JavaMail SMTP Header Injection via method setSubject [CSNC-2014-001]

COMPASS SECURITY ADVISORY http://www.csnc.ch/en/downloads/advisories.html Product: JavaMail Vendor: Oracle CSNC ID: CSNC-2014-001 CVD ID: none Subject: SMTP Header Injection via method setSubject Risk: Medium Effect: Remotely exploitable Author: Alexandre Herzog [email protected] Date:...

[SECURITY] Fedora 19 Update: springframework-security-3.1.6-1.fc19

Spring Security is a Java/Java EE framework that provides advanced authentication, authorization and other comprehensive security features for enterprise applications. In addition to having a comprehensive list of security functionality, Spring Security is very configurable and employs the Spring...

[SECURITY] Fedora 20 Update: springframework-security-3.1.6-1.fc20

Spring Security is a Java/Java EE framework that provides advanced authentication, authorization and other comprehensive security features for enterprise applications. In addition to having a comprehensive list of security functionality, Spring Security is very configurable and employs the Spring...

Moderate: Red Hat Security Advisory: Red Hat JBoss Portal 6.1.1 update

Red Hat JBoss Portal 6.1.1, which fixes two security issues and various bugs, is now available from the Red Hat Customer Portal. The Red Hat Security Response Team has rated this update as having Moderate security impact. Common Vulnerability Scoring System CVSS base scores, which give detailed...

Moderate: Red Hat Security Advisory: JBoss Enterprise Portal Platform 5.2.2 security update

An update for the GateIn Portal component in JBoss Enterprise Portal Platform 5.2.2 that fixes multiple security issues is now available from the Red Hat Customer Portal. The Red Hat Security Response Team has rated this update as having moderate security impact. A Common Vulnerability Scoring...

Java JAX-WS statistics.impl package sandbox breach

Added: 02/07/2013 CVE: CVE-2012-5076 BID: 56054 OSVDB: 86350 Background Java API for XML Web Services JAX-WS is a technology for developing web services in Java. It is included in the Java EE 5 platform. Problem A vulnerability in JAX-WS when handling the...

Important: Red Hat Security Advisory: JBoss Enterprise Portal Platform 4.3 CP07 security update

An update for JBoss Enterprise Portal Platform 4.3 CP07 that fixes one security issue is now available from the Red Hat Customer Portal. The Red Hat Security Response Team has rated this update as having important security impact. A Common Vulnerability Scoring System CVSS base score, which gives...

Apache Struts 2 ConversionErrorInterceptor Java Injection

Added: 08/02/2012 CVE: CVE-2012-0391 OSVDB: 78277 Background Apache Struts is an open-source web application framework for developing Java EE web applications. It uses and extends the Java Servlet API to encourage developers to adopt a model-view-controller MVC architecture. Problem Struts uses...

Apache Struts 2 ConversionErrorInterceptor Java Injection

Added: 08/02/2012 CVE: CVE-2012-0391 OSVDB: 78277 Background Apache Struts is an open-source web application framework for developing Java EE web applications. It uses and extends the Java Servlet API to encourage developers to adopt a model-view-controller MVC architecture. Problem Struts uses...

Apache Struts 2 ParametersInterceptor OGNL Command Injection

Added: 03/26/2012 CVE: CVE-2011-3923 BID: 51628 OSVDB: 78109 Background Apache Struts is an open-source web application framework for developing Java EE web applications. It uses and extends the Java Servlet API to encourage developers to adopt a model-view-controller MVC architecture. Problem...

JBoss Operations Network多个安全限制绕过漏洞

BUGTRAQ ID: 51827 CVE ID: CVE-2011-4573,CVE-2012-0052,CVE-2012-0062 JBoss Operations Network是基于Java EE的开源网络管理软件。 JBoss Operations Network在实现上存在多个安全限制绕过漏洞，成功利用后可允许攻击者绕过某些安全限制、获取敏感信息或执行非法操作。 0 RedHat JBoss Operations Network 2.4.1 厂商补丁： RedHat ------ 目前厂商已经发布了升级补丁以修复这个安全问题，请到厂商的主页下载：...

