Xalan-Java: insufficient constraints in secure processing feature

It was found that the secure processing feature of Xalan-Java had insufficient restrictions defined for certain properties and features. A remote attacker able to provide Extensible Stylesheet Language Transformations XSLT content to be processed by an application using Xalan-Java could use this...

Xalan-Java: insufficient constraints in secure processing feature

It was found that the secure processing feature of Xalan-Java had insufficient restrictions defined for certain properties and features. A remote attacker able to provide Extensible Stylesheet Language Transformations XSLT content to be processed by an application using Xalan-Java could use this...

GNU Classpath 0.97.2 'gnu.java.security.util.PRNG' Class Entropy Weakness (1)

No description provided by source. source: http://www.securityfocus.com/bid/32909/info GNU Classpath is prone to a weakness that may result in weaker cryptographic security because its psuedo-random number generator PRNG lacks entropy. Attackers may leverage this issue to obtain sensitive...

Xalan-Java: insufficient constraints in secure processing feature

It was found that the secure processing feature of Xalan-Java had insufficient restrictions defined for certain properties and features. A remote attacker able to provide Extensible Stylesheet Language Transformations XSLT content to be processed by an application using Xalan-Java could use this...

Red Hat JBoss Seam InterfaceGenerator Information Disclosure (CVE-2013-6448)

An information disclosure vulnerability exists in Red Hat JBoss Seam Framework. This is due to a design flaw in the InterfaceGenerator handler that allows it to expose details of all classes on the server's classpath. A remote unauthenticated attacker may exploit this vulnerability on a web...

Xalan-Java: insufficient constraints in secure processing feature

It was found that the secure processing feature of Xalan-Java had insufficient restrictions defined for certain properties and features. A remote attacker able to provide Extensible Stylesheet Language Transformations XSLT content to be processed by an application using Xalan-Java could use this...

Important: Red Hat Security Advisory: xalan-j2 security update

Updated xalan-j2 packages that fix one security issue are now available for Red Hat Enterprise Linux 5 and 6. The Red Hat Security Response Team has rated this update as having Important security impact. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating...

Xalan-Java: insufficient constraints in secure processing feature

It was found that the secure processing feature of Xalan-Java had insufficient restrictions defined for certain properties and features. A remote attacker able to provide Extensible Stylesheet Language Transformations XSLT content to be processed by an application using Xalan-Java could use this...

Seam: Information disclosure in remoting

The InterfaceGenerator handler in JBoss Seam Remoting in JBoss Seam 2 framework 2.3.1 and earlier, as used in JBoss Web Framework Kit, allows remote attackers to bypass the WebRemote annotation restriction and obtain information about arbitrary classes and methods on the server classpath via...

SUSE-SU-2015:1337-1 Security update for tomcat6

This update of tomcat6 fixes: apache-tomcat-CVE-2012-3544.patch bnc831119 use chown --no-dereference to prevent symlink attacks on log bnc822177c7/prevents CVE-2013-1976 Fix tomcat init scripts generating malformed classpath http://youtrack.jetbrains.com/issue/JT-18545 bnc804992 patch from m407 f...

RHEL 5 / 6 : richfaces (RHSA-2013:1042)

Updated richfaces packages that fix one security issue are now available for Red Hat JBoss Enterprise Application Platform 5.2.0 for Red Hat Enterprise Linux 4, 5, and 6. The Red Hat Security Response Team has rated this update as having critical security impact. A Common Vulnerability Scoring...

Framework: Information (internal server information, classpath, local working directories, session IDs) disclosure

VMware SpringSource Spring Framework before 2.5.6.SEC03, 2.5.7.SR023, and 3.x before 3.0.6, when a container supports Expression Language EL, evaluates EL expressions in tags twice, which allows remote attackers to obtain sensitive information via a 1 name attribute in a a spring:hasBindErrors ta...

Framework: Information (internal server information, classpath, local working directories, session IDs) disclosure

VMware SpringSource Spring Framework before 2.5.6.SEC03, 2.5.7.SR023, and 3.x before 3.0.6, when a container supports Expression Language EL, evaluates EL expressions in tags twice, which allows remote attackers to obtain sensitive information via a 1 name attribute in a a spring:hasBindErrors ta...

Nmap NSE net: rmi-dumpregistry

Connects to a remote RMI registry and attempts to dump all of its objects. First it tries to determine the names of all objects bound in the registry, and then it tries to determine information about the objects, such as the the class names of the superclasses and interfaces. This may, depending ...

rmi-dumpregistry NSE Script

Connects to a remote RMI registry and attempts to dump all of its objects. First it tries to determine the names of all objects bound in the registry, and then it tries to determine information about the objects, such as the the class names of the superclasses and interfaces. This may, depending ...

CVE-2008-5659

The gnu.java.security.util.PRNG class in GNU Classpath 0.97.2 and earlier uses a predictable seed based on the system time, which makes it easier for context-dependent attackers to conduct brute force attacks against cryptographic routines that use this class for randomness, as demonstrated again...

CVE-2008-5659

The gnu.java.security.util.PRNG class in GNU Classpath 0.97.2 and earlier uses a predictable seed based on the system time, which makes it easier for context-dependent attackers to conduct brute force attacks against cryptographic routines that use this class for randomness, as demonstrated again...

CVE-2008-5659

The CVE-2008-5659 issue affects the GNU Classpath project’s gnu.java.security.util.PRNG class (version 0.97.2 and earlier). The vulnerability stems from a predictable seed based on the system time, enabling context‑dependent attackers to perform brute‑force attempts against cryptographic routines...

GNU Classpath 0.97.2 - gnu.java.security.util.PRNG Class Entropy (1)

GNU Classpath 0.97.2 - gnu.java.security.util.PRNG Class Entropy 1 source: https://www.securityfocus.com/bid/32909/info GNU Classpath is prone to a weakness that may result in weaker cryptographic security because its psuedo-random number generator PRNG lacks entropy. Attackers may leverage this...

GNU Classpath 0.97.2 - gnu.java.security.util.PRNG Class Entropy (2)

GNU Classpath 0.97.2 - gnu.java.security.util.PRNG Class Entropy 2 source: https://www.securityfocus.com/bid/32909/info GNU Classpath is prone to a weakness that may result in weaker cryptographic security because its psuedo-random number generator PRNG lacks entropy. Attackers may leverage this...