8 matches found
Privilege Escalation
An attack technique against the W3C XML Encryption Standard when block ciphers were used in CBC mode could allow a remote attacker to conduct chosen-ciphertext attacks, leading to the recovery of the entire plain text of a particular cryptogram. CVE-2011-1096 JBoss Web Services leaked side-channe...
CVE-2012-0874
creationtimestamp| type| source ---|---|--- 2019-02-06 01:53:29+00:00| seen| MISP/5c5a3d7b-ba70-474a-bd8a-1b5a0a021402 2025-02-14 10:05:09+00:00| seen| Telegram/t0jbKBFqIMGJQ5Dsjz1Ui6KFHKxZ6CucbJ3YaWLquthg9w1...
ESA-2013-094: EMC Data Protection Advisor JBOSS Remote Code Execution Vulnerability
ESA-2013-094.txt -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ESA-2013-094: EMC Data Protection Advisor JBOSS Remote Code Execution Vulnerability EMC Identifier: ESA-2013-094 CVE Identifier: CVE-2012-0874 Severity Rating: CVSS v2 Base Score: 10.0 AV:N/AC:L/Au:N/C:C/I:C/A:C Affected products: • A...
Apache Tomcat/JBoss EJBInvokerServlet / JMXInvokerServlet (RMI over HTTP) Marshalled Object Remote Code Execution - Active Check
Apache Tomcat/JBoss Application Server is prone to multiple remote code execution RCE vulnerabilities. SPDX-FileCopyrightText: 2013 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier:...
Design/Logic Flaw
HP ProCurve Manager PCM 3.20 and 4.0, PCM+ 3.20 and 4.0, Identity Driven Manager IDM 4.0, and Application Lifecycle Management allow remote attackers to execute arbitrary code via a marshalled object to 1 EJBInvokerServlet or 2 JMXInvokerServlet, aka ZDI-CAN-1760. NOTE: this is probably a duplica...
CVE-2012-0874
CVE-2012-0874 affects JBoss family products (EAP, EWP, BRMS Platform, SOA Platform) prior to version 5.2.x / 5.3.x where JMXInvokerHAServlet and EJBInvokerHAServlet did not require authentication by default in certain profiles. This can allow a remote attacker to invoke MBean methods and, as note...
JBoss Enterprise Application Platform 多个安全绕过漏洞(CVE-2012-0874)
Bugtraq ID:57552 CVE ID:CVE-2012-0874 JBOSS是一个基于J2EE的开放源代码的应用服务器。 在某些配置下,允许对JMXInvokerHAServlet和EJBInvokerHAServlet invoker servlet进行未验证访问。安全拦截器第二层验证可防止直接利用此漏洞,但是如果拦截器错误配置或不正确禁用,可导致任意代码执行。 0 Red Hat JBoss Enterprise Web Platform for RHEL 5 Server 5 Red Hat JBoss Enterprise Web Platform for RHEL 4...
Important: Red Hat Security Advisory: JBoss Enterprise Application Platform 5.2.0 update
JBoss Enterprise Application Platform 5.2.0, which fixes multiple security issues, various bugs, and adds several enhancements, is now available from the Red Hat Customer Portal. The Red Hat Security Response Team has rated this update as having important security impact. Common Vulnerability...