Information Disclosure

An attack technique against the W3C XML Encryption Standard when block ciphers were used in CBC mode could allow a remote attacker to conduct chosen-ciphertext attacks, leading to the recovery of the entire plain text of a particular cryptogram. CVE-2011-1096 JBoss Web Services leaked side-channe...

CVE-2012-3370

The SecurityAssociation.getCredential method in JBoss Enterprise Application Platform EAP before 5.2.0, Web Platform EWP before 5.2.0, BRMS Platform before 5.3.1, and SOA Platform before 5.3.1 returns the credentials of the previous user when a security context is not provided, which allows remot...

JBoss Enterprise Application Platform SecurityAssociation.getCredential() 安全绕过漏洞

BUGTRAQ ID: 57550 CVECAN ID: CVE-2012-3370 JBoss企业应用平台（JBoss Enterprise Application Platform，EAP）是J2EE应用的中间件平台。 JBoss Enterprise Application Platform，如果没有提供安全上下文给SecurityAssociation.getCredential，则其会返回之前的凭证。根据配置的应用，可允许远程攻击者劫持之前经过身份验证的用户凭证。 0 JBoss Group JBoss Enterprise Web Platform for RHEL 5...

Important: Red Hat Security Advisory: JBoss Enterprise Application Platform 5.2.0 update

JBoss Enterprise Application Platform 5.2.0, which fixes multiple security issues, various bugs, and adds several enhancements, is now available from the Red Hat Customer Portal. The Red Hat Security Response Team has rated this update as having important security impact. Common Vulnerability...