redhat jboss enterprise soa platform 5.3.1 vulnerabilities and exploits

(subscribe to this query)

The default configuration of the (1) LdapLoginModule and (2) LdapExtLoginModule modules in JBoss Enterprise Application Platform (EAP) 4.3.0 CP10, 5.2.0, and 6.0.1, and Enterprise Web Platform (EWP) 5.2.0 allow remote malicious users to bypass authentication via an empty password...

Redhat Jboss Enterprise Web Platform 5.2.0 Redhat Jboss Enterprise Application Platform 6.0.1 Redhat Jboss Enterprise Application Platform 4.3.0 Redhat Jboss Enterprise Application Platform 5.2.0

jmx-remoting.sar in JBoss Remoting, as used in Red Hat JBoss Enterprise Application Platform (JEAP) 5.2.0, Red Hat JBoss BRMS 5.3.1, Red Hat JBoss Portal Platform 5.2.2, and Red Hat JBoss SOA Platform 5.3.1, does not properly implement the JSR 160 specification, which allows remo...

Redhat Jboss Enterprise Application Platform 5.2.0 Redhat Jboss Enterprise Portal Platform 5.2.2 Redhat Jboss Enterprise Soa Platform 5.3.1 Redhat Jboss Enterprise Brms Platform 5.3.1

The (1) JMXInvokerHAServlet and (2) EJBInvokerHAServlet invoker servlets in JBoss Enterprise Application Platform (EAP) prior to 5.2.0, Web Platform (EWP) prior to 5.2.0, BRMS Platform prior to 5.3.1, and SOA Platform prior to 5.3.1 do not require authentication by default in cer...

Redhat Jboss Enterprise Application Platform 5.2.0 Redhat Jboss Enterprise Web Platform 5.2.0 Redhat Jboss Enterprise Brms Platform

1 EDB exploit

The SecurityAssociation.getCredential method in JBoss Enterprise Application Platform (EAP) prior to 5.2.0, Web Platform (EWP) prior to 5.2.0, BRMS Platform prior to 5.3.1, and SOA Platform prior to 5.3.1 returns the credentials of the previous user when a security context is not...

Redhat Jboss Enterprise Application Platform 5.2.0 Redhat Jboss Enterprise Web Platform 5.2.0 Redhat Jboss Enterprise Brms Platform

The AuthorizationInterceptor in JBoss Enterprise Application Platform (EAP) prior to 5.2.0, Web Platform (EWP) prior to 5.2.0, BRMS Platform prior to 5.3.1, and SOA Platform prior to 5.3.1 does not properly restrict access, which allows remote authenticated users to bypass intend...

Redhat Jboss Enterprise Application Platform 5.2.0 Redhat Jboss Enterprise Web Platform 5.2.0 Redhat Jboss Enterprise Brms Platform

The implementations of PKCS#1 v1.5 key transport mechanism for XMLEncryption in JBossWS and Apache WSS4J prior to 1.6.5 is susceptible to a Bleichenbacher attack.

Apache Wss4j Apache Cxf Redhat Jboss Enterprise Soa Platform 4.3.0 Redhat Jboss Enterprise Soa Platform 4.2.0 Redhat Jboss Enterprise Application Platform 5.0.0 Redhat Jboss Portal 4.0.0 Redhat Jboss Enterprise Web Platform 5.0.0 Redhat Jboss Business Rules Management System 5.3 Redhat Jboss Enterprise Application Platform Text-only Advisories -Redhat Jboss Middleware Text-only Advisories -Redhat Jboss Web Services -

Cross-site scripting (XSS) vulnerability in the JMX console in JBoss Enterprise Application Platform (EAP) prior to 5.2.0, Web Platform (EWP) prior to 5.2.0, BRMS Platform prior to 5.3.1, and SOA Platform prior to 5.3.1 allows remote malicious users to inject arbitrary web script...

Redhat Jboss Enterprise Web Platform 5.2.0 Redhat Jboss Enterprise Application Platform 5.2.0 Redhat Jboss Enterprise Brms Platform

The CallerIdentityLoginModule in JBoss Enterprise Application Platform (EAP) prior to 5.2.0, Web Platform (EWP) prior to 5.2.0, BRMS Platform prior to 5.3.1, and SOA Platform prior to 5.3.1 allows remote malicious users to gain privileges of the previous user via a null password,...

Redhat Jboss Enterprise Web Platform 5.2.0 Redhat Jboss Enterprise Application Platform 5.2.0 Redhat Jboss Enterprise Brms Platform

The NonManagedConnectionFactory in JBoss Enterprise Application Platform (EAP) 5.1.2 and 5.2.0, Web Platform (EWP) 5.1.2 and 5.2.0, and BRMS Platform prior to 5.3.1 logs the username and password in cleartext when an exception is thrown, which allows local users to obtain sensiti...

Redhat Jboss Enterprise Application Platform 5.1.2 Redhat Jboss Enterprise Application Platform 5.2.0 Redhat Jboss Enterprise Web Platform 5.2.0 Redhat Jboss Enterprise Web Platform 5.1.2 Redhat Jboss Enterprise Brms Platform

twiddle.sh in JBoss AS 5.0 and EAP 5.0 and previous versions accepts credentials as command-line arguments, which allows local users to read the credentials by listing the process and its arguments.

Redhat Jboss Community Application Server 5.0.0 Redhat Jboss Enterprise Application Platform 5.0.0

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Twitter Reddit Linkedin Facebook