Low: Red Hat Security Advisory: JBoss Application Server security update

Updated versions of JBoss Application Server that fix a security issue are now available. This update has been rated as having low security impact by the Red Hat Security Response Team. The JBoss Application Server is a powerful J2EE application server. A flaw was found in the JMX Console...

security flaw

The Access Control functionality JMXOpsAccessControlFilter in JMX Console in JBoss Application Server 4.0.2 and 4.0.5 before 20070416 uses a member variable to store the roles of the current user, which allows remote authenticated administrators to trigger a race condition and gain privileges by...

Code injection

Unspecified vulnerability in the Servlet Engine/Web Container in IBM WebSphere Application Server WAS before 6.1.0.7 has unknown impact and attack vectors...

CVE-2007-1945

Unspecified vulnerability in the Servlet Engine/Web Container in IBM WebSphere Application Server WAS before 6.1.0.7 has unknown impact and attack vectors...

CVE-2007-1944

The CVE-2007-1944 entry affects IBM WebSphere Application Server (WAS) JMS prior to 6.1.0.7. The vulnerability stems from a double release of a bytebuffer input stream, possibly causing a double-free and denial of service (partial availability impact). Affected product/version: WebSphere Applicat...

Oracle Application Server DMS跨站脚本漏洞

Oracle Application Server是一款商业性质的应用服务程序。 Oracle Application Server不正确过滤用户提交的输入，远程攻击者可以利用漏洞进行跨站脚本攻击，获得敏感信息。 问题存在于Oracle动态监视服务中，其中脚本'spy'对用户提交的参数缺少过滤。提交恶意脚本代码作为参数数据，诱使用户访问，可获得目标用户敏感信息。 Oracle Application Server Release 2 10.1.2 .0.2 Oracle Application Server Release 2 10.1.2 .0.1 Oracle Application...

CVE-2007-1609

Cross-site scripting XSS vulnerability in servlet/Spy in Dynamic Monitoring Services DMS in Oracle Application Server OAS 10g 10.1.2.0.0 allows remote attackers to inject arbitrary web script or HTML via the table parameter. NOTE: This may be related to CVE-2002-0563...

Cross site scripting

Cross-site scripting XSS vulnerability in servlet/Spy in Dynamic Monitoring Services DMS in Oracle Application Server OAS 10g 10.1.2.0.0 allows remote attackers to inject arbitrary web script or HTML via the table parameter. NOTE: This may be related to CVE-2002-0563...

CVE-2007-1609

Cross-site scripting XSS vulnerability in servlet/Spy in Dynamic Monitoring Services DMS in Oracle Application Server OAS 10g 10.1.2.0.0 allows remote attackers to inject arbitrary web script or HTML via the table parameter. NOTE: This may be related to CVE-2002-0563...

CVE-2007-1608

CVE-2007-1608 affects IBM WebSphere Application Server (WAS) 6.0.x prior to 6.0.2.19. The root cause is a CRLF injection in input handling that allows remote attackers to inject arbitrary HTTP headers and perform HTTP response splitting. Impact is exposure of manipulated response headers with pot...

CVE-2007-1609

CVE-2007-1609 is a cross-site scripting (XSS) vulnerability in Oracle Application Server 10g (DMS), specifically in servlet/Spy of Dynamic Monitoring Services. Exploitation involves injecting arbitrary script/HTML via the table parameter. The description notes a possible relation to CVE-2002-0563...

Interstage Application Server未明跨站脚本漏洞

Interstage Application Server是一款企业级电子商务解决方案。 Interstage Application Server不正确过滤用户提交的输入，远程攻击者可以利用漏洞进行跨站脚本攻击，获得敏感信息。 目前没有详细漏洞细节提供。 Fujitsu INTERSTAGE Studio Standard-J Edition 8.0.1 Fujitsu INTERSTAGE Studio Enterprise Edition 8.0.1 Fujitsu INTERSTAGE Job Workload Server 8.1 Fujitsu INTERSTAGE...

CVE-2006-7166

IBM WebSphere Application Server WAS 5.1.1.9 and earlier allows remote attackers to obtain JSP source code and other sensitive information via "a specific JSP URL."...

CVE-2006-7164

SimpleFileServlet in IBM WebSphere Application Server 5.0.1 through 5.0.2.7 on Linux and UNIX does not block certain invalid URIs and does not issue a security challenge, which allows remote attackers to read secure files and obtain sensitive information via certain requests...

CVE-2006-7165

IBM WebSphere Application Server WAS 5.0 through 5.1.1.0 allows remote attackers to obtain JSP source code and other sensitive information via certain "special URIs."...

CVE-2006-7166

CVE-2006-7166 affects IBM WebSphere Application Server (WAS) 5.1.1.9 and earlier. A remote attacker can obtain JSP source code and other sensitive information through a specific JSP URL. The provided documents do not specify the root cause details beyond this access to JSP content, nor do they in...

CVE-2005-4833

The affected product is IBM WebSphere Application Server 6.0 prior to 20050201, vulnerable when serving pages in an Application WAR or an Extended Document Root. The root cause is lack of URL normalization, allowing remote attackers to access the JSP source code and other sensitive information vi...

CVE-2006-7165

IBM WebSphere Application Server (WAS) 5.0–5.1.1.0 is affected by CVE-2006-7165, allowing remote attackers to obtain JSP source code and other sensitive information through certain "special URIs." The provided documents do not specify a root cause in detail, nor any remediation steps or exploit s...

CVE-2005-4834

CVE-2005-4834 affects IBM WebSphere Application Server (WAS) 5.0.2.5 through 5.1.1.3, where incorrect request processing by the web container allows remote attackers to obtain JSP source code and other sensitive information. The underlying issue is in the web container’s handling of requests, ena...

CVE-2006-7164

CVE-2006-7164 concerns IBM WebSphere Application Server 5.0.1–5.0.2.7 on Linux/UNIX. The issue is in SimpleFileServlet, which does not block certain invalid URIs and does not issue a security challenge, enabling remote attackers to read secure files and obtain sensitive information via certain re...