69 matches found
CVE-2012-2377
JGroups diagnostics service in JBoss Enterprise Portal Platform before 5.2.2, SOA Platform before 5.3.0, and BRMS Platform before 5.3.0, is enabled without authentication when started by the JGroups channel, which allows remote attackers in adjacent networks to read diagnostics information via a...
Input validation
The 1 JNDI service, 2 HA-JNDI service, and 3 HAJNDIFactory invoker servlet in JBoss Enterprise Application Platform 4.3.0 CP10 and 5.1.2, Web Platform 5.1.2, SOA Platform 4.2.0.CP05 and 4.3.0.CP05, Portal Platform 4.3 CP07 and 5.2.x before 5.2.2, and BRMS Platform before 5.3.0 do not properly...
Input validation
The JBoss Server in JBoss Enterprise Application Platform 5.1.x before 5.1.2 and 5.2.x before 5.2.2, Web Platform before 5.1.2, BRMS Platform before 5.3.0, and SOA Platform before 5.3.0, when the server is configured to use the JaccAuthorizationRealm and the ignoreBaseDecision property is set to...
CVE-2011-2908
CVE-2011-2908 describes a CSRF flaw in the JMX Console (jmx-console) affecting JBoss Enterprise Portal Platform < 5.2.2, BRMS Platform 5.3.0
CVE-2012-2377
CVE-2012-2377 affects: JBoss Enterprise Portal Platform <5.2.2, JBoss SOA Platform <5.3.0, and BRMS Platform
CVE-2011-4605
Summary: CVE-2011-4605 affects JBoss/JBossAS JNDI-related services. The vulnerability stems from insufficient access restrictions in the JNDI service, HA-JNDI service, and the HAJNDIFactory invoker servlet, allowing remote attackers to write to the JNDI tree. This could enable adding, deleting, o...
PT-2012-1801 · Red Hat · Red Hat Jboss Enterprise Application Platform +3
Name of the Vulnerable Software and Affected Versions: JBoss Enterprise Application Platform versions prior to 5.1.2 JBoss SOA Platform versions prior to 5.2.0 JBoss BRMS Platform versions prior to 5.3.0 JBoss Portal Platform versions prior to 4.3 CP07 Description: The issue allows remote attacke...
Important: Red Hat Security Advisory: JBoss Enterprise SOA Platform 5.3.0 security update
An update for the JBoss Web Services component in JBoss Enterprise SOA Platform 5.3.0 that fixes one security issue is now available from the Red Hat Customer Portal. The Red Hat Security Response Team has rated this update as having important security impact. A Common Vulnerability Scoring Syste...
Important: Red Hat Security Advisory: JBoss Enterprise SOA Platform 4.2.0.CP05 and 4.3.0.CP05 update
An update for JBoss Enterprise SOA Platform 4.2.0.CP05 and 4.3.0.CP05 that fixes one security issue is now available from the Red Hat Customer Portal. The Red Hat Security Response Team has rated this update as having important security impact. A Common Vulnerability Scoring System CVSS base scor...
CSRF on jmx-console allows invocation of operations on mbeans
Cross-site request forgery CSRF vulnerability in the JMX Console jmx-console in JBoss Enterprise Portal Platform before 5.2.2, BRMS Platform 5.3.0 before roll up patch1, and SOA Platform 5.3.0 allows remote authenticated users to hijack the authentication of arbitrary users for requests that...
Important: Red Hat Security Advisory: JBoss Enterprise SOA Platform 5.3.0 update
JBoss Enterprise SOA Platform 5.3.0, which fixes multiple security issues, various bugs, and adds enhancements, is now available from the Red Hat Customer Portal. The Red Hat Security Response Team has rated this update as having important security impact. Common Vulnerability Scoring System CVSS...
Invoker servlets authentication bypass (HTTP verb tampering)
The servlets invoked by httpha-invoker in JBoss Enterprise Application Platform before 5.1.2, SOA Platform before 5.2.0, BRMS Platform before 5.3.0, and Portal Platform before 4.3 CP07 perform access control only for the GET and POST methods, which allow remote attackers to bypass authentication ...
Important: Red Hat Security Advisory: JBoss Enterprise SOA Platform 5.1.0 security update
Updated Spring Framework 3 files for JBoss Enterprise SOA Platform 5.1.0 that fix multiple security issues are now available from the Red Hat Customer Portal. The Red Hat Security Response Team has rated this update as having important security impact. A Common Vulnerability Scoring System CVSS...
Important: Red Hat Security Advisory: jbossws security update
Updated jbossws-client.jar, jbossws-common.jar, jbossws-core.jar, and jbossws-native-core.jar files for JBoss Enterprise SOA Platform 4.2.CP05, 4.3.CP05, and 5.1.0 that fix one security issue are now available from the Red Hat Customer Portal. The Red Hat Security Response Team has rated this...
Input validation
jboss-seam.jar in the JBoss Seam 2 framework 2.2.x and earlier, as distributed in Red Hat JBoss Enterprise SOA Platform 4.3.0.CP05 and 5.1.0; JBoss Enterprise Application Platform aka JBoss EAP or JBEAP 4.3.0, 4.3.0.CP09, and 5.1.1; and JBoss Enterprise Web Platform 5.1.1, does not properly...
CVE-2011-1484
jboss-seam.jar in the JBoss Seam 2 framework 2.2.x and earlier, as distributed in Red Hat JBoss Enterprise SOA Platform 4.3.0.CP04 and 5.1.0 and JBoss Enterprise Application Platform aka JBoss EAP or JBEAP 4.3.0.CP09 and 5.1.0, does not properly restrict use of Expression Language EL statements i...
CVE-2011-1484
CVE-2011-1484 affects JBoss Seam 2 framework (2.2.x and earlier) distributed with Red Hat JBoss Enterprise platforms. The flaw stems from improper restriction of EL statements in FacesMessages during page exception handling, enabling remote code execution via a crafted URL. Red Hat advisories RHS...
Important: Red Hat Security Advisory: JBoss Enterprise SOA Platform 4.3.0.CP04 and 5.1.0 security update
An updated jboss-seam.jar file for JBoss Enterprise SOA Platform 4.3.0.CP04 and 5.1.0 that fixes one security issue is now available from the Red Hat Customer Portal. The Red Hat Security Response Team has rated this update as having important security impact. A Common Vulnerability Scoring Syste...
CVE-2010-3708
The serialization implementation in JBoss Drools in Red Hat JBoss Enterprise Application Platform aka JBoss EAP or JBEAP 4.3 before 4.3.0.CP09 and JBoss Enterprise SOA Platform 4.2 and 4.3 supports the embedding of class files, which allows remote attackers to execute arbitrary code via a crafted...
CVE-2010-3708
The serialization implementation in JBoss Drools in Red Hat JBoss Enterprise Application Platform aka JBoss EAP or JBEAP 4.3 before 4.3.0.CP09 and JBoss Enterprise SOA Platform 4.2 and 4.3 supports the embedding of class files, which allows remote attackers to execute arbitrary code via a crafted...