49 matches found
EUVD-2014-3476
Malware in sbrugna...
EUVD-2013-2100
Malware in sbrugna...
EUVD-2009-0039
Malware in sbrugna...
EUVD-2022-5182
Malicious code in bioql PyPI...
EUVD-2022-1624
Malicious code in bioql PyPI...
RHEL 5 / 6 : JBoss Enterprise Web Platform 5.2.0 (RHSA-2013:0874)
The remote Redhat Enterprise Linux 5 / 6 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2013:0874 advisory. The Enterprise Web Platform is a slimmed down profile of the JBoss Enterprise Application Platform intended for mid-size workloads with light and...
RHEL 6 : jbossws-common (RHSA-2011:1303)
The remote Redhat Enterprise Linux 6 host has a package installed that is affected by a vulnerability as referenced in the RHSA-2011:1303 advisory. The jbossws-common package provides JBoss Web Services Native, a web service framework included as part of JBoss Enterprise Web Platform. It implemen...
RHSA-2011:1306 Red Hat Security Advisory: jbossws-common security update
Bulletin has no description...
RHSA-2011:1303 Red Hat Security Advisory: jbossws-common security update
Bulletin has no description...
RHSA-2011:1301 Red Hat Security Advisory: jbossws-common security update
Bulletin has no description...
JBossWS vulnerable to uncontrolled recursion
DOMUtils.java in org.jboss.ws:jbossws-common does not properly handle recursion during entity expansion, which allows remote attackers to cause a denial of service memory and CPU consumption via a crafted request containing an XML document with a DOCTYPE declaration and a large number of nested...
GHSA-RJ4P-7MM6-GM9J JBossWS vulnerable to uncontrolled recursion
DOMUtils.java in org.jboss.ws:jbossws-common does not properly handle recursion during entity expansion, which allows remote attackers to cause a denial of service memory and CPU consumption via a crafted request containing an XML document with a DOCTYPE declaration and a large number of nested...
Use of a Broken or Risky Cryptographic Algorithm in Apache WSS4J
The implementations of PKCS1 v1.5 key transport mechanism for XMLEncryption in JBossWS and Apache WSS4J before 1.6.5 is susceptible to a Bleichenbacher attack...
Denial Of Service (DoS)
jbossws-common is vulnerable to denial of service DoS. The vulnerability exists as it was found that JBoss Web Services Native did not properly protect against recursive entity resolution when processing Document Type Definitions DTD. A remote attacker could exploit this flaw by sending a...
Information Disclosure
jbossws is vulnerable to information disclosure. The request handler in JBossWS did not correctly verify the resource path when serving WSDL files for custom web service endpoints. This allowed remote attackers to read arbitrary XML files with the permissions of the EAP processs...
CVE-2011-2487
The implementations of PKCS1 v1.5 key transport mechanism for XMLEncryption in JBossWS and Apache WSS4J before 1.6.5 is susceptible to a Bleichenbacher attack...
Design/Logic Flaw
The implementations of PKCS1 v1.5 key transport mechanism for XMLEncryption in JBossWS and Apache WSS4J before 1.6.5 is susceptible to a Bleichenbacher attack...
CVE-2011-2487
The implementations of PKCS1 v1.5 key transport mechanism for XMLEncryption in JBossWS and Apache WSS4J before 1.6.5 is susceptible to a Bleichenbacher attack...
CVE-2011-2487
CVE-2011-2487 is referenced by GitHub advisory GHSA-vjwc-5HFH-2VV5, which notes that Apache WSS4J before 1.6.17 and 2.0.x before 2.0.2 leak information about decryption failures when decrypting an encrypted key or message data, making it easier to recover plaintext keys via crafted messages. The ...
CVE-2014-3464
The EJB invocation handler implementation in Red Hat JBossWS, as used in JBoss Enterprise Application Platform EAP 6.2.0 and 6.3.0, does not properly enforce the method level restrictions for outbound messages, which allows remote authenticated users to access otherwise restricted JAX-WS handlers...