RHEL 7 : JBoss EAP (RHSA-2016:2641)

Updated packages that provides Red Hat JBoss Enterprise Application Platform 7.0.3, fixes several bugs, and adds various enhancements are now available for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability...

WSO2 Identity Server 5.3.0 Cross Site Scripting

SEC Consult Vulnerability Lab Security Advisory ======================================================================= title: Multiple Stored XSS Vulnerabilities product: WSO2 Carbon, WSO2 Dashboard Server vulnerable version: WSO2 Identity Server 5.3.0 fixed version: WSO2 Identity Server 5.5.0 C...

Important: Red Hat Security Advisory: JBoss Enterprise Application Platform 7.0.3 for RHEL 7

Updated packages that provides Red Hat JBoss Enterprise Application Platform 7.0.3, fixes several bugs, and adds various enhancements are now available for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability...

JBoss Enterprise Application Platform SecurityAssociation.getCredential() 安全绕过漏洞

BUGTRAQ ID: 57550 CVECAN ID: CVE-2012-3370 JBoss企业应用平台（JBoss Enterprise Application Platform，EAP）是J2EE应用的中间件平台。 JBoss Enterprise Application Platform，如果没有提供安全上下文给SecurityAssociation.getCredential，则其会返回之前的凭证。根据配置的应用，可允许远程攻击者劫持之前经过身份验证的用户凭证。 0 JBoss Group JBoss Enterprise Web Platform for RHEL 5...

JBoss Enterprise SOA Platform调用程序身份验证绕过漏洞

BUGTRAQ ID: 50720 CVE ID: CVE-2011-4085 JBoss企业应用平台（JBoss Enterprise Application Platform，EAP）是J2EE应用的中间件平台。 JBoss Enterprise Application Platform在调用程序的实现上存在安全漏洞，攻击者可利用此漏洞绕过身份验证机制，非法访问受影响应用程序。 RedHat JBoss EAP 5.x 厂商补丁： RedHat ------ 目前厂商已经发布了升级补丁以修复这个安全问题，请到厂商的主页下载： http://www.jboss.org/...