Moderate: Red Hat Security Advisory: Red Hat JBoss Web Framework Kit 2.5.0 security update

An update for the seam-remoting component of Red Hat JBoss Web Framework Kit 2.5.0 that fixes one security issue is now available from the Red Hat Customer Portal. The Red Hat Security Response Team has rated this update as having Moderate security impact. A Common Vulnerability Scoring System CV...

Red Hat JBoss Seam Framework XXE Information Disclosure (CVE-2013-6447)

An information disclosure vulnerability has been reported in Red Hat JBoss Seam Framework. The vulnerability is due to an incorrectly configured XML parser accepting XML eXternal Entities XXE from untrusted sources being used by the ExecutionHandler, PollHandler, and SubscriptionHandler classes...

Xxe

Multiple XML External Entity XXE vulnerabilities in the 1 ExecutionHandler, 2 PollHandler, and 3 SubscriptionHandler classes in JBoss Seam Remoting in JBoss Seam 2 framework 2.3.1 and earlier, as used in JBoss Web Framework Kit, allow remote attackers to read arbitrary files and possibly have oth...

Input validation

The InterfaceGenerator handler in JBoss Seam Remoting in JBoss Seam 2 framework 2.3.1 and earlier, as used in JBoss Web Framework Kit, allows remote attackers to bypass the WebRemote annotation restriction and obtain information about arbitrary classes and methods on the server classpath via...

CVE-2013-6448

The InterfaceGenerator handler in JBoss Seam Remoting in JBoss Seam 2 framework 2.3.1 and earlier, as used in JBoss Web Framework Kit, allows remote attackers to bypass the WebRemote annotation restriction and obtain information about arbitrary classes and methods on the server classpath via...

CVE-2013-6447

The CVE-2013-6447 issue affects Red Hat JBoss Web Framework Kit 2.4.0, where the seam-remoting components (ExecutionHandler, PollHandler, SubscriptionHandler) unmarshalled untrusted XML and processed external entities, enabling an attacker to read files on the server. Red Hat’s advisory RHSA-2014...

CVE-2013-6447

Multiple XML External Entity XXE vulnerabilities in the 1 ExecutionHandler, 2 PollHandler, and 3 SubscriptionHandler classes in JBoss Seam Remoting in JBoss Seam 2 framework 2.3.1 and earlier, as used in JBoss Web Framework Kit, allow remote attackers to read arbitrary files and possibly have oth...

Moderate: Red Hat Security Advisory: Red Hat JBoss Web Framework Kit 2.4.0 update

An update for the seam-remoting component of Red Hat JBoss Web Framework Kit 2.4.0 that fixes two security issues is now available from the Red Hat Customer Portal. The Red Hat Security Response Team has rated this update as having moderate security impact. A Common Vulnerability Scoring System...

Seam: XML eXternal Entity (XXE) flaw in remoting

Multiple XML External Entity XXE vulnerabilities in the 1 ExecutionHandler, 2 PollHandler, and 3 SubscriptionHandler classes in JBoss Seam Remoting in JBoss Seam 2 framework 2.3.1 and earlier, as used in JBoss Web Framework Kit, allow remote attackers to read arbitrary files and possibly have oth...

Seam: Information disclosure in remoting

The InterfaceGenerator handler in JBoss Seam Remoting in JBoss Seam 2 framework 2.3.1 and earlier, as used in JBoss Web Framework Kit, allows remote attackers to bypass the WebRemote annotation restriction and obtain information about arbitrary classes and methods on the server classpath via...

Important: Red Hat Security Advisory: Red Hat JBoss Operations Network 3.1.2 update

An update for Red Hat JBoss Operations Network 3.1.2 that fixes multiple security issues is now available from the Red Hat Customer Portal. The Red Hat Security Response Team has rated this update as having important security impact. A Common Vulnerability Scoring System CVSS base score, which...

Remoting: DoS by file descriptor exhaustion

The org.jboss.remoting.transport.socket.ServerThread class in Red Hat JBoss Remoting for Red Hat JBoss SOA Platform 5.3.1 GA, Web Platform 5.2.0, Enterprise Application Platform 5.2.0, and other products allows remote attackers to cause a denial of service file descriptor consumption via...

RHEL 6 : jboss-remoting (RHSA-2013:1370)

The remote Redhat Enterprise Linux 6 host has a package installed that is affected by a vulnerability as referenced in the RHSA-2013:1370 advisory. JBoss Remoting is a framework for building distributed applications in Java. A denial of service flaw was found in the implementation of the...

CVE-2013-4210

The org.jboss.remoting.transport.socket.ServerThread class in Red Hat JBoss Remoting for Red Hat JBoss SOA Platform 5.3.1 GA, Web Platform 5.2.0, Enterprise Application Platform 5.2.0, and other products allows remote attackers to cause a denial of service file descriptor consumption via...

CVE-2013-4210

CVE-2013-4210 is a DoS flaw in org.jboss.remoting.transport.socket.ServerThread within Red Hat JBoss Remoting used by JBoss SOA Platform 5.3.1 GA, Web Platform 5.2.0, EAP 5.2.0, and related products. The issue allows remote attackers to exhaust file descriptors, preventing legitimate connections,...

RHEL 4 / 5 / 6 : jboss-remoting (RHSA-2013:1369)

An updated jboss-remoting package that fixes one security issue is now available for Red Hat JBoss Enterprise Application Platform 5.2.0 for Red Hat Enterprise Linux 4, 5, and 6. The Red Hat Security Response Team has rated this update as having moderate security impact. A Common Vulnerability...

Remoting: DoS by file descriptor exhaustion

The org.jboss.remoting.transport.socket.ServerThread class in Red Hat JBoss Remoting for Red Hat JBoss SOA Platform 5.3.1 GA, Web Platform 5.2.0, Enterprise Application Platform 5.2.0, and other products allows remote attackers to cause a denial of service file descriptor consumption via...

Moderate: Red Hat Security Advisory: jboss-remoting security update

An update for the JBoss Remoting component of Red Hat JBoss SOA Platform 5.3.1 GA that fixes one security issue is now available from the Red Hat Customer Portal. The Red Hat Security Response Team has rated this update as having moderate security impact. A Common Vulnerability Scoring System CVS...

Moderate: Red Hat Security Advisory: jboss-remoting security update

An update for the JBoss Remoting component of Red Hat JBoss BRMS 5.3.1 that fixes one security issue is now available from the Red Hat Customer Portal. The Red Hat Security Response Team has rated this update as having moderate security impact. A Common Vulnerability Scoring System CVSS base scor...

Remoting: DoS by file descriptor exhaustion

The org.jboss.remoting.transport.socket.ServerThread class in Red Hat JBoss Remoting for Red Hat JBoss SOA Platform 5.3.1 GA, Web Platform 5.2.0, Enterprise Application Platform 5.2.0, and other products allows remote attackers to cause a denial of service file descriptor consumption via...