Remoting: DoS by file descriptor exhaustion

The org.jboss.remoting.transport.socket.ServerThread class in Red Hat JBoss Remoting for Red Hat JBoss SOA Platform 5.3.1 GA, Web Platform 5.2.0, Enterprise Application Platform 5.2.0, and other products allows remote attackers to cause a denial of service file descriptor consumption via...

Moderate: Red Hat Security Advisory: jboss-remoting security update

An update for the JBoss Remoting component of Red Hat JBoss Enterprise Application Platform 5.2.0 that fixes one security issue is now available from the Red Hat Customer Portal. The Red Hat Security Response Team has rated this update as having moderate security impact. A Common Vulnerability...

Moderate: Red Hat Security Advisory: jboss-remoting security update

An update for the JBoss Remoting component of Red Hat JBoss Web Platform 5.2.0 that fixes one security issue is now available from the Red Hat Customer Portal. The Red Hat Security Response Team has rated this update as having moderate security impact. A Common Vulnerability Scoring System CVSS...

Remoting: DoS by file descriptor exhaustion

The org.jboss.remoting.transport.socket.ServerThread class in Red Hat JBoss Remoting for Red Hat JBoss SOA Platform 5.3.1 GA, Web Platform 5.2.0, Enterprise Application Platform 5.2.0, and other products allows remote attackers to cause a denial of service file descriptor consumption via...

Remoting: DoS by file descriptor exhaustion

The org.jboss.remoting.transport.socket.ServerThread class in Red Hat JBoss Remoting for Red Hat JBoss SOA Platform 5.3.1 GA, Web Platform 5.2.0, Enterprise Application Platform 5.2.0, and other products allows remote attackers to cause a denial of service file descriptor consumption via...

Moderate: Red Hat Security Advisory: jboss-remoting security update

An updated jboss-remoting package that fixes one security issue is now available for Red Hat JBoss Web Platform 5.2.0 for Red Hat Enterprise Linux 4, 5, and 6. The Red Hat Security Response Team has rated this update as having moderate security impact. A Common Vulnerability Scoring System CVSS...

Moderate: Red Hat Security Advisory: jboss-remoting security update

An updated jboss-remoting package that fixes one security issue is now available for Red Hat JBoss Enterprise Application Platform 5.2.0 for Red Hat Enterprise Linux 4, 5, and 6. The Red Hat Security Response Team has rated this update as having moderate security impact. A Common Vulnerability...

JBoss Enterprise Application Platform Remote-Naming连接处理验证绕过漏洞

CVE ID:CVE-2013-4218 JBOSS是一个基于J2EE的开放源代码的应用服务器 通过remote-naming把已验证连接缓存在服务器上时存在一个漏洞，在用户成功登录后，远程攻击者可使用remoting客户端需要密码以该用户身份登录，允许以该用户上下文执行任意操作或访问数据 0 JBoss Enterprise Application Platform 6.1.0 厂商解决方案 用户可参考如下厂商提供的安全公告获得补丁信息： http://rhn.redhat.com/errata/RHSA-2013-1151.html...

remote-naming: Session fixation due improper connection caching

Red Hat JBoss Enterprise Application Platform EAP 6.1.0 does not properly cache EJB invocations by remote-naming, which allows remote attackers to hijack sessions by using a remoting client...

Code injection

The JMX Remoting functionality in Apache Geronimo 3.x before 3.0.1, as used in IBM WebSphere Application Server WAS Community Edition 3.0.0.3 and other products, does not properly implement the RMI classloader, which allows remote attackers to execute arbitrary code by using the JMX connector to...

CVE-2013-1777

The JMX Remoting functionality in Apache Geronimo 3.x before 3.0.1, as used in IBM WebSphere Application Server WAS Community Edition 3.0.0.3 and other products, does not properly implement the RMI classloader, which allows remote attackers to execute arbitrary code by using the JMX connector to...

CVE-2013-1777

The CVE-2013-1777 issue is concrete: Apache Geronimo 3.x (notably in WebSphere Application Server Community Edition 3.0.0.3) exposes an RMI classloader misconfiguration that allows remote attackers to execute arbitrary code by sending a crafted serialized object through JMX. The root cause is imp...

CVE-2013-1777

The JMX Remoting functionality in Apache Geronimo 3.x before 3.0.1, as used in IBM WebSphere Application Server WAS Community Edition 3.0.0.3 and other products, does not properly implement the RMI classloader, which allows remote attackers to execute arbitrary code by using the JMX connector to...

Verax NMS Password Replay Attack (CVE-2013-1351)

Verax NMS Password Replay Attack CVE-2013-1351 I. BACKGROUND ---------------------- Verax NMS provides a service-oriented, unified management & monitoring of networks, applications and infrastructure enabling quick problem detection, root-cause analysis, reporting and automating recovery, reducin...

Verax NMS - Multiple Method Authentication Bypass

source: https://www.securityfocus.com/bid/58334/info Verax NMS is prone to multiple security-bypass and information disclosure vulnerabilities. Attackers can exploit these issues to bypass certain security restrictions, perform unauthorized actions, and obtain sensitive information; this may aid ...

RHEL 5 : jboss-remoting (RHSA-2010:0964)

The remote Redhat Enterprise Linux 5 host has a package installed that is affected by a vulnerability as referenced in the RHSA-2010:0964 advisory. JBoss Remoting is a framework for building distributed applications in Java. The JBoss Enterprise Application Platform 4.3.0.CP09 updates...

RHEL 4 : JBoss EAP (RHSA-2010:0937)

Updated JBoss Enterprise Application Platform JBEAP 4.3 packages that fix three security issues and multiple bugs are now available for Red Hat Enterprise Linux 4 as JBEAP 4.3.0.CP09. The Red Hat Security Response Team has rated this update as having important security impact. Common Vulnerabilit...

RHEL 4 : JBoss EAP (RHSA-2010:0959)

Updated JBoss Enterprise Application Platform 5.1 packages that fix one security issue and various bugs are now available for Red Hat Enterprise Linux 4. The Red Hat Security Response Team has rated this update as having low security impact. A Common Vulnerability Scoring System CVSS base score,...

RHEL 5 : JBoss Enterprise Application Platform 4.3.0.CP09 update (Important) (RHSA-2010:0938)

The remote Redhat Enterprise Linux 5 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2010:0938 advisory. JBoss Enterprise Application Platform is the market leading platform for innovative and scalable Java applications; integrating the JBoss...

CVE-2011-2894: Spring Framework and Spring Security serialization-based remoting vulnerabilities

CVE-2011-2894: Spring Framework and Spring Security serialization-based remoting vulnerabilities Severity: Critical Versions Affected: Spring Framework: 3.0.0 to 3.0.5 Spring Security: 2.0.0 to 2.0.6 3.0.0 to 3.0.5 Earlier versions may also be affected Description: Several issues have been report...