Lucene search
+L

69 matches found

RedHat Linux
RedHat Linux
added 2013/02/26 6:7 p.m.37 views

Important: Red Hat Security Advisory: JBoss Web Services security update

An update for the JBoss Web Services component in JBoss Enterprise SOA Platform 4.3 CP05 and JBoss Enterprise Portal Platform 4.3 CP07 which fixes one security issue is now available from the Red Hat Customer Portal. The Red Hat Security Response Team has rated this update as having important...

5CVSS6.3AI score0.02587EPSS
Exploits0References4
NVD
NVD
added 2013/02/05 11:55 p.m.20 views

CVE-2011-4575

Cross-site scripting XSS vulnerability in the JMX console in JBoss Enterprise Application Platform EAP before 5.2.0, Web Platform EWP before 5.2.0, BRMS Platform before 5.3.1, and SOA Platform before 5.3.1 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors...

4.3CVSS5.5AI score0.01794EPSS
Exploits0References14
NVD
NVD
added 2013/02/05 11:55 p.m.33 views

CVE-2012-3369

The CallerIdentityLoginModule in JBoss Enterprise Application Platform EAP before 5.2.0, Web Platform EWP before 5.2.0, BRMS Platform before 5.3.1, and SOA Platform before 5.3.1 allows remote attackers to gain privileges of the previous user via a null password, which causes the previous user's...

4CVSS6.8AI score0.02685EPSS
Exploits0References16
NVD
NVD
added 2013/02/05 11:55 p.m.28 views

CVE-2012-3370

The SecurityAssociation.getCredential method in JBoss Enterprise Application Platform EAP before 5.2.0, Web Platform EWP before 5.2.0, BRMS Platform before 5.3.1, and SOA Platform before 5.3.1 returns the credentials of the previous user when a security context is not provided, which allows remot...

5.8CVSS6.7AI score0.01862EPSS
Exploits1References17
CVE
CVE
added 2013/02/05 11:11 p.m.74 views

CVE-2011-4575

CVE-2011-4575 is an XSS vulnerability in the JMX Console of JBoss products (EAP before 5.2.0, EWP before 5.2.0, BRMS Platform before 5.3.1, and SOA Platform before 5.3.1) allowing remote injection of script/HTML via unspecified vectors. Connected sources summarize the same CVE as an XSS flaw in t...

4.3CVSS5.4AI score0.01794EPSS
Exploits0References14Affected Software1
CVE
CVE
added 2013/02/05 11:11 p.m.86 views

CVE-2012-3370

CVE-2012-3370 affects JBoss components (EAP, EWP, BRMS, SOA) prior to the stated versions, where SecurityAssociation.getCredential() returns the previous user’s credentials when no security context is provided, enabling remote privilege escalation to a different user. Red Hat advisories (RHSA/RHB...

5.8CVSS5.7AI score0.01862EPSS
Exploits1References17Affected Software1
Cvelist
Cvelist
added 2013/02/05 11:11 p.m.36 views

CVE-2012-5478

The AuthorizationInterceptor in JBoss Enterprise Application Platform EAP before 5.2.0, Web Platform EWP before 5.2.0, BRMS Platform before 5.3.1, and SOA Platform before 5.3.1 does not properly restrict access, which allows remote authenticated users to bypass intended role restrictions and...

5.4AI score0.02178EPSS
Exploits0References15
Positive Technologies
Positive Technologies
added 2013/02/05 12:0 a.m.6 views

PT-2013-1520 · Red Hat · Brms Platform +3

Name of the Vulnerable Software and Affected Versions: JBoss Enterprise Application Platform EAP versions prior to 5.2.0 Web Platform EWP versions prior to 5.2.0 BRMS Platform versions prior to 5.3.1 SOA Platform versions prior to 5.3.1 Description: The issue concerns the JMXInvokerHAServlet and...

6.8CVSS7AI score0.15561EPSS
Exploits1References23
RedHat Linux
RedHat Linux
added 2013/02/04 11:36 p.m.45 views

Important: Red Hat Security Advisory: jbossweb security update

An update for JBoss Enterprise Portal Platform 5.2.2 and JBoss Enterprise SOA Platform 5.3.0 that fixes one security issue is now available from the Red Hat Customer Portal. The Red Hat Security Response Team has rated this update as having important security impact. A Common Vulnerability Scorin...

4.3CVSS6.8AI score0.11975EPSS
Exploits1References5
RedHat Linux
RedHat Linux
added 2013/01/24 6:52 p.m.14 views

CSRF on jmx-console allows invocation of operations on mbeans

Cross-site request forgery CSRF vulnerability in the JMX Console jmx-console in JBoss Enterprise Portal Platform before 5.2.2, BRMS Platform 5.3.0 before roll up patch1, and SOA Platform 5.3.0 allows remote authenticated users to hijack the authentication of arbitrary users for requests that...

