EUVD-2016-9496

Malware in sbrugna...

RHSA-2013:0147 Red Hat Security Advisory: jbossas security update

Bulletin has no description...

RHSA-2012:1026 Red Hat Security Advisory: jbossas and jboss-naming security update

Bulletin has no description...

RHSA-2012:1025 Red Hat Security Advisory: jbossas security update

Bulletin has no description...

RHSA-2011:1309 Red Hat Security Advisory: jbossas security update

Bulletin has no description...

RHSA-2007:0360 Red Hat Security Advisory: jbossas security update

Bulletin has no description...

RHSA-2006:0743 Red Hat Security Advisory: jbossas security update

Bulletin has no description...

Arbitrary EJB QL Command Execution

jbossas is vulnerable to arbitrary EJB QL command execution. The vulnerability exists as the setOrder method in the org.jboss.seam.framework.Query class did not correctly validate user-supplied parameters. This vulnerability allowed remote attackers to inject, and execute, arbitrary Enterprise...

Privilege Escalation

Red Hat Enterprise Linux is vulnerable to privilege escalation attacks. Use of incorrect permissions for /etc/sysconfig/jbossas configuration files allows a local authenticated user to escalate their privileges to root...

Unauthorized Modification

jbossas is vulnerable to unauthorized modification attacks. The vulnerability exists in the 1 JNDI service, 2 HA-JNDI service, and 3 HAJNDIFactory invoker servlet in JBoss Enterprise Application Platform 4.3.0 CP10 and 5.1.2, Web Platform 5.1.2, SOA Platform 4.2.0.CP05 and 4.3.0.CP05, Portal...

CVE-2016-8657

It was discovered that EAP packages in certain versions of Red Hat Enterprise Linux use incorrect permissions for /etc/sysconfig/jbossas configuration files. The file is writable to jboss group root:jboss, 664. On systems using classic /etc/init.d init scripts i.e. on Red Hat Enterprise Linux 6 a...

CVE-2016-8657

It was discovered that EAP packages in certain versions of Red Hat Enterprise Linux use incorrect permissions for /etc/sysconfig/jbossas configuration files. The file is writable to jboss group root:jboss, 664. On systems using classic /etc/init.d init scripts i.e. on Red Hat Enterprise Linux 6 a...

PT-2018-5049 · Red Hat · Red Hat

Name of the Vulnerable Software and Affected Versions: Red Hat Enterprise Linux versions prior to 7 Description: A security issue was found in certain versions of Red Hat Enterprise Linux, where EAP packages have incorrect permissions for the /etc/sysconfig/jbossas configuration file. The file is...

jboss: jbossas writable config files allow privilege escalation

It was discovered that EAP packages in certain versions of Red Hat Enterprise Linux use incorrect permissions for /etc/sysconfig/jbossas configuration files. The file is writable to jboss group root:jboss, 664. On systems using classic /etc/init.d init scripts i.e. on Red Hat Enterprise Linux 6 a...

JBOSSAS 5.x/6.x Deserializer Vulnerability

Exploit for java platform in category web applications JBOSSAS 5.x/6.x Deserializer Vulnerability https://access.redhat.com/security/cve/cve-2017-12149 CVE-2017-12149 It was found that the doFilter method in the ReadOnlyAccessFilter of the HTTP Invoker does not restrict classes for which it...

JBOSSAS 4.x Deserializer Vulnerability

Exploit for java platform in category web applications JBOSSAS 4.x Deserializer Vulnerability The MITRE CVE dictionary describes this issue as: https://access.redhat.com/security/cve/cve-2017-7504 HTTPServerILServlet.java in JMS over HTTP Invocation Layer of the JbossMQ implementation, which is...

JBOSSAS 4.x 反序列化命令执行漏洞（CVE-2017-7504）

The MITRE CVE dictionary describes this issue as: HTTPServerILServlet.java in JMS over HTTP Invocation Layer of the JbossMQ implementation, which is enabled by default in Red Hat Jboss Application Server = Jboss 4.X does not restrict the classes for which it performs deserialization, which allows...

JBOSSAS 5.x/6.x 反序列化命令执行漏洞（CVE-2017-12149）

CVE-2017-12149 It was found that the doFilter method in the ReadOnlyAccessFilter of the HTTP Invoker does not restrict classes for which it performs deserialization. This allows an attacker to execute arbitrary code via crafted serialized data. Find out more about CVE-2017-12149 from the MITRE CV...

jboss: jbossas writable config files allow privilege escalation

It was discovered that EAP packages in certain versions of Red Hat Enterprise Linux use incorrect permissions for /etc/sysconfig/jbossas configuration files. The file is writable to jboss group root:jboss, 664. On systems using classic /etc/init.d init scripts i.e. on Red Hat Enterprise Linux 6 a...

jboss: jbossas writable config files allow privilege escalation

It was discovered that EAP packages in certain versions of Red Hat Enterprise Linux use incorrect permissions for /etc/sysconfig/jbossas configuration files. The file is writable to jboss group root:jboss, 664. On systems using classic /etc/init.d init scripts i.e. on Red Hat Enterprise Linux 6 a...