EUVD-2016-9492

Malware in sbrugna...

EUVD-2016-10391

Malware in sbrugna...

CVE-2023-51518

Apache James prior to version 3.7.5 and 3.8.0 exposes a JMX endpoint on localhost subject to pre-authentication deserialisation of untrusted data. Given a deserialisation gadjet, this could be leveraged as part of an exploit chain that could result in privilege escalation. Note that by default JM...

Deserialization Of Untrusted Data

org.apache.james: james-server is vulnerable to Deserialization Of Untrusted Data. The vulnerability is due to a JMX endpoint being exposed on localhost, allowing exploitation with a deserialization gadget, potentially resulting in privilege escalation or remote code execution...

CVE-2023-51518

Apache James prior to version 3.7.5 and 3.8.0 exposes a JMX endpoint on localhost subject to pre-authentication deserialisation of untrusted data. Given a deserialisation gadjet, this could be leveraged as part of an exploit chain that could result in privilege escalation. Note that by default JM...

CVE-2023-51518

Apache James prior to version 3.7.5 and 3.8.0 exposes a JMX endpoint on localhost subject to pre-authentication deserialisation of untrusted data. Given a deserialisation gadjet, this could be leveraged as part of an exploit chain that could result in privilege escalation. Note that by default JM...

Authentication flaw

Apache James prior to version 3.7.5 and 3.8.0 exposes a JMX endpoint on localhost subject to pre-authentication deserialisation of untrusted data. Given a deserialisation gadjet, this could be leveraged as part of an exploit chain that could result in privilege escalation. Note that by default JM...

CVE-2023-51518

CVE-2023-51518 affects Apache James before 3.7.5 and 3.8.0, exposing a JMX endpoint on localhost that is vulnerable to pre-authentication deserialization. An attacker could leverage a deserialization gadget to achieve privilege escalation as part of an exploit chain; the endpoint is local by defa...

PT-2024-14172 · Apache · Apache James

Name of the Vulnerable Software and Affected Versions: Apache James versions prior to 3.7.5 and 3.8.0 Description: The issue concerns the exposure of a JMX endpoint on localhost, which is subject to pre-authentication deserialisation of untrusted data. Given a deserialisation gadget, this could b...

Design/Logic Flaw

It was found that the JMX endpoint of Red Hat JBoss Fuse 6, and Red Hat A-MQ 6 deserializes the credentials passed to it. An attacker could use this flaw to launch a denial of service attack...

CVE-2016-8653

It was found that the JMX endpoint of Red Hat JBoss Fuse 6, and Red Hat A-MQ 6 deserializes the credentials passed to it. An attacker could use this flaw to launch a denial of service attack...

CVE-2016-8653

It was found that the JMX endpoint of Red Hat JBoss Fuse 6, and Red Hat A-MQ 6 deserializes the credentials passed to it. An attacker could use this flaw to launch a denial of service attack...

CVE-2016-8653

It was found that the JMX endpoint of Red Hat JBoss Fuse 6, and Red Hat A-MQ 6 deserializes the credentials passed to it. An attacker could use this flaw to launch a denial of service attack...

Deserialization of untrusted data

Red Hat JBoss EAP version 5 is vulnerable to a deserialization of untrusted data in the JMX endpoint when deserializes the credentials passed to it. An attacker could exploit this vulnerability resulting in a denial of service attack...

CVE-2016-9585

CVE-2016-9585 affects Red Hat JBoss EAP 5. The vulnerability is a deserialization flaw in the JMX endpoint when processing credentials, enabling an attacker to cause a denial of service. Documents describe the root cause as deserializing untrusted data and note impact as availability loss (DoS). ...

CVE-2016-9585

It was found that the JMX endpoint of Red Hat JBoss EAP 5 deserializes the credentials passed to it. An attacker could use this flaw to cause a denial of service. Mitigation You should not expose Remote JMX on EAP 5, or SOA-P 5. To do that remove this system property from bin/run.conf, or...

CVE-2016-8653

It was found that the JMX endpoint of Red Hat JBoss Fuse 6, and Red Hat A-MQ 6 deserializes the credentials passed to it. An attacker could use this flaw to launch a denial of service attack...