18 matches found
Exposure of Sensitive Information to an Unauthorized Actor in JGroup
The DiagnosticsHandler in JGroup 3.0.x, 3.1.x, 3.2.x before 3.2.9, and 3.3.x before 3.3.3 allows remote attackers to obtain sensitive information diagnostic information and execute arbitrary code by reusing valid credentials...
GHSA-CC62-496P-HRR7 Exposure of Sensitive Information to an Unauthorized Actor in JGroup
The DiagnosticsHandler in JGroup 3.0.x, 3.1.x, 3.2.x before 3.2.9, and 3.3.x before 3.3.3 allows remote attackers to obtain sensitive information diagnostic information and execute arbitrary code by reusing valid credentials...
JBoss Portal 6.1.0 Update (RHSA-2013:1437)
The version of JBoss Enterprise Portal Platform on the remote system is affected by the following issues: - A flaw in CSRF prevention filter in JBoss Web could allow remote attackers to bypass the cross-site request forgery CSRF protection mechanism via a request that lacks a session identifier...
JBoss Enterprise Application Platform 6.1.1 Update (RHSA-2013:1209)
The version of JBoss Enterprise Application Platform installed on the remote system is affected by the following issues : - Flaws in the modinfo, modstatus, modimagemap, modldap, and modproxyftp modules can allow an attacker to perform cross-site scripting XSS attacks. CVE-2012-3499 - Flaws in th...
Important: Red Hat Security Advisory: Red Hat JBoss Data Grid 6.2.0 update
Red Hat JBoss Data Grid 6.2.0, which fixes multiple security issues, various bugs, and adds enhancements, is now available from the Red Hat Customer Portal. The Red Hat Security Response Team has rated this update as having important security impact. Common Vulnerability Scoring System CVSS base...
JGroups: Authentication via cached credentials
The DiagnosticsHandler in JGroup 3.0.x, 3.1.x, 3.2.x before 3.2.9, and 3.3.x before 3.3.3 allows remote attackers to obtain sensitive information diagnostic information and execute arbitrary code by reusing valid credentials...
CVE-2013-4112
The DiagnosticsHandler in JGroup 3.0.x, 3.1.x, 3.2.x before 3.2.9, and 3.3.x before 3.3.3 allows remote attackers to obtain sensitive information diagnostic information and execute arbitrary code by reusing valid credentials...
UBUNTU-CVE-2013-4112
The DiagnosticsHandler in JGroup 3.0.x, 3.1.x, 3.2.x before 3.2.9, and 3.3.x before 3.3.3 allows remote attackers to obtain sensitive information diagnostic information and execute arbitrary code by reusing valid credentials...
CVE-2013-4112
The DiagnosticsHandler in JGroup 3.0.x, 3.1.x, 3.2.x before 3.2.9, and 3.3.x before 3.3.3 allows remote attackers to obtain sensitive information diagnostic information and execute arbitrary code by reusing valid credentials...
Design/Logic Flaw
The DiagnosticsHandler in JGroup 3.0.x, 3.1.x, 3.2.x before 3.2.9, and 3.3.x before 3.3.3 allows remote attackers to obtain sensitive information diagnostic information and execute arbitrary code by reusing valid credentials...
CVE-2013-4112
The CVE-2013-4112 issue is described in the OSV/GHSA entries as a flaw in JGroup’s DiagnosticsHandler: when a JGroups channel starts, the diagnostics service may be enabled by default with no authentication, allowing an adjacent-network attacker to read diagnostic information and, in some updates...
CVE-2013-4112
The DiagnosticsHandler in JGroup 3.0.x, 3.1.x, 3.2.x before 3.2.9, and 3.3.x before 3.3.3 allows remote attackers to obtain sensitive information diagnostic information and execute arbitrary code by reusing valid credentials...
CVE-2013-4112
The DiagnosticsHandler in JGroup 3.0.x, 3.1.x, 3.2.x before 3.2.9, and 3.3.x before 3.3.3 allows remote attackers to obtain sensitive information diagnostic information and execute arbitrary code by reusing valid credentials...
RHEL 5 : Red Hat JBoss Enterprise Application Platform 6.1.1 update (Moderate) (RHSA-2013:1207)
The remote Redhat Enterprise Linux 5 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2013:1207 advisory. Red Hat JBoss Enterprise Application Platform 6 is a platform for Java applications based on JBoss Application Server 7. This release serves...
RHEL 6 : Red Hat JBoss Enterprise Application Platform 6.1.1 update (Moderate) (RHSA-2013:1208)
The remote Redhat Enterprise Linux 6 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2013:1208 advisory. Red Hat JBoss Enterprise Application Platform 6 is a platform for Java applications based on JBoss Application Server 7. This release serves...
JGroups: Authentication via cached credentials
The DiagnosticsHandler in JGroup 3.0.x, 3.1.x, 3.2.x before 3.2.9, and 3.3.x before 3.3.3 allows remote attackers to obtain sensitive information diagnostic information and execute arbitrary code by reusing valid credentials...
Moderate: Red Hat Security Advisory: Red Hat JBoss Enterprise Application Platform 6.1.1 update
Red Hat JBoss Enterprise Application Platform 6.1.1, which fixes multiple security issues, various bugs, and adds enhancements, is now available for Red Hat Enterprise Linux 6. The Red Hat Security Response Team has rated this update as having moderate security impact. Common Vulnerability Scorin...
Moderate: Red Hat Security Advisory: Red Hat JBoss Enterprise Application Platform 6.1.1 update
Red Hat JBoss Enterprise Application Platform 6.1.1, which fixes multiple security issues, various bugs, and adds enhancements, is now available for Red Hat Enterprise Linux 5. The Red Hat Security Response Team has rated this update as having moderate security impact. Common Vulnerability Scorin...