13 matches found
EUVD-2014-0223
Malware in sbrugna...
EUVD-2012-3398
Malware in sbrugna...
CVE-2014-0170
Teiid before 8.4.3 and before 8.7 and Red Hat JBoss Data Virtualization 6.0.0 before patch 3 allows remote attackers to read arbitrary files via a crafted request to a REST endpoint, related to an XML External Entity XXE issue...
Xxe
Teiid before 8.4.3 and before 8.7 and Red Hat JBoss Data Virtualization 6.0.0 before patch 3 allows remote attackers to read arbitrary files via a crafted request to a REST endpoint, related to an XML External Entity XXE issue...
CVE-2014-0170
Teiid before 8.4.3 and before 8.7 and Red Hat JBoss Data Virtualization 6.0.0 before patch 3 allows remote attackers to read arbitrary files via a crafted request to a REST endpoint, related to an XML External Entity XXE issue...
CVE-2014-0170
Teiid before 8.4.3 and before 8.7 and Red Hat JBoss Data Virtualization 6.0.0 before patch 3 are affected by an XML External Entity (XXE) vulnerability. A remote attacker could read arbitrary files via a crafted request to a REST endpoint. The Red Hat advisory RHSA-2014:1284 confirms a fix in Red...
Teiid: XML eXternal Entity (XXE) flaw in SQL/XML parsing
It was found that Teiid SQL/XML permitted XML eXternal Entity XXE attacks. If a REST endpoint was deployed, a remote attacker could submit a request containing an external XML entity that, when resolved, allowed that attacker to read files on the application server in the context of the user...
CVE-2012-3431
The Teiid Java Database Connectivity JDBC socket, as used in JBoss Enterprise Data Services Platform before 5.3.0, does not encrypt login messages by default contrary to documentation and specification, which allows remote attackers to obtain login credentials via a man-in-the-middle MITM attack...
Default configuration
The Teiid Java Database Connectivity JDBC socket, as used in JBoss Enterprise Data Services Platform before 5.3.0, does not encrypt login messages by default contrary to documentation and specification, which allows remote attackers to obtain login credentials via a man-in-the-middle MITM attack...
CVE-2012-3431
The Teiid Java Database Connectivity JDBC socket, as used in JBoss Enterprise Data Services Platform before 5.3.0, does not encrypt login messages by default contrary to documentation and specification, which allows remote attackers to obtain login credentials via a man-in-the-middle MITM attack...
CVE-2012-3431
The vulnerability CVE-2012-3431 affects the Teiid JDBC socket used by JBoss Enterprise Data Services Platform before 5.3.0, where login messages were not encrypted by default as documented. This enables a man-in-the-middle attacker to obtain login credentials and related JDBC traffic. Remediation...
Teiid: JDBC socket does not encrypt client login messages by default
The Teiid Java Database Connectivity JDBC socket, as used in JBoss Enterprise Data Services Platform before 5.3.0, does not encrypt login messages by default contrary to documentation and specification, which allows remote attackers to obtain login credentials via a man-in-the-middle MITM attack...
Moderate: Red Hat Security Advisory: JBoss Enterprise Data Services Platform 5.3.0 update
JBoss Enterprise Data Services Platform 5.3.0 roll up patch 1, which fixes one security issue and various bugs, is now available from the Red Hat Customer Portal. The Red Hat Security Response Team has rated this update as having moderate security impact. A Common Vulnerability Scoring System CVS...