Lucene search
K

5 matches found

RedHat Linux
RedHat Linux
added 2021/08/18 9:54 a.m.3 views

activemq: improper authentication allows MITM attack

Apache ActiveMQ uses LocateRegistry.createRegistry to create the JMX RMI registry and binds the server to the "jmxrmi" entry. It is possible to connect to the registry without authentication and call the rebind method to rebind jmxrmi to something else. If an attacker creates another server to...

5.9CVSS7.3AI score0.04561EPSS
Exploits0References4
RedHat Linux
RedHat Linux
added 2020/12/16 12:11 p.m.5 views

apache-flink: JMX information disclosure vulnerability

A vulnerability in Apache Flink 1.1.0 to 1.1.5, 1.2.0 to 1.2.1, 1.3.0 to 1.3.3, 1.4.0 to 1.4.2, 1.5.0 to 1.5.6, 1.6.0 to 1.6.4, 1.7.0 to 1.7.2, 1.8.0 to 1.8.3, 1.9.0 to 1.9.2, 1.10.0 where, when running a process with an enabled JMXReporter, with a port configured via...

4.7CVSS5.9AI score0.00863EPSS
Exploits0References4
RedHat Linux
RedHat Linux
added 2020/11/05 6:48 p.m.4 views

cxf: JMX integration is vulnerable to a MITM attack

Apache CXF has the ability to integrate with JMX by registering an InstrumentationManager extension with the CXF bus. If the ‘createMBServerConnectorFactory‘ property of the default InstrumentationManagerImpl is not disabled, then it is vulnerable to a man-in-the-middle MITM style attack. An...

5.3CVSS7.4AI score0.06147EPSS
Exploits0References4
RedHat Linux
RedHat Linux
added 2020/11/04 7:24 p.m.4 views

cxf: JMX integration is vulnerable to a MITM attack

Apache CXF has the ability to integrate with JMX by registering an InstrumentationManager extension with the CXF bus. If the ‘createMBServerConnectorFactory‘ property of the default InstrumentationManagerImpl is not disabled, then it is vulnerable to a man-in-the-middle MITM style attack. An...

5.3CVSS7.4AI score0.06147EPSS
Exploits0References4
RedHat Linux
RedHat Linux
added 2020/10/13 4:50 p.m.4 views

cxf: JMX integration is vulnerable to a MITM attack

Apache CXF has the ability to integrate with JMX by registering an InstrumentationManager extension with the CXF bus. If the ‘createMBServerConnectorFactory‘ property of the default InstrumentationManagerImpl is not disabled, then it is vulnerable to a man-in-the-middle MITM style attack. An...

5.3CVSS7.4AI score0.06147EPSS
Exploits0References4
Rows per page
Query Builder