917 matches found
Important: Red Hat Security Advisory: JBoss Enterprise Application Platform 4.3.0.CP05 update
Updated JBoss Enterprise Application Platform JBEAP 4.3 packages that fix various issues are now available for Red Hat Enterprise Linux 5 as JBEAP 4.3.0.CP05. This update has been rated as having important security impact by the Red Hat Security Response Team. JBoss Enterprise Application Platfor...
XOOPS <= 2.3.3 Remote File Disclosure Vulnerability (.htaccess)
No description provided by source. ======================================================================== XOOPS = 2.3.3 Remote Arbitrary File Retrieval ======================================================================== Affected Software : XOOPS = 2.3.3 Author : Luca "daath" De Fulgentis -...
RedHat Security Advisory RHSA-2009:1067
The remote host is missing updates announced in advisory RHSA-2009:1067. Red Hat Application Stack v2.3 is an integrated open source application stack, that includes Red Hat Enterprise Linux 5 and JBoss Enterprise Application Platform EAP. JBoss EAP is provided through the JBoss EAP channels on t...
RedHat Security Advisory RHSA-2009:1067
The remote host is missing updates announced in advisory RHSA-2009:1067. Red Hat Application Stack v2.3 is an integrated open source application stack, that includes Red Hat Enterprise Linux 5 and JBoss Enterprise Application Platform EAP. JBoss EAP is provided through the JBoss EAP channels on t...
CVE-2009-0027
The request handler in JBossWS in JBoss Enterprise Application Platform aka JBoss EAP or JBEAP 4.2 before 4.2.0.CP06 and 4.3 before 4.3.0.CP04 does not properly validate the resource path during a request for a WSDL file with a custom web-service endpoint, which allows remote attackers to read...
Moderate: Red Hat Security Advisory: JBoss Enterprise Application Platform 4.2.0CP06 update
Updated JBoss Enterprise Application Platform JBoss EAP 4.2 packages that fix various issues are now available for Red Hat Enterprise Linux 4 as JBEAP 4.2.0.CP06. This update has been rated as having moderate security impact by the Red Hat Security Response Team. JBoss Enterprise Application...
JBoss EAP unprivileged local xml file access
The request handler in JBossWS in JBoss Enterprise Application Platform aka JBoss EAP or JBEAP 4.2 before 4.2.0.CP06 and 4.3 before 4.3.0.CP04 does not properly validate the resource path during a request for a WSDL file with a custom web-service endpoint, which allows remote attackers to read...
JBossEAP allows download of non-EJB class files
The default configuration of the JBossAs component in Red Hat JBoss Enterprise Application Platform aka JBossEAP or EAP, possibly 4.2 before CP04 and 4.3 before CP02, when a production environment is enabled, sets the DownloadServerClasses property to true, which allows remote attackers to obtain...
Low: Red Hat Security Advisory: JBoss Enterprise Application Platform 4.2.0CP04 security update
Updated JBoss Enterprise Application Platform JBEAP 4.2 packages that fix various security issues are now available for Red Hat Enterprise Linux 5 as JBEAP 4.2.0.CP04. This update has been rated as having low security impact by the Red Hat Security Response Team. JBoss Enterprise Application...
Low: Red Hat Security Advisory: JBoss Enterprise Application Platform 4.2.0CP04 security update
Updated JBoss Enterprise Application Platform JBEAP 4.2 packages that fix various security issues are now available for Red Hat Enterprise Linux 4 as JBEAP 4.2.0.CP04. This update has been rated as having low security impact by the Red Hat Security Response Team. JBoss Enterprise Application...
JBossEAP allows download of non-EJB class files
The default configuration of the JBossAs component in Red Hat JBoss Enterprise Application Platform aka JBossEAP or EAP, possibly 4.2 before CP04 and 4.3 before CP02, when a production environment is enabled, sets the DownloadServerClasses property to true, which allows remote attackers to obtain...
CVE-2008-3273
JBoss Enterprise Application Platform aka JBossEAP or EAP before 4.2.0.CP03, and 4.3.0 before 4.3.0.CP01, allows remote attackers to obtain sensitive information about "deployed web contexts" via a request to the status servlet, as demonstrated by a full=true query string...
CVE-2008-3273
JBoss Enterprise Application Platform aka JBossEAP or EAP before 4.2.0.CP03, and 4.3.0 before 4.3.0.CP01, allows remote attackers to obtain sensitive information about "deployed web contexts" via a request to the status servlet, as demonstrated by a full=true query string...
JBoss Enterprise Application Platform信息泄漏漏洞
BUGTRAQ ID: 30540 CVE ID:CVE-2008-3273 CVE-2008-1285 CNCVE ID:CNCVE-20083273 CNCVE-20081285 JBoss Enterprise Application Platform是一款企业级应用平台。 JBoss Enterprise Application Platform存在信息泄漏问题,远程攻击者可以利用漏洞获得配置的WEB上下文,或进行跨站脚本攻击。 -JavaServer Faces JSF组件存在多个跨站脚本攻击,可导致注入任意WEB脚本或HTML。...
Moderate: Red Hat Security Advisory: JBoss Enterprise Application Platform 4.2.0.CP03 security update
Updated JBoss Enterprise Application Platform JBoss EAP packages that resolve several security issues are now available for Red Hat Enterprise Linux 4. This update has been rated as having moderate security impact by the Red Hat Security Response Team. JBoss EAP is a middleware platform for Java ...
JBossEAP status servlet info leak
JBoss Enterprise Application Platform aka JBossEAP or EAP before 4.2.0.CP03, and 4.3.0 before 4.3.0.CP01, allows remote attackers to obtain sensitive information about "deployed web contexts" via a request to the status servlet, as demonstrated by a full=true query string...
Moderate: Red Hat Security Advisory: JBoss Enterprise Application Platform 4.2.0CP02 security update
Updated JBoss Enterprise Application Platform JBEAP packages that fix several security issues are now available. This update has been rated as having moderate security impact by the Red Hat Security Response Team. JBoss Enterprise Application Platform JBEAP is a middleware platform for Java 2...