RHEL 6 : jbossas-web and jboss-naming (RHSA-2012:1027)

The remote Redhat Enterprise Linux 6 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2012:1027 advisory. JBoss Application Server is the base package for JBoss Enterprise Web Platform, providing the core server components. The Java Naming and...

Input validation

The JBoss Server in JBoss Enterprise Application Platform 5.1.x before 5.1.2 and 5.2.x before 5.2.2, Web Platform before 5.1.2, BRMS Platform before 5.3.0, and SOA Platform before 5.3.0, when the server is configured to use the JaccAuthorizationRealm and the ignoreBaseDecision property is set to...

JBoss Enterprise Application Platform/JBoss Enterprise Web Platform安全绕过漏洞

CVE ID: CVE-2012-1167 JBOSS是一个基于J2EE的开放源代码的应用服务器。 Redhat为JBoss Enterprise Application Platform和JBoss Enterprise Web Platform发布了一个更新，修复了一个能绕过部分安全限制的安全问题。 当创建权限时WebPermissionMapping类存在一个错误，可被利用获得对受限应用的访问。 要成功利用漏洞需要JBoss server配置使用JaccAuthorizationRealm，并且在JBossWebRealm上ignoreBaseDecision设置为true。 0...

Moderate: Red Hat Security Advisory: jbossas security update

An update for JBoss Enterprise Application Platform 5.1.2 that fixes one security issue is now available from the Red Hat Customer Portal. The Red Hat Security Response Team has rated this update as having moderate security impact. A Common Vulnerability Scoring System CVSS base score, which give...