Privilege Escalation

An attack technique against the W3C XML Encryption Standard when block ciphers were used in CBC mode could allow a remote attacker to conduct chosen-ciphertext attacks, leading to the recovery of the entire plain text of a particular cryptogram. CVE-2011-1096 JBoss Web Services leaked side-channe...

Privilege Escalation

An attack technique against the W3C XML Encryption Standard when block ciphers were used in CBC mode could allow a remote attacker to conduct chosen-ciphertext attacks, leading to the recovery of the entire plain text of a particular cryptogram. CVE-2011-1096 JBoss Web Services leaked side-channe...

RHEL 4 : JBoss EWP (RHSA-2013:0197)

Updated JBoss Enterprise Web Platform 5.2.0 packages that fix multiple security issues, various bugs, and add several enhancements are now available for Red Hat Enterprise Linux 4. The Red Hat Security Response Team has rated this update as having important security impact. Common Vulnerability...

Design/Logic Flaw

The SecurityAssociation.getCredential method in JBoss Enterprise Application Platform EAP before 5.2.0, Web Platform EWP before 5.2.0, BRMS Platform before 5.3.1, and SOA Platform before 5.3.1 returns the credentials of the previous user when a security context is not provided, which allows remot...

Important: Red Hat Security Advisory: JBoss Enterprise Application Platform 5.2.0 update

Updated JBoss Enterprise Application Platform 5.2.0 packages that fix multiple security issues, various bugs, and add several enhancements are now available for Red Hat Enterprise Linux 6. The Red Hat Security Response Team has rated this update as having important security impact. Common...

RHEL 6 : JBoss EAP (RHSA-2013:0191)

Updated JBoss Enterprise Application Platform 5.2.0 packages that fix multiple security issues, various bugs, and add several enhancements are now available for Red Hat Enterprise Linux 6. The Red Hat Security Response Team has rated this update as having important security impact. Common...

CVE-2005-4709

The CVE concerns JBoss EJB 3.0 RC3. The popSubjectContext method in SecurityAssociation preserves threadPrincipal and threadCredential from a prior client after the session ends, enabling a remote attacker to assume the roles of that previous client on the same server thread. This is described as...

CVE-2005-4709

The popSubjectContext method in the SecurityAssociation class in JBoss Enterprise Java Beans EJB 3.0 RC3 maintains the threadPrincipal and threadCredential values from a previous client's authentication after termination of a client session, which allows remote attackers to gain the roles of an...