Oracle Fusion Middleware WebLogic Detection (credentialed check)

Oracle WebLogic, a Java EE application, is installed on the remote host as an Oracle Fusion Middleware component. C Tenable Network Security, Inc. include"compat.inc"; if description scriptid57793; scriptversion"1.10"; scriptsetattributeattribute:"pluginmodificationdate", value:"2022/02/01";...

JBoss Operations Network多个跨站脚本执行漏洞

BUGTRAQ ID: 51095 CVE ID: CVE-2011-3206 JBoss Operations Network是基于Java EE的开源网络管理软件。 JBoss Operations Network在JON管理接口的实现上存在多个跨站脚本执行漏洞，远程攻击者诱使用户浏览特制URL利用这些漏洞执行跨站脚本攻击，窃取Cookie身份验证凭证 0 RedHat JBoss Operations Network 2.4.1 厂商补丁： RedHat ------ 目前厂商已经发布了升级补丁以修复这个安全问题，请到厂商的主页下载：...

Moderate: Red Hat Security Advisory: JBoss Enterprise Portal Platform 5.2.0 update

JBoss Enterprise Portal Platform 5.2.0, which fixes multiple security issues, various bugs, and adds enhancements is now available from the Red Hat Customer Portal. The Red Hat Security Response Team has rated this update as having moderate security impact. Common Vulnerability Scoring System CVS...

Oracle WebLogic Detection (Combined)

Oracle formerly BEA WebLogic, a Java EE application server, is running on the remote web server. C Tenable Network Security, Inc. include"compat.inc"; if description scriptid56979; scriptversion"1.16"; scriptsetattributeattribute:"pluginmodificationdate", value:"2022/10/12"; scriptxrefname:"IAVT"...

Important: Red Hat Security Advisory: JBoss Enterprise Portal Platform 5.1.1 update

JBoss Enterprise Portal Platform 5.1.1, which fixes one security issue and various bugs, is now available from the Red Hat Customer Portal. The Red Hat Security Response Team has rated this update as having important security impact. A Common Vulnerability Scoring System CVSS base score, which...

Oracle GlassFish HTTP Server Version

The remote host is running an Oracle GlassFish HTTP Server, a Java EE application server. It was possible to read the version number from the HTTP response headers. C Tenable Network Security, Inc. include"compat.inc"; if description scriptid55930; scriptversion"1.13";...

Oracle Sun GlassFish Enterprise Server Stored XSS Vulnerability - Security Advisory - SOS-11-009

Sense of Security - Security Advisory - SOS-11-009 Release Date. 19-Jul-2011 Last Update. - Vendor Notification Date. 23-Mar-2011 Product. Oracle Sun GlassFish Enterprise Server Platform. Java EE Affected versions. 2.1.1 v2.1 Patch069.102 Patch12 build b31g-fcs verified and possibly others Severi...

Oracle Sun GlassFish Enterprise Server - Persistent Cross-Site Scripting

Oracle Sun GlassFish Enterprise Server - Persistent Cross-Site Scripting Sense of Security - Security Advisory - SOS-11-009 Release Date. 19-Jul-2011 Last Update. - Vendor Notification Date. 23-Mar-2011 Product. Oracle Sun GlassFish Enterprise Server Platform. Java EE Affected versions. 2.1.1 v2....

Oracle Sun GlassFish Enterprise Server Stored XSS Vulnerability

No description provided by source. Sense of Security - Security Advisory - SOS-11-009 Release Date. 19-Jul-2011 Last Update. - Vendor Notification Date. 23-Mar-2011 Product. Oracle Sun GlassFish Enterprise Server Platform. Java EE Affected versions. 2.1.1 v2.1 Patch069.102 Patch12 build b31g-fcs...