7 matches found
EUVD-2014-0222
Malware in sbrugna...
CVE-2014-0169
In JBoss EAP 6 a security domain is configured to use a cache that is shared between all applications that are in the security domain. This could allow an authenticated user in one application to access protected resources in another application without proper authorization. Although this is an...
Sql injection
In JBoss EAP 6 a security domain is configured to use a cache that is shared between all applications that are in the security domain. This could allow an authenticated user in one application to access protected resources in another application without proper authorization. Although this is an...
CVE-2014-0169
CVE-2014-0169 affects JBoss EAP 6: a security domain uses a cache shared across all applications in the domain, enabling an authenticated user from one application to access resources in another without proper authorization. Root cause cited as lack of clear documentation on cache isolation betwe...
CVE-2014-0169
In JBoss EAP 6 a security domain is configured to use a cache that is shared between all applications that are in the security domain. This could allow an authenticated user in one application to access protected resources in another application without proper authorization. Although this is an...
Information Disclosure
jboss-as-web is vulnerable to information disclosure attacks. The vulnerability exists as the security audit functionality in Red Hat JBoss Enterprise Application Platform EAP 6.x before 6.2.1 logs request parameters in plaintext, which might allow local users to obtain passwords by reading the l...
RHEL 5 : Red Hat JBoss Enterprise Application Platform 6.2.2 update (Moderate) (RHSA-2014:0343)
The remote Redhat Enterprise Linux 5 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2014:0343 advisory. - tomcat: multiple content-length header poisoning flaws CVE-2013-4286 - PicketBox/JBossSX: Unauthorized access to and modification of...