165 matches found
mod_cluster: JavaScript code injection is possible via MCMP mod_manager messages
A flaw was found in the way the modcluster manager processed certain MCMP messages. An attacker with access to the network from which MCMP messages are allowed to be sent could use this flaw to execute arbitrary JavaScript code in the modcluster manager web interface...
mod_cluster Web Interface MCMP mod_manager Message Handling Cross-Site Scripting Vulnerability
modcluster is an httpd-based load balancing project can proxy requests to a cluster of Tomcat-based web servers. A cross-site scripting vulnerability exists in the modcluster web interface MCMP modmanager message handling, which can be exploited by remote attackers to inject malicious script or...
mod_cluster: JavaScript code injection is possible via MCMP mod_manager messages
A flaw was found in the way the modcluster manager processed certain MCMP messages. An attacker with access to the network from which MCMP messages are allowed to be sent could use this flaw to execute arbitrary JavaScript code in the modcluster manager web interface...
mod_cluster: JavaScript code injection is possible via MCMP mod_manager messages
A flaw was found in the way the modcluster manager processed certain MCMP messages. An attacker with access to the network from which MCMP messages are allowed to be sent could use this flaw to execute arbitrary JavaScript code in the modcluster manager web interface...
RHEL 5 / 6 : mod_cluster (RHSA-2012:1166)
The remote Redhat Enterprise Linux 5 / 6 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2012:1166 advisory. - modcluster registers and exposes the root context of a server by default, despite ROOT being in the excluded-contexts list CVE-2012-1154 Note...
Important: Red Hat Security Advisory: Red Hat JBoss Web Server 2.1.0 update
Red Hat JBoss Web Server 2.1.0, which fixes multiple security issues and several bugs, is now available for Red Hat Enterprise Linux 6. Red Hat Product Security has rated this update as having Important security impact. Common Vulnerability Scoring System CVSS base scores, which give detailed...
Moderate: Red Hat Security Advisory: Red Hat JBoss Web Server 2.0.1 tomcat7 security update
Updated tomcat7 packages that fix three security issues are now available for Red Hat JBoss Web Server 2.0.1 on Red Hat Enterprise Linux 5 and 6. The Red Hat Security Response Team has rated this update as having Moderate security impact. Common Vulnerability Scoring System CVSS base scores, whic...
Moderate: Red Hat Security Advisory: Red Hat JBoss Web Server 2.0.1 tomcat7 security update
Updated tomcat7 packages that fix three security issues are now available for Red Hat JBoss Web Server 2.0.1 on Red Hat Enterprise Linux 5 and 6. The Red Hat Security Response Team has rated this update as having Moderate security impact. Common Vulnerability Scoring System CVSS base scores, whic...
Moderate: Red Hat Security Advisory: Red Hat JBoss Web Server 2.0.1 tomcat6 security update
Updated tomcat6 packages that fix multiple security issues are now available for Red Hat JBoss Web Server 2.0.1 on Red Hat Enterprise Linux 5 and 6. The Red Hat Security Response Team has rated this update as having Moderate security impact. Common Vulnerability Scoring System CVSS base scores,...
Moderate: Red Hat Security Advisory: Red Hat JBoss Web Server 2.0.1 tomcat6 security update
An update for the Apache Tomcat 6 component for Red Hat JBoss Web Server 2.0.1 that fixes multiple security issues is now available from the Red Hat Customer Portal. The Red Hat Security Response Team has rated this update as having Moderate security impact. Common Vulnerability Scoring System CV...
Moderate: Red Hat Security Advisory: Red Hat JBoss Web Server 2.0.1 update
Red Hat JBoss Web Server 2.0.1, which fixes multiple security issues and several bugs, is now available for Red Hat Enterprise Linux 5. The Red Hat Security Response Team has rated this update as having moderate security impact. Common Vulnerability Scoring System CVSS base scores, which give...
RHEL 5 / 6 : mod_cluster (RHSA-2012:1052)
Updated modcluster packages that fix one security issue are now available for JBoss Enterprise Application Platform 5.1.2 for Red Hat Enterprise Linux 4, 5, and 6. The Red Hat Security Response Team has rated this update as having moderate security impact. A Common Vulnerability Scoring System CV...
RHEL 5 / 6 : mod_cluster-native (RHSA-2012:0037)
An updated modcluster-native package that fixes one security issue is now available for JBoss Enterprise Application Platform 5.1.2 for Red Hat Enterprise Linux 4, 5, and 6. The Red Hat Security Response Team has rated this update as having important security impact. A Common Vulnerability Scorin...
CVE-2012-1154
modcluster 1.0.10 before 1.0.10 CP03 and 1.1.x before 1.1.4, as used in JBoss Enterprise Application Platform 5.1.2, when "ROOT" is set to excludedContexts, exposes the root context of the server, which allows remote attackers to bypass access restrictions and gain access to applications deployed...
Authentication flaw
modcluster 1.0.10 before 1.0.10 CP03 and 1.1.x before 1.1.4, as used in JBoss Enterprise Application Platform 5.1.2, when "ROOT" is set to excludedContexts, exposes the root context of the server, which allows remote attackers to bypass access restrictions and gain access to applications deployed...
CVE-2012-1154
CVE-2012-1154 concerns mod_cluster, where a regression in JBoss Enterprise Web Platform 5.1.2 causes the server root context to be registered and exposed by default when ROOT is in the excludedContexts list. This allows remote attackers to bypass access restrictions and access applications deploy...
CVE-2012-1154
modcluster 1.0.10 before 1.0.10 CP03 and 1.1.x before 1.1.4, as used in JBoss Enterprise Application Platform 5.1.2, when "ROOT" is set to excludedContexts, exposes the root context of the server, which allows remote attackers to bypass access restrictions and gain access to applications deployed...
Moderate: Red Hat Security Advisory: mod_cluster security update
Updated modcluster packages that fix one security issue are now available for JBoss Enterprise Web Server 1.0.2 for Red Hat Enterprise Linux 5 and 6. The Red Hat Security Response Team has rated this update as having moderate security impact. A Common Vulnerability Scoring System CVSS base score,...
mod_cluster registers and exposes the root context of a server by default, despite ROOT being in the excluded-contexts list
modcluster 1.0.10 before 1.0.10 CP03 and 1.1.x before 1.1.4, as used in JBoss Enterprise Application Platform 5.1.2, when "ROOT" is set to excludedContexts, exposes the root context of the server, which allows remote attackers to bypass access restrictions and gain access to applications deployed...
Moderate: Red Hat Security Advisory: mod_cluster security update
Updated modcluster packages that fix one security issue are now available for JBoss Enterprise Web Platform 5.1.2 for Red Hat Enterprise Linux 4, 5, and 6. The Red Hat Security Response Team has rated this update as having moderate security impact. A Common Vulnerability Scoring System CVSS base...