33 matches found
EUVD-2011-4248
Malware in sbrugna...
RHEL 5 : JBoss Enterprise Web Platform 5.1.2 update (Low) (RHSA-2011:1803)
The remote Redhat Enterprise Linux 5 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2011:1803 advisory. The Enterprise Web Platform is a slimmed down profile of the JBoss Enterprise Application Platform intended for mid-size workloads with light and ric...
SUSE CVE-2011-4314
message/ax/AxMessage.java in OpenID4Java before 0.9.6 final, as used in JBoss Enterprise Application Platform 5.1 before 5.1.2, Step2, Kay Framework before 1.0.2, and possibly other products does not verify that Attribute Exchange AX information is signed, which allows remote attackers to modify...
at.molindo:molindo-wicket-utils (=1.0-alpha-1), at.molindo:wicketstuff-merged-resources (=3.1-alpha-1) +34 more potentially affected by CVE-2011-4314 via org.openid4java:openid4java (>=0.9.3 <=0.9.5)
org.openid4java:openid4java MAVEN version =0.9.3, =0.9, =0.4-incubating, =0.4-incubating, =1.1-beta1, =2.0-beta1, =1.2-beta1, =1.2-beta1, =1.20, =1.20, =1.6, =1.6, =1.6, =1.9 and more Source cves: CVE-2011-4314 Source advisory: OSV:GHSA-J473-C3RR-RX9P...
GHSA-J473-C3RR-RX9P OpenID4Java does not verify that Attribute Exchange (AX) information is signed
message/ax/AxMessage.java in OpenID4Java before 0.9.6 final, as used in JBoss Enterprise Application Platform 5.1 before 5.1.2, Step2, Kay Framework before 1.0.2, and possibly other products does not verify that Attribute Exchange AX information is signed, which allows remote attackers to modify...
at.molindo:molindo-wicket-utils (=1.0-alpha-1), at.molindo:wicketstuff-merged-resources (=3.1-alpha-1) +34 more potentially affected by CVE-2011-4314 via org.openid4java:openid4java (>=0.9.3 <=0.9.5)
org.openid4java:openid4java MAVEN version =0.9.3, =0.9, =0.4-incubating, =0.4-incubating, =1.1-beta1, =2.0-beta1, =1.2-beta1, =1.2-beta1, =1.20, =1.20, =1.6, =1.6, =1.6, =1.9 and more Source cves: CVE-2011-4314 Source advisory: SNYK:JAVA-ORGOPENID4JAVA-9689879...
OpenID4Java does not verify that Attribute Exchange (AX) information is signed
message/ax/AxMessage.java in OpenID4Java before 0.9.6 final, as used in JBoss Enterprise Application Platform 5.1 before 5.1.2, Step2, Kay Framework before 1.0.2, and possibly other products does not verify that Attribute Exchange AX information is signed, which allows remote attackers to modify...
Insufficient Verification of Data Authenticity
Overview Affected versions of this package are vulnerable to Insufficient Verification of Data Authenticity due to the lack of verification in the AxMessage process. An attacker can modify potentially sensitive AX information without detection by performing a man-in-the-middle MITM attack...
Security Bulletin: IBM QRadar SIEM contains vulnerable components and libraries. (CVE-2011-4314)
Summary The product includes vulnerable components e.g., framework libraries that may be identified and exploited with automated tools. Vulnerability Details CVEID: CVE-2011-4314 DESCRIPTION: OpenID4Java could allow a remote attacker to bypass security restrictions, caused by the improper...
RHEL 6 : JBoss Enterprise Application Platform 5.1.2 update (Low) (RHSA-2011:1798)
The remote Redhat Enterprise Linux 6 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2011:1798 advisory. - Invoker servlets authentication bypass HTTP verb tampering CVE-2011-4085 - openid4java AX extension: MITM due to improper validation of AX...
RHEL 4 : JBoss EAP (RHSA-2011:1800)
Updated JBoss Enterprise Application Platform 5.1.2 packages that fix two security issues, various bugs, and add several enhancements are now available for Red Hat Enterprise Linux 4. The Red Hat Security Response Team has rated this update as having low security impact. Common Vulnerability...
extension): MITM due to improper validation of AX attribute signatures
message/ax/AxMessage.java in OpenID4Java before 0.9.6 final, as used in JBoss Enterprise Application Platform 5.1 before 5.1.2, Step2, Kay Framework before 1.0.2, and possibly other products does not verify that Attribute Exchange AX information is signed, which allows remote attackers to modify...
Moderate: Red Hat Security Advisory: JBoss Enterprise Portal Platform 5.2.1 update
JBoss Enterprise Portal Platform 5.2.1, which fixes two security issues and various bugs, is now available from the Red Hat Customer Portal. The Red Hat Security Response Team has rated this update as having moderate security impact. Common Vulnerability Scoring System CVSS base scores, which giv...
Moderate: Red Hat Security Advisory: JBoss Enterprise BRMS Platform 5.2.0 update
JBoss Enterprise BRMS Platform 5.2.0 roll up patch 1, which fixes two security issues, various bugs, and adds enhancements, is now available from the Red Hat Customer Portal. The Red Hat Security Response Team has rated this update as having moderate security impact. Common Vulnerability Scoring...
extension): MITM due to improper validation of AX attribute signatures
message/ax/AxMessage.java in OpenID4Java before 0.9.6 final, as used in JBoss Enterprise Application Platform 5.1 before 5.1.2, Step2, Kay Framework before 1.0.2, and possibly other products does not verify that Attribute Exchange AX information is signed, which allows remote attackers to modify...
extension): MITM due to improper validation of AX attribute signatures
message/ax/AxMessage.java in OpenID4Java before 0.9.6 final, as used in JBoss Enterprise Application Platform 5.1 before 5.1.2, Step2, Kay Framework before 1.0.2, and possibly other products does not verify that Attribute Exchange AX information is signed, which allows remote attackers to modify...
Low: Red Hat Security Advisory: JBoss Enterprise SOA Platform 5.2.0 update
JBoss Enterprise SOA Platform 5.2.0 roll up patch 1, which fixes one security issue and various bugs, is now available from the Red Hat Customer Portal. The Red Hat Security Response Team has rated this update as having low security impact. A Common Vulnerability Scoring System CVSS base score,...
DEBIAN-CVE-2011-4314
message/ax/AxMessage.java in OpenID4Java before 0.9.6 final, as used in JBoss Enterprise Application Platform 5.1 before 5.1.2, Step2, Kay Framework before 1.0.2, and possibly other products does not verify that Attribute Exchange AX information is signed, which allows remote attackers to modify...
CVE-2011-4314
message/ax/AxMessage.java in OpenID4Java before 0.9.6 final, as used in JBoss Enterprise Application Platform 5.1 before 5.1.2, Step2, Kay Framework before 1.0.2, and possibly other products does not verify that Attribute Exchange AX information is signed, which allows remote attackers to modify...
CVE-2011-4314
message/ax/AxMessage.java in OpenID4Java before 0.9.6 final, as used in JBoss Enterprise Application Platform 5.1 before 5.1.2, Step2, Kay Framework before 1.0.2, and possibly other products does not verify that Attribute Exchange AX information is signed, which allows remote attackers to modify...