketlink-federation is vulnerable to XML External Entity XXE attacks. The vulnerability exists as the org.picketlink.common.util.DocumentUtil.getDocumentBuilderFactory method in PicketLink, as used in Red Hat JBoss Enterprise Application Platform JBEAP 5.2.0 and 6.2.4, expands entity references...

7.5CVSS9.5AI score0.03857EPSS
Exploits0References32Affected Software1
Tenable Nessus
Tenable Nessus
added 2018/10/04 12:0 a.m.51 views

RHEL 6 / 7 : Red Hat JBoss Web Server 5.0 Service Pack 1 (RHSA-2018:2868)

The remote Redhat Enterprise Linux 6 / 7 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2018:2868 advisory. Red Hat JBoss Web Server is a fully integrated and certified set of components for hosting Java web applications. It is comprised of the...

5.9CVSS7.1AI score0.94494EPSS
Exploits3References11
RedHat Linux
RedHat Linux
added 2018/10/03 1:54 p.m.130 views

Important: Red Hat Security Advisory: Red Hat JBoss Web Server 5.0 Service Pack 1 security and bug fix update

An update is now available for Red Hat JBoss Web Server 5.0 for RHEL 6 and Red Hat JBoss Web Server 5.0 for RHEL 7. Red Hat Product Security has rated this release as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity...

5.9CVSS7AI score0.94494EPSS
Exploits3References8
RedHat Linux
RedHat Linux
added 2018/10/03 1:42 p.m.109 views

Important: Red Hat Security Advisory: Red Hat JBoss Web Server 5.0 Service Pack 1 security and bug fix update

An update is now available for Red Hat JBoss Web Server 5.0 for RHEL 6 and Red Hat JBoss Web Server 5.0 for RHEL 7. Red Hat Product Security has rated this release as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity...

5.9CVSS7AI score0.94494EPSS
Exploits3References8
RedHat Linux
RedHat Linux
added 2018/09/24 10:11 p.m.4 views

keycloak: SAML request parser replaces special strings with system properties

It was found that while parsing the SAML messages the StaxParserUtil class of Picketlink replaces special strings for obtaining attribute values with system property. This could allow an attacker to determine values of system properties at the attacked system by formatting the SAML request ID fie...

6.5CVSS6.6AI score0.02457EPSS
Exploits0References4
RedHat Linux
RedHat Linux
added 2018/09/24 10:9 p.m.112 views

Important: Red Hat Security Advisory: Red Hat JBoss Enterprise Application Platform 6.4.21 security update

An update is now available for Red Hat JBoss Enterprise Application Platform 6.4 for Red Hat Enterprise Linux 5. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, ...

7.5CVSS7.2AI score0.20599EPSS
Exploits0References19
Rows per page
Query Builder