13 matches found
Authentication Bypass
jbosssx2 is vulnerable to authentication bypass attacks. The vulnerability exists as the default configuration of the 1 LdapLoginModule and 2 LdapExtLoginModule modules in JBoss Enterprise Application Platform EAP 4.3.0 CP10, 5.2.0, and 6.0.1, and Enterprise Web Platform EWP 5.2.0 allow remote...
RHEL 4 : JBoss EWP (RHSA-2013:0197)
Updated JBoss Enterprise Web Platform 5.2.0 packages that fix multiple security issues, various bugs, and add several enhancements are now available for Red Hat Enterprise Linux 4. The Red Hat Security Response Team has rated this update as having important security impact. Common Vulnerability...
RHEL 5 : JBoss Enterprise Web Platform 5.2.0 update (Important) (RHSA-2013:0196)
The remote Redhat Enterprise Linux 5 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2013:0196 advisory. An attack technique against the W3C XML Encryption Standard when block ciphers were used in CBC mode could allow a remote attacker to conduc...
RHEL 5 / 6 : JBoss EWP (RHSA-2014:1728)
Updated packages for Red Hat JBoss Enterprise Web Platform 5.2.0 that fix one security issue are now available for Red Hat Enterprise Linux 4, 5, and 6. Red Hat Product Security has rated this update as having Moderate security impact. A Common Vulnerability Scoring System CVSS base score, which...
RHEL 5 / 6 : Red Hat JBoss Enterprise Web Platform 5.2.0 (RHSA-2014:0792)
The remote Redhat Enterprise Linux 5 / 6 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2014:0792 advisory. Red Hat JBoss Enterprise Web Platform is a platform for Java applications, which integrates the JBoss Web Server with JBoss Hibernate and JBoss...
RHEL 5 / 6 : richfaces (RHSA-2013:1043)
The remote Redhat Enterprise Linux 5 / 6 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2013:1043 advisory. RichFaces is an open source framework that adds Ajax capability into existing JavaServer Faces JSF applications. A flaw was found in the way...
Authentication flaw
The default configuration of the 1 LdapLoginModule and 2 LdapExtLoginModule modules in JBoss Enterprise Application Platform EAP 4.3.0 CP10, 5.2.0, and 6.0.1, and Enterprise Web Platform EWP 5.2.0 allow remote attackers to bypass authentication via an empty password...
CVE-2012-5629
The default configuration of the 1 LdapLoginModule and 2 LdapExtLoginModule modules in JBoss Enterprise Application Platform EAP 4.3.0 CP10, 5.2.0, and 6.0.1, and Enterprise Web Platform EWP 5.2.0 allow remote attackers to bypass authentication via an empty password...
Design/Logic Flaw
The GUI installer in JBoss Enterprise Application Platform EAP and Enterprise Web Platform EWP 5.2.0 and possibly 5.1.2 uses world-readable permissions for the auto-install XML file, which allows local users to obtain the administrator password and the sucker password by reading this file...
CVE-2012-3370
CVE-2012-3370 affects JBoss components (EAP, EWP, BRMS, SOA) prior to the stated versions, where SecurityAssociation.getCredential() returns the previous user’s credentials when no security context is provided, enabling remote privilege escalation to a different user. Red Hat advisories (RHSA/RHB...
Important: Red Hat Security Advisory: JBoss Enterprise Web Platform 5.2.0 update
Updated JBoss Enterprise Web Platform 5.2.0 packages that fix multiple security issues, various bugs, and add several enhancements are now available for Red Hat Enterprise Linux 5. The Red Hat Security Response Team has rated this update as having important security impact. Common Vulnerability...
Input validation
jboss-seam.jar in the JBoss Seam 2 framework 2.2.x and earlier, as distributed in Red Hat JBoss Enterprise SOA Platform 4.3.0.CP05 and 5.1.0; JBoss Enterprise Application Platform aka JBoss EAP or JBEAP 4.3.0, 4.3.0.CP09, and 5.1.1; and JBoss Enterprise Web Platform 5.1.1, does not properly...
CVE-2010-3862
The org.jboss.remoting.transport.bisocket.BisocketServerInvoker$SecondaryServerSocketThread.run method in JBoss Remoting 2.2.x before 2.2.3.SP4 and 2.5.x before 2.5.3.SP2 in Red Hat JBoss Enterprise Application Platform aka JBoss EAP or JBEAP 4.3 through 4.3.0.CP09, and 5.1.0; and JBoss Enterpris...