PicketBox/JBossSX: Unauthorized access to and modification of application server configuration and state by application

It was identified that PicketBox/JBossSX allowed any deployed application to alter or read the underlying application server configuration and state without any authorization checks. An attacker able to deploy applications could use this flaw to circumvent security constraints applied to other...

JBossSX/PicketBox: World readable audit.log file

It was found that the security auditing functionality provided by PicketBox and JBossSX, both security frameworks for Java applications, used a world-readable audit.log file to record sensitive information. A local user could possibly use this flaw to gain access to the sensitive information in t...

JBossSX/PicketBox: World readable audit.log file

It was found that the security auditing functionality provided by PicketBox and JBossSX, both security frameworks for Java applications, used a world-readable audit.log file to record sensitive information. A local user could possibly use this flaw to gain access to the sensitive information in t...

JBossSX/PicketBox: World readable audit.log file

It was found that the security auditing functionality provided by PicketBox and JBossSX, both security frameworks for Java applications, used a world-readable audit.log file to record sensitive information. A local user could possibly use this flaw to gain access to the sensitive information in t...

Important: Red Hat Security Advisory: Red Hat JBoss Fuse Service Works 6.0.0 security update

Red Hat JBoss Fuse Service Works 6.0.0 roll up patch 4, which fixes multiple security issues and various bugs, is now available from the Red Hat Customer Portal. Red Hat Product Security has rated this update as having Important security impact. Common Vulnerability Scoring System CVSS base score...

JBossSX/PicketBox: World readable audit.log file

It was found that the security auditing functionality provided by PicketBox and JBossSX, both security frameworks for Java applications, used a world-readable audit.log file to record sensitive information. A local user could possibly use this flaw to gain access to the sensitive information in t...

Input validation

PicketBox and JBossSX, as used in Red Hat JBoss Enterprise Application Platform JBEAP 6.2.2 and JBoss BRMS before 6.0.3 roll up patch 2, allows remote authenticated users to read and modify the application sever configuration and state by deploying a crafted application...

CVE-2014-0005

PicketBox and JBossSX, as used in Red Hat JBoss Enterprise Application Platform JBEAP 6.2.2 and JBoss BRMS before 6.0.3 roll up patch 2, allows remote authenticated users to read and modify the application sever configuration and state by deploying a crafted application...

CVE-2014-0005

CVE-2014-0005 affects PicketBox/JBossSX used in Red Hat JBoss EAP 6.2.2 and JBoss BRMS before 6.0.3 roll up patch 2; the issue allows remote authenticated users to read/modify the application server configuration and state by deploying a crafted application. The NVD notes a LOW (3.6) base score w...

CVE-2014-0005

PicketBox and JBossSX, as used in Red Hat JBoss Enterprise Application Platform JBEAP 6.2.2 and JBoss BRMS before 6.0.3 roll up patch 2, allows remote authenticated users to read and modify the application sever configuration and state by deploying a crafted application...

PicketBox/JBossSX: Unauthorized access to and modification of application server configuration and state by application

It was identified that PicketBox/JBossSX allowed any deployed application to alter or read the underlying application server configuration and state without any authorization checks. An attacker able to deploy applications could use this flaw to circumvent security constraints applied to other...

Important: Red Hat Security Advisory: Red Hat JBoss BRMS 6.0.3 security update

Red Hat JBoss BRMS 6.0.3 roll up patch 2, which fixes multiple security issues, several bugs, and adds various enhancements, is now available from the Red Hat Customer Portal. Red Hat Product Security has rated this update as having Important security impact. Common Vulnerability Scoring System...

JBossSX/PicketBox: World readable audit.log file

It was found that the security auditing functionality provided by PicketBox and JBossSX, both security frameworks for Java applications, used a world-readable audit.log file to record sensitive information. A local user could possibly use this flaw to gain access to the sensitive information in t...

Important: Red Hat Security Advisory: Red Hat JBoss Operations Network 3.3.0 update

Red Hat JBoss Operations Network 3.2.3, which fixes multiple security issues and several bugs, is now available from the Red Hat Customer Portal. Red Hat Product Security has rated this update as having Important security impact. Common Vulnerability Scoring System CVSS base scores, which give...

JBossSX/PicketBox: World readable audit.log file

It was found that the security auditing functionality provided by PicketBox and JBossSX, both security frameworks for Java applications, used a world-readable audit.log file to record sensitive information. A local user could possibly use this flaw to gain access to the sensitive information in t...

Moderate: Red Hat Security Advisory: Red Hat JBoss Data Grid 6.3.0 update

Red Hat JBoss Data Grid 6.3.0, which fixes multiple security issues, various bugs, and adds enhancements, is now available from the Red Hat Customer Portal. The Red Hat Security Response Team has rated this update as having Moderate security impact. Common Vulnerability Scoring System CVSS base...

Low: Red Hat Security Advisory: Red Hat JBoss Enterprise Application Platform 6.2.3 update

Updated packages that provide Red Hat JBoss Enterprise Application Platform 6.2.3 and fix one security issue, several bugs, and add various enhancements are now available for Red Hat Enterprise Linux 5. The Red Hat Security Response Team has rated this update as having Low security impact. A Comm...

RHEL 5 : JBoss EAP (RHSA-2014:0564)

Updated packages that provide Red Hat JBoss Enterprise Application Platform 6.2.3 and fix one security issue, several bugs, and add various enhancements are now available for Red Hat Enterprise Linux 5. The Red Hat Security Response Team has rated this update as having Low security impact. A Comm...

Low: Red Hat Security Advisory: Red Hat JBoss Enterprise Application Platform 6.2.3 update

Updated packages that provide Red Hat JBoss Enterprise Application Platform 6.2.3 and fix one security issue, several bugs, and add various enhancements are now available for Red Hat Enterprise Linux 6. The Red Hat Security Response Team has rated this update as having Low security impact. A Comm...

JBossSX/PicketBox: World readable audit.log file

It was found that the security auditing functionality provided by PicketBox and JBossSX, both security frameworks for Java applications, used a world-readable audit.log file to record sensitive information. A local user could possibly use this flaw to gain access to the sensitive information in t...