96 matches found
Important: Red Hat Security Advisory: Red Hat JBoss BRMS 6.0.3 update
Red Hat JBoss BRMS 6.0.3, which fixes multiple security issues, several bugs, and adds various enhancements, is now available from the Red Hat Customer Portal. Red Hat Product Security has rated this update as having Important security impact. Common Vulnerability Scoring System CVSS base scores,...
6: JSM policy not respected by deployed applications
It was found that Java Security Manager permissions configured via a policy file were not properly applied, causing all deployed applications to be granted the java.security.AllPermission permission. In certain cases, an attacker could use this flaw to circumvent expected security measures to...
Important: Red Hat Security Advisory: Red Hat JBoss BPM Suite 6.0.3 update
Red Hat JBoss BPM Suite 6.0.3, which fixes multiple security issues, several bugs, and adds various enhancements, is now available from the Red Hat Customer Portal. Red Hat Product Security has rated this update as having Important security impact. Common Vulnerability Scoring System CVSS base...
Validator: JSM bypass via ReflectionHelper
It was discovered that the implementation of org.hibernate.validator.util.ReflectionHelper together with the permissions required to run Hibernate Validator under the Java Security Manager could allow a malicious application deployed in the same application container to execute several actions wi...
Validator: JSM bypass via ReflectionHelper
It was discovered that the implementation of org.hibernate.validator.util.ReflectionHelper together with the permissions required to run Hibernate Validator under the Java Security Manager could allow a malicious application deployed in the same application container to execute several actions wi...
Low: Red Hat Security Advisory: Red Hat JBoss Enterprise Application Platform 6.3.1 update
Updated packages that provide Red Hat JBoss Enterprise Application Platform 6.3.1 and fix one security issue, several bugs, and add various enhancements are now available for Red Hat Enterprise Linux 5. Red Hat Product Security has rated this update as having Low security impact. A Common...
Validator: JSM bypass via ReflectionHelper
It was discovered that the implementation of org.hibernate.validator.util.ReflectionHelper together with the permissions required to run Hibernate Validator under the Java Security Manager could allow a malicious application deployed in the same application container to execute several actions wi...
Validator: JSM bypass via ReflectionHelper
It was discovered that the implementation of org.hibernate.validator.util.ReflectionHelper together with the permissions required to run Hibernate Validator under the Java Security Manager could allow a malicious application deployed in the same application container to execute several actions wi...
CVE-2014-0093
Red Hat JBoss Enterprise Application Platform JBEAP 6.2.2, when using a Java Security Manager JSM, does not properly apply permissions defined by a policy file, which causes applications to be granted the java.security.AllPermission permission and allows remote attackers to bypass intended access...
Design/Logic Flaw
Red Hat JBoss Enterprise Application Platform JBEAP 6.2.2, when using a Java Security Manager JSM, does not properly apply permissions defined by a policy file, which causes applications to be granted the java.security.AllPermission permission and allows remote attackers to bypass intended access...
CVE-2014-0093
CVE-2014-0093 affects Red Hat JBoss EAP 6.2.2 when running under a Java Security Manager, where permissions defined by a policy file are not properly applied, causing deployed applications to receive java.security.AllPermission and potentially bypass access restrictions. The issue is documented a...
CVE-2014-0093
Red Hat JBoss Enterprise Application Platform JBEAP 6.2.2, when using a Java Security Manager JSM, does not properly apply permissions defined by a policy file, which causes applications to be granted the java.security.AllPermission permission and allows remote attackers to bypass intended access...
RHEL 6 : JBoss EAP (RHSA-2014:0344)
Updated packages that provide Red Hat JBoss Enterprise Application Platform 6.2.2 and fix two security issues, several bugs, and add various enhancements are now available for Red Hat Enterprise Linux 6. The Red Hat Security Response Team has rated this update as having Moderate security impact...
6: JSM policy not respected by deployed applications
It was found that Java Security Manager permissions configured via a policy file were not properly applied, causing all deployed applications to be granted the java.security.AllPermission permission. In certain cases, an attacker could use this flaw to circumvent expected security measures to...
6: JSM policy not respected by deployed applications
It was found that Java Security Manager permissions configured via a policy file were not properly applied, causing all deployed applications to be granted the java.security.AllPermission permission. In certain cases, an attacker could use this flaw to circumvent expected security measures to...
Moderate: Red Hat Security Advisory: Red Hat JBoss Enterprise Application Platform 6.2.2 update
Updated packages that provide Red Hat JBoss Enterprise Application Platform 6.2.2 and fix two security issues, several bugs, and add various enhancements are now available for Red Hat Enterprise Linux 5. The Red Hat Security Response Team has rated this update as having Moderate security impact...
6: JSM policy not respected by deployed applications
It was found that Java Security Manager permissions configured via a policy file were not properly applied, causing all deployed applications to be granted the java.security.AllPermission permission. In certain cases, an attacker could use this flaw to circumvent expected security measures to...
RHEL 6 : JBoss Enterprise Application Platform 5.1.1 update (Important) (RHSA-2011:0946)
The remote Redhat Enterprise Linux 6 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2011:0946 advisory. JBoss Enterprise Application Platform is the market-leading platform for innovative and scalable Java applications. JBoss Enterprise Application...
RHEL 4 / 5 : jboss-seam2 (RHSA-2010:0564)
Updated jboss-seam2 packages that fix one security issue are now available for JBoss Enterprise Application Platform 4.3 for Red Hat Enterprise Linux 4 and 5. The Red Hat Security Response Team has rated this update as having important security impact. A Common Vulnerability Scoring System CVSS...
Immunity Canvas: JAVA_FORNAME_GETFIELD
Name| javaforNamegetField ---|--- CVE| CVE-2012-4681 Exploit Pack| CANVAS Description| Java forName/getField Method Invocation Sandbox Bypass Notes| CVE Name: CVE-2012-4681 VENDOR: Sun Notes: There is a method invocation vulnerability using sun.awt.SunToolkit.getField This vulnerability can then ...