34 matches found
Attack of the Killer ROBOT
On Dec 12th, 2017, researchers Hanno Böck, Juraj Somorovsky and Craig Young published a paper detailing an attack they called the Return Of Bleichenbacher's Oracle Threat ROBOT. This attack, as the name implies, is an extension of an attack published in 1998 that affects systems using certain...
Plaintext Message Recovery
aescrypt uses an insecure cipher. The library uses the unauthenticated encryption mode CBC encryption which is vulnerable to ciphertext attacks allowing attackers to make undetectable changes to the plaintext...
Phabricator: Phabricator is vulnerable to padding oracle attacks and chosen-ciphertext attacks.
Dear Phabricator bug bounty team, Summary --- Phabricator encrypts data with AES in CBC mode, but does not ensure integrity of the encrypted data. You must authenticate the data, by either using an HMAC or by using an authenticated block cipher mode like GCM. Why does this vulnerability exist? --...
RHEL 6 : JBoss EWP (RHSA-2013:0195)
Updated JBoss Enterprise Web Platform 5.2.0 packages that fix multiple security issues, various bugs, and add several enhancements are now available for Red Hat Enterprise Linux 6. The Red Hat Security Response Team has rated this update as having important security impact. Common Vulnerability...
RHEL 4 : JBoss EWP (RHSA-2013:0197)
Updated JBoss Enterprise Web Platform 5.2.0 packages that fix multiple security issues, various bugs, and add several enhancements are now available for Red Hat Enterprise Linux 4. The Red Hat Security Response Team has rated this update as having important security impact. Common Vulnerability...
Important: Red Hat Security Advisory: JBoss Web Services security update
An update for the JBoss Web Services component in JBoss Enterprise SOA Platform 4.3 CP05 and JBoss Enterprise Portal Platform 4.3 CP07 which fixes one security issue is now available from the Red Hat Customer Portal. The Red Hat Security Response Team has rated this update as having important...
Important: Red Hat Security Advisory: JBoss Enterprise Application Platform 4.3.0 CP10 security update
An update for the JBoss Web Services component in JBoss Enterprise Application Platform 4.3.0 CP10 which fixes one security issue is now available from the Red Hat Customer Portal. The Red Hat Security Response Team has rated this update as having important security impact. A Common Vulnerability...
Important: Red Hat Security Advisory: JBoss Enterprise BRMS Platform 5.3.1 update
JBoss Enterprise BRMS Platform 5.3.1, which fixes multiple security issues, various bugs, and adds enhancements, is now available from the Red Hat Customer Portal. The Red Hat Security Response Team has rated this update as having important security impact. Common Vulnerability Scoring System CVS...
Important: Red Hat Security Advisory: JBoss Enterprise Web Platform 5.2.0 update
JBoss Enterprise Web Platform 5.2.0, which fixes multiple security issues, various bugs, and adds several enhancements, is now available from the Red Hat Customer Portal. The Red Hat Security Response Team has rated this update as having important security impact. Common Vulnerability Scoring...
Important: Red Hat Security Advisory: JBoss Enterprise Application Platform 5.2.0 update
Updated JBoss Enterprise Application Platform 5.2.0 packages that fix multiple security issues, various bugs, and add several enhancements are now available for Red Hat Enterprise Linux 5. The Red Hat Security Response Team has rated this update as having important security impact. Common...
Important: Red Hat Security Advisory: JBoss Enterprise Application Platform 5.2.0 update
JBoss Enterprise Application Platform 5.2.0, which fixes multiple security issues, various bugs, and adds several enhancements, is now available from the Red Hat Customer Portal. The Red Hat Security Response Team has rated this update as having important security impact. Common Vulnerability...
RHEL 5 : JBoss EAP (RHSA-2013:0192)
Updated JBoss Enterprise Application Platform 5.2.0 packages that fix multiple security issues, various bugs, and add several enhancements are now available for Red Hat Enterprise Linux 5. The Red Hat Security Response Team has rated this update as having important security impact. Common...
RHEL 4 : JBoss EAP (RHSA-2013:0193)
Updated JBoss Enterprise Application Platform 5.2.0 packages that fix multiple security issues, various bugs, and add several enhancements are now available for Red Hat Enterprise Linux 4. The Red Hat Security Response Team has rated this update as having important security impact. Common...
Important: Red Hat Security Advisory: JBoss Enterprise Portal Platform 5.2.2 security update
An update for the JBoss Web Services component in JBoss Enterprise Portal Platform 5.2.2 that fixes one security issue is now available from the Red Hat Customer Portal. The Red Hat Security Response Team has rated this update as having important security impact. A Common Vulnerability Scoring...