EUVD-2014-8016

Malware in sbrugna...

Console: HTTPOnly and Secure attributes not set on cookies in Red Hat AMQ

It was found that Hawtio console does not set HTTPOnly or Secure attributes on cookies. An attacker could use this flaw to rerieve an authenticated user's SessionID, and possibly conduct further attacks with the permissions of the authenticated user...

Console: HTTPOnly and Secure attributes not set on cookies in Red Hat AMQ

It was found that Hawtio console does not set HTTPOnly or Secure attributes on cookies. An attacker could use this flaw to rerieve an authenticated user's SessionID, and possibly conduct further attacks with the permissions of the authenticated user...

The vulnerability of the Hawtio web console in the Apache ActiveMQ software platform allows a malicious actor to reuse the session identifier of an authenticated user.

The vulnerability of the Hawtio web console in the Apache ActiveMQ software platform stems from the lack of setting the HTTPOnly or Secure attributes for cookie files. Exploiting this vulnerability allows a malicious actor to repeatedly use the authenticated user’s session identifier remotely...

The vulnerability in the Hawtio web console of the Apache ActiveMQ software platform allows a perpetrator to obtain confidential information or exert other effects.

The vulnerability of the Hawtio web console of the Apache ActiveMQ software platform is related to security configuration errors. Exploiting this vulnerability can allow a malicious actor, operating remotely, to obtain confidential information or exert other unauthorized actions...

Red Hat JBoss A-MQ Hawtio console security bypass vulnerability

Red Hat JBoss A-MQ is an open source messaging platform from Red Hat, Inc. that integrates applications and devices and provides various messaging modes to support real-time messaging. The platform is used to integrate applications , endpoints and devices , and provides a variety of messaging...

Console: CORS headers set to allow all in Red Hat AMQ

It was found that the Hawtio console setting for the Access-Control-Allow-Origin header permits unrestricted sharing allow all. An attacker could use this flaw to access sensitive information or perform other attacks...

Design/Logic Flaw

Red Hat JBoss Fuse before 6.2.0 allows remote authenticated users to bypass intended restrictions and access the HawtIO console by leveraging an account defined in the users.properties file...

CVE-2014-8175

The CVE-2014-8175 entry affects Red Hat JBoss Fuse

CVE-2014-8175

Red Hat JBoss Fuse before 6.2.0 allows remote authenticated users to bypass intended restrictions and access the HawtIO console by leveraging an account defined in the users.properties file...