30 matches found
Moderate: Red Hat Security Advisory: Red Hat JBoss Enterprise Application Platform 7.2.0 security update
Updated packages that provide Red Hat JBoss Enterprise Application Platform 7.2.0, fix several bugs, and add various enhancements are now available for Red Hat Enterprise Linux 6. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scorin...
GHSA-C77R-6F64-478Q keycloak-core discloses system properties
It was found that while parsing the SAML messages the StaxParserUtil class of keycloak before 2.5.1 replaces special strings for obtaining attribute values with system property. This could allow an attacker to determine values of system properties at the attacked system by formatting the SAML...
RHEL 7 : Red Hat JBoss Enterprise Application Platform 6.4.21 (RHSA-2018:2741)
The remote Redhat Enterprise Linux 7 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2018:2741 advisory. Red Hat JBoss Enterprise Application Platform is a platform for Java applications based on the JBoss Application Server. This release of Red...
keycloak: SAML request parser replaces special strings with system properties
It was found that while parsing the SAML messages the StaxParserUtil class of Picketlink replaces special strings for obtaining attribute values with system property. This could allow an attacker to determine values of system properties at the attacked system by formatting the SAML request ID fie...
CVE-2017-2582
It was found that while parsing the SAML messages the StaxParserUtil class of keycloak before 2.5.1 replaces special strings for obtaining attribute values with system property. This could allow an attacker to determine values of system properties at the attacked system by formatting the SAML...
RHEL 6 : jboss-ec2-eap security, update for EAP 6.4.18 (Moderate) (RHSA-2017:3219)
The remote Redhat Enterprise Linux 6 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2017:3219 advisory. The jboss-ec2-eap packages provide scripts for Red Hat JBoss Enterprise Application Platform running on the Amazon Web Services AWS Elastic Compute...
RHEL 6 : Red Hat JBoss Enterprise Application Platform (RHSA-2017:2809)
The remote Redhat Enterprise Linux 6 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2017:2809 advisory. Red Hat JBoss Enterprise Application Platform is a platform for Java applications based on the JBoss Application Server. This release of Red...
CVE-2016-7467
The TMM SSO plugin in F5 BIG-IP APM 12.0.0 - 12.1.1, 11.6.0 - 11.6.1 HF1, 11.5.4 - 11.5.4 HF2, when configured as a SAML Identity Provider with a Service Provider SP connector, might allow traffic to be disrupted or failover initiated when a malformed, signed SAML authentication request from an...
ForgeRock OpenAM - Access Management XML External Entity Injection Vulnerability
ForgeRock OpenAM - Access Management is the United States ForgeRock company's set of open source single sign-on framework SSO, which provides a core identity services Core Server to achieve a transparent single sign-on in a network architecture such as centralized, distributed single sign-on. An...
CVE-2016-10097
XML External Entity XXE Vulnerability in /SSOPOST/metaAlias/%realm%/idpv2 in OpenAM - Access Management 10.1.0 allows remote attackers to read arbitrary files via the SAMLRequest parameter...