950 matches found
CVE-2013-2422
CVE-2013-2422 is an unspecified vulnerability in the Java Runtime Environment (JRE) component that Oracle and related advisories group with the April 2013 CPU. It affects Oracle Java SE 7 Update 17 and earlier, 6 Update 43 and earlier, and OpenJDK 6/7, allowing remote attackers to affect confiden...
Oracle Java Proxy.newProxyInstance Security Manager Bypass Remote Code Execution Vulnerability
This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of the Oracle Java. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or run a malicious file. The specific bypass of security permissions is...
OpenJDK: RMI CGIHandler XSS issue (RMI, 6563318)
Unspecified vulnerability in the Java Runtime Environment JRE component in Oracle Java SE 7 through Update 11, 6 through Update 38, 5.0 through Update 38, and 1.4.240 and earlier, and OpenJDK 7, allows remote attackers to affect integrity via vectors related to RMI. NOTE: the previous information...
OpenJDK: RMI CGIHandler XSS issue (RMI, 6563318)
Unspecified vulnerability in the Java Runtime Environment JRE component in Oracle Java SE 7 through Update 11, 6 through Update 38, 5.0 through Update 38, and 1.4.240 and earlier, and OpenJDK 7, allows remote attackers to affect integrity via vectors related to RMI. NOTE: the previous information...
OpenJDK: RMI CGIHandler XSS issue (RMI, 6563318)
Unspecified vulnerability in the Java Runtime Environment JRE component in Oracle Java SE 7 through Update 11, 6 through Update 38, 5.0 through Update 38, and 1.4.240 and earlier, and OpenJDK 7, allows remote attackers to affect integrity via vectors related to RMI. NOTE: the previous information...
OpenJDK: RMI CGIHandler XSS issue (RMI, 6563318)
Unspecified vulnerability in the Java Runtime Environment JRE component in Oracle Java SE 7 through Update 11, 6 through Update 38, 5.0 through Update 38, and 1.4.240 and earlier, and OpenJDK 7, allows remote attackers to affect integrity via vectors related to RMI. NOTE: the previous information...
Oracle Java SE Multiple Vulnerabilities -01 Feb 13 (Windows)
This host is installed with Oracle Java SE and is prone to multiple vulnerabilities. OpenVAS Vulnerability Test $Id: gboraclejavasemultvuln01feb13win.nasl 7699 2017-11-08 12:10:34Z santu $ Oracle Java SE Multiple Vulnerabilities -01 Feb 13 Windows Authors: Arun Kallavi Copyright: Copyright c 2013...
OpenJDK: RMI CGIHandler XSS issue (RMI, 6563318)
Unspecified vulnerability in the Java Runtime Environment JRE component in Oracle Java SE 7 through Update 11, 6 through Update 38, 5.0 through Update 38, and 1.4.240 and earlier, and OpenJDK 7, allows remote attackers to affect integrity via vectors related to RMI. NOTE: the previous information...
OpenJDK: RMI CGIHandler XSS issue (RMI, 6563318)
Unspecified vulnerability in the Java Runtime Environment JRE component in Oracle Java SE 7 through Update 11, 6 through Update 38, 5.0 through Update 38, and 1.4.240 and earlier, and OpenJDK 7, allows remote attackers to affect integrity via vectors related to RMI. NOTE: the previous information...
JBoss invoker servlets do not require authentication
The 1 JMXInvokerHAServlet and 2 EJBInvokerHAServlet invoker servlets in JBoss Enterprise Application Platform EAP before 5.2.0, Web Platform EWP before 5.2.0, BRMS Platform before 5.3.1, and SOA Platform before 5.3.1 do not require authentication by default in certain profiles, which might allow...
PT-2013-1685
Name of the Vulnerable Software and Affected Versions JBoss Enterprise Application Platform versions prior to 6.0.1 Description The issue allows attackers to bypass intended access restrictions for EJB methods due to the processInvocation function in...
JBoss Enterprise Application Platform: org.jboss.as.ejb3: JBoss Enterprise Application Platform: Access restriction bypass via improper EJB method authorization
A flaw was found in JBoss Enterprise Application Platform. The processInvocation function within the org.jboss.as.ejb3.security.AuthorizationInterceptor component incorrectly authorizes all requests when no roles are defined for an Enterprise Java Beans EJB method invocation. This allows attacker...
JBoss Enterprise Application Platform: org.jboss.as.ejb3: JBoss Enterprise Application Platform: Access restriction bypass via improper EJB method authorization
A flaw was found in JBoss Enterprise Application Platform. The processInvocation function within the org.jboss.as.ejb3.security.AuthorizationInterceptor component incorrectly authorizes all requests when no roles are defined for an Enterprise Java Beans EJB method invocation. This allows attacker...
Webwork direct method invocation can bypass validatingStack through Action aliases
panel:bgColor=e7f4fa NOTE: This bug report is for Confluence Server. Using Confluence Cloud? See the corresponding bug report|http://jira.atlassian.com/browse/CONFCLOUD-27294. panel WebWork supports the concept of action aliases, which allow a single action class to serve requests mapping to...
Webwork direct method invocation can bypass validatingStack through Action aliases
panel:bgColor=e7f4fa NOTE: This bug report is for Confluence Server. Using Confluence Cloud? See the corresponding bug report|http://jira.atlassian.com/browse/CONFCLOUD-27294. panel WebWork supports the concept of action aliases, which allow a single action class to serve requests mapping to...
Webwork direct method invocation can bypass validatingStack through Action aliases
WebWork supports the concept of action aliases, which allow a single action class to serve requests mapping to different names. This allows a developer to reuse the same action logic, but provide different results based on interceptors. When an action is invoked, Webwork will typically call its...
JDK: java.lang.reflect.Method invoke() code execution
Unspecified vulnerability in the JRE component in IBM Java 7 SR2 and earlier, Java 6.0.1 SR3 and earlier, Java 6 SR11 and earlier, Java 5 SR14 and earlier, and Java 142 SR13 FP13 and earlier; as used in IBM Rational Host On-Demand, Rational Change, Tivoli Monitoring, Smart Analytics System 5600,...
OpenJDK: RMIConnectionImpl information disclosure (JMX, 7169888)
Unspecified vulnerability in the Java Runtime Environment JRE component in Oracle Java SE 7 Update 7 and earlier, 6 Update 35 and earlier, and 5.0 Update 36 and earlier allows remote attackers to affect confidentiality, related to JMX...
OpenJDK: RMIConnectionImpl insufficient access control checks (JMX, 7198296)
Unspecified vulnerability in the Java Runtime Environment JRE component in Oracle Java SE 7 Update 7 and earlier, 6 Update 35 and earlier, and 5.0 Update 36 and earlier allows remote attackers to affect confidentiality, integrity, and availability, related to JMX, a different vulnerability than...
OpenJDK: RMIConnectionImpl insufficient access control checks (JMX, 7198296)
Unspecified vulnerability in the Java Runtime Environment JRE component in Oracle Java SE 7 Update 7 and earlier, 6 Update 35 and earlier, and 5.0 Update 36 and earlier allows remote attackers to affect confidentiality, integrity, and availability, related to JMX, a different vulnerability than...