136 matches found
JGroups: Authorization bypass
It was found that JGroups did not require necessary headers for encrypt and auth protocols from new nodes joining the cluster. An attacker could use this flaw to bypass security restrictions, and use this vulnerability to send and receive messages within the cluster, leading to information...
JGroups: Authorization bypass
It was found that JGroups did not require necessary headers for encrypt and auth protocols from new nodes joining the cluster. An attacker could use this flaw to bypass security restrictions, and use this vulnerability to send and receive messages within the cluster, leading to information...
Critical: Red Hat Security Advisory: Red Hat JBoss Enterprise Application Platform 7.0 security update
A security update is now available for Red Hat JBoss Enterprise Application Platform from the Customer Portal. Red Hat Product Security has rated this update as having a security impact of Critical. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is...
JGroups: Authorization bypass
It was found that JGroups did not require necessary headers for encrypt and auth protocols from new nodes joining the cluster. An attacker could use this flaw to bypass security restrictions, and use this vulnerability to send and receive messages within the cluster, leading to information...
Critical: Red Hat Security Advisory: Red Hat JBoss Data Grid 6.6 security update
A security update is now available for Red Hat JBoss Data Grid from the Customer Portal. Red Hat Product Security has rated this update as having a security impact of Critical. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each...
CVE-2016-2141
It was found that JGroups did not require necessary headers for encrypt and auth protocols from new nodes joining the cluster. An attacker could use this flaw to bypass security restrictions, and use this vulnerability to send and receive messages within the cluster, leading to information...
JBoss Portal 6.1.0 Update (RHSA-2013:1437)
The version of JBoss Enterprise Portal Platform on the remote system is affected by the following issues: - A flaw in CSRF prevention filter in JBoss Web could allow remote attackers to bypass the cross-site request forgery CSRF protection mechanism via a request that lacks a session identifier...
JGroups: Authentication via cached credentials
The DiagnosticsHandler in JGroup 3.0.x, 3.1.x, 3.2.x before 3.2.9, and 3.3.x before 3.3.3 allows remote attackers to obtain sensitive information diagnostic information and execute arbitrary code by reusing valid credentials...
CVE-2013-2102
The default configuration of Red Hat JBoss Portal before 6.1.0 enables the JGroups diagnostics service with no authentication when a JGroups channel is started, which allows remote attackers to obtain sensitive information diagnostics by accessing the service...
Default configuration
The default configuration of Red Hat JBoss Portal before 6.1.0 enables the JGroups diagnostics service with no authentication when a JGroups channel is started, which allows remote attackers to obtain sensitive information diagnostics by accessing the service...
CVE-2013-2102
The default configuration of Red Hat JBoss Portal before 6.1.0 enables the JGroups diagnostics service with no authentication when a JGroups channel is started, which allows remote attackers to obtain sensitive information diagnostics by accessing the service...
CVE-2013-2102
CVE-2013-2102 affects Red Hat JBoss Portal 6.1.0 and earlier: when a JGroups channel starts, the JGroups diagnostics service is enabled by default with no authentication, allowing remote attackers to read diagnostics information. Red Hat released RHSA-2013:1437 with a 6.1.0 update to address this...
Gatein: JGroups configurations enable diagnostics without authentication
The default configuration of Red Hat JBoss Portal before 6.1.0 enables the JGroups diagnostics service with no authentication when a JGroups channel is started, which allows remote attackers to obtain sensitive information diagnostics by accessing the service...
JGroups: Authentication via cached credentials
The DiagnosticsHandler in JGroup 3.0.x, 3.1.x, 3.2.x before 3.2.9, and 3.3.x before 3.3.3 allows remote attackers to obtain sensitive information diagnostic information and execute arbitrary code by reusing valid credentials...
JGroups: Authentication via cached credentials
The DiagnosticsHandler in JGroup 3.0.x, 3.1.x, 3.2.x before 3.2.9, and 3.3.x before 3.3.3 allows remote attackers to obtain sensitive information diagnostic information and execute arbitrary code by reusing valid credentials...
JGroups: Authentication via cached credentials
The DiagnosticsHandler in JGroup 3.0.x, 3.1.x, 3.2.x before 3.2.9, and 3.3.x before 3.3.3 allows remote attackers to obtain sensitive information diagnostic information and execute arbitrary code by reusing valid credentials...
JGroups: Authentication via cached credentials
The DiagnosticsHandler in JGroup 3.0.x, 3.1.x, 3.2.x before 3.2.9, and 3.3.x before 3.3.3 allows remote attackers to obtain sensitive information diagnostic information and execute arbitrary code by reusing valid credentials...
Important: Red Hat Security Advisory: JBoss Enterprise Web Platform 5.2.0 update
JBoss Enterprise Web Platform 5.2.0, which fixes multiple security issues, various bugs, and adds several enhancements, is now available from the Red Hat Customer Portal. The Red Hat Security Response Team has rated this update as having important security impact. Common Vulnerability Scoring...
JGroups diagnostics service enabled by default with no authentication when a JGroups channel is started
JGroups diagnostics service in JBoss Enterprise Portal Platform before 5.2.2, SOA Platform before 5.3.0, and BRMS Platform before 5.3.0, is enabled without authentication when started by the JGroups channel, which allows remote attackers in adjacent networks to read diagnostics information via a...
Important: Red Hat Security Advisory: JBoss Enterprise Web Platform 5.2.0 update
Updated JBoss Enterprise Web Platform 5.2.0 packages that fix multiple security issues, various bugs, and add several enhancements are now available for Red Hat Enterprise Linux 5. The Red Hat Security Response Team has rated this update as having important security impact. Common Vulnerability...