EUVD-2009-3536

Malware in sbrugna...

CVE-2023-26269

Apache James server version 3.7.3 and earlier provides a JMX management service without authentication by default. This allows privilege escalation by a malicious local user. Administrators are advised to disable JMX, or set up a JMX password. Note that version 3.7.4 onward will set up a JMX...

PT-2023-20578 · Apache · Apache James Server

Name of the Vulnerable Software and Affected Versions: Apache James server versions 3.7.3 and earlier Description: The issue allows privilege escalation by a malicious local user due to the JMX management service being provided without authentication by default. Administrators are advised to take...

Design/Logic Flaw

Twiddle in Red Hat JBoss Enterprise Application Platform aka JBoss EAP or JBEAP 4.2 before 4.2.0.CP08 and 4.3 before 4.3.0.CP07 writes the JMX password, and other command-line arguments, to the twiddle.log file, which allows local users to obtain sensitive information by reading this file...

JBoss EAP Twiddle logs the JMX password

Twiddle in Red Hat JBoss Enterprise Application Platform aka JBoss EAP or JBEAP 4.2 before 4.2.0.CP08 and 4.3 before 4.3.0.CP07 writes the JMX password, and other command-line arguments, to the twiddle.log file, which allows local users to obtain sensitive information by reading this file...

Moderate: Red Hat Security Advisory: JBoss Enterprise Application Platform 4.3.0.CP07 update

Updated JBoss Enterprise Application Platform JBEAP 4.3 packages that fix multiple security issues, several bugs, and add enhancements are now available for Red Hat Enterprise Linux 5 as JBEAP 4.3.0.CP07. This update has been rated as having moderate security impact by the Red Hat Security Respon...