6CVSS6.7AI score0.01567EPSS
Exploits0References4
RedHat Linux
RedHat Linux
added 2013/01/24 6:44 p.m.5 views

CSRF on jmx-console allows invocation of operations on mbeans

Cross-site request forgery CSRF vulnerability in the JMX Console jmx-console in JBoss Enterprise Portal Platform before 5.2.2, BRMS Platform 5.3.0 before roll up patch1, and SOA Platform 5.3.0 allows remote authenticated users to hijack the authentication of arbitrary users for requests that...

6CVSS6.7AI score0.01567EPSS
Exploits0References4
RedHat Linux
RedHat Linux
added 2013/01/24 6:41 p.m.8 views

JBoss: SecurityAssociation.getCredential() will return the previous credential if no security context is provided

The SecurityAssociation.getCredential method in JBoss Enterprise Application Platform EAP before 5.2.0, Web Platform EWP before 5.2.0, BRMS Platform before 5.3.1, and SOA Platform before 5.3.1 returns the credentials of the previous user when a security context is not provided, which allows remot...

5.8CVSS6.3AI score0.01862EPSS
Exploits1References4
RedHat Linux
RedHat Linux
added 2013/01/24 6:27 p.m.5 views

JBoss: CallerIdentityLoginModule retaining password from previous call if a null password is provided

The CallerIdentityLoginModule in JBoss Enterprise Application Platform EAP before 5.2.0, Web Platform EWP before 5.2.0, BRMS Platform before 5.3.1, and SOA Platform before 5.3.1 allows remote attackers to gain privileges of the previous user via a null password, which causes the previous user's...

4CVSS6.2AI score0.02685EPSS
Exploits0References4
RedHat Linux
RedHat Linux
added 2013/01/24 6:7 p.m.12 views

CSRF on jmx-console allows invocation of operations on mbeans

Cross-site request forgery CSRF vulnerability in the JMX Console jmx-console in JBoss Enterprise Portal Platform before 5.2.2, BRMS Platform 5.3.0 before roll up patch1, and SOA Platform 5.3.0 allows remote authenticated users to hijack the authentication of arbitrary users for requests that...

6CVSS6.7AI score0.01567EPSS
Exploits0References4
RedHat Linux
RedHat Linux
added 2013/01/24 6:7 p.m.5 views

JBoss: CallerIdentityLoginModule retaining password from previous call if a null password is provided

The CallerIdentityLoginModule in JBoss Enterprise Application Platform EAP before 5.2.0, Web Platform EWP before 5.2.0, BRMS Platform before 5.3.1, and SOA Platform before 5.3.1 allows remote attackers to gain privileges of the previous user via a null password, which causes the previous user's...

4CVSS6.2AI score0.02685EPSS
Exploits0References4
RedHat Linux
RedHat Linux
added 2012/12/18 10:25 p.m.52 views

Important: Red Hat Security Advisory: JBoss Enterprise SOA Platform 5.3.0 update

JBoss Enterprise SOA Platform 5.3.0 roll up patch 2, which fixes one security issue and various bugs, is now available from the Red Hat Customer Portal. The Red Hat Security Response Team has rated this update as having important security impact. A Common Vulnerability Scoring System CVSS base...

10CVSS6.7AI score0.04112EPSS
Exploits1References4
NVD
NVD
added 2012/11/23 8:55 p.m.22 views

CVE-2012-2377

JGroups diagnostics service in JBoss Enterprise Portal Platform before 5.2.2, SOA Platform before 5.3.0, and BRMS Platform before 5.3.0, is enabled without authentication when started by the JGroups channel, which allows remote attackers in adjacent networks to read diagnostics information via a...

3.3CVSS6.3AI score0.01448EPSS
Exploits1References19
NVD
NVD
added 2012/11/23 8:55 p.m.48 views

CVE-2011-4085

The servlets invoked by httpha-invoker in JBoss Enterprise Application Platform before 5.1.2, SOA Platform before 5.2.0, BRMS Platform before 5.3.0, and Portal Platform before 4.3 CP07 perform access control only for the GET and POST methods, which allow remote attackers to bypass authentication ...

6.8CVSS6.5AI score0.02953EPSS
Exploits3References11
UbuntuCve
UbuntuCve
added 2012/11/23 8:55 p.m.26 views

CVE-2012-2377

JGroups diagnostics service in JBoss Enterprise Portal Platform before 5.2.2, SOA Platform before 5.3.0, and BRMS Platform before 5.3.0, is enabled without authentication when started by the JGroups channel, which allows remote attackers in adjacent networks to read diagnostics information via a...

3.3CVSS6.3AI score0.01448EPSS
Exploits1References2
UbuntuCve
UbuntuCve
added 2012/11/23 8:55 p.m.32 views

CVE-2011-4605

The 1 JNDI service, 2 HA-JNDI service, and 3 HAJNDIFactory invoker servlet in JBoss Enterprise Application Platform 4.3.0 CP10 and 5.1.2, Web Platform 5.1.2, SOA Platform 4.2.0.CP05 and 4.3.0.CP05, Portal Platform 4.3 CP07 and 5.2.x before 5.2.2, and BRMS Platform before 5.3.0 do not properly...

7.5CVSS5.9AI score0.03521EPSS
Exploits1References2
Rows per page
Query Builder