EUVD-2013-6254

Malware in sbrugna...

RHSA-2011:0175 Red Hat Security Advisory: JBoss Web Framework Kit 1.0.0 removal

Bulletin has no description...

Remote Code Execution (RCE)

jboss-seam2 is vulnerable to remote code execution RCE attacks. The vulnerability exists as org.jboss.seam.web.AuthenticationFilter in Red Hat JBoss Web Framework Kit 2.5.0, JBoss Enterprise Application Platform JBEAP 5.2.0, and JBoss Enterprise Web Platform JBEWP 5.2.0 allows remote attackers to...

Important: Red Hat Security Advisory: Red Hat JBoss Web Framework Kit 2.7.0 security update

An update for the RichFaces component of Red Hat JBoss Web Framework Kit 2.7.0 that fixes one security issue is now available from the Red Hat Customer Portal. Red Hat Product Security has rated this update as having Important security impact. A Common Vulnerability Scoring System CVSS base score...

Cross site scripting

Multiple cross-site scripting XSS vulnerabilities in Red Hat JBoss Web Framework Kit 2.5.0 allow remote attackers to inject arbitrary web script or HTML via a 1 parameter or 2 id name...

CVE-2014-0149

Multiple cross-site scripting XSS vulnerabilities in Red Hat JBoss Web Framework Kit 2.5.0 allow remote attackers to inject arbitrary web script or HTML via a 1 parameter or 2 id name...

CVE-2014-0149

Affected product/component: Red Hat JBoss Web Framework Kit 2.5.0 (JBoss Seam Remoting component). Vulnerability: Multiple cross-site scripting (XSS) vulnerabilities allowing remote injection of arbitrary script/HTML via request parameters (including parameter or id name). Root cause: unsanitized...

Xxe

Multiple XML External Entity XXE vulnerabilities in the 1 ExecutionHandler, 2 PollHandler, and 3 SubscriptionHandler classes in JBoss Seam Remoting in JBoss Seam 2 framework 2.3.1 and earlier, as used in JBoss Web Framework Kit, allow remote attackers to read arbitrary files and possibly have oth...

CVE-2013-6447

Multiple XML External Entity XXE vulnerabilities in the 1 ExecutionHandler, 2 PollHandler, and 3 SubscriptionHandler classes in JBoss Seam Remoting in JBoss Seam 2 framework 2.3.1 and earlier, as used in JBoss Web Framework Kit, allow remote attackers to read arbitrary files and possibly have oth...

CVE-2013-6448

CVE-2013-6448 affects Red Hat JBoss Web Framework Kit’s Seam Remoting component. The InterfaceGenerator handler exposed details of all classes and methods on the server classpath, enabling a remote attacker to determine which classes are deployed. Red Hat addressed this in the 2.4.0 update (RHSA-...

Important: Red Hat Security Advisory: Red Hat JBoss Web Framework Kit 2.4.0 update

An update for the solr-core component of Red Hat JBoss Web Framework Kit 2.4.0 that fixes multiple security issues is now available from the Red Hat Customer Portal. The Red Hat Security Response Team has rated this update as having important security impact. A Common Vulnerability Scoring System...

CVE-2013-2165

ResourceBuilderImpl.java in the RichFaces 3.x through 5.x implementation in Red Hat JBoss Web Framework Kit before 2.3.0, Red Hat JBoss Web Platform through 5.2.0, Red Hat JBoss Enterprise Application Platform through 4.3.0 CP10 and 5.x through 5.2.0, Red Hat JBoss BRMS through 5.3.1, Red Hat JBo...

CVE-2013-2165

ResourceBuilderImpl.java in the RichFaces 3.x through 5.x implementation in Red Hat JBoss Web Framework Kit before 2.3.0, Red Hat JBoss Web Platform through 5.2.0, Red Hat JBoss Enterprise Application Platform through 4.3.0 CP10 and 5.x through 5.2.0, Red Hat JBoss BRMS through 5.3.1, Red Hat JBo...

Moderate: Red Hat Security Advisory: JBoss Web Framework Kit 2.2.0 update

JBoss Web Framework Kit 2.2.0, which fixes two security issues, various bugs, and adds enhancements is now available from the Red Hat Customer Portal. The Red Hat Security Response Team has rated this update as having moderate security impact. Common Vulnerability Scoring System CVSS base scores,...

Moderate: Red Hat Security Advisory: JBoss Web Framework Kit 1.0.0 removal

JBoss Web Framework Kit 1.0.0 contains a security flaw and should no longer be used. This update removes the JBoss Web Framework Kit 1.0.0 packages. The Red Hat Security Response Team has rated this update as having moderate security impact. A Common Vulnerability Scoring System CVSS base score,...