3 results (0.022 seconds)

CVSS: 6.8EPSS: 8%CPEs: 3EXPL: 0

org.jboss.seam.web.AuthenticationFilter in Red Hat JBoss Web Framework Kit 2.5.0, JBoss Enterprise Application Platform (JBEAP) 5.2.0, and JBoss Enterprise Web Platform (JBEWP) 5.2.0 allows remote attackers to execute arbitrary code via a crafted authentication header, related to Seam logging. org.jboss.seam.web.AuthenticationFilter en Red Hat JBoss Web Framework Kit 2.5.0, JBoss Enterprise Application Platform (JBEAP) 5.2.0 y JBoss Enterprise Web Platform (JBEWP) 5.2.0 permite a atacantes remotos ejecutar código arbitrario a través de una cabecera de autenticación manipulada, relacionado con el registro Seam. It was found that the org.jboss.seam.web.AuthenticationFilter class implementation did not properly use Seam logging. A remote attacker could send specially crafted authentication headers to an application, which could result in arbitrary code execution with the privileges of the user running that application. • http://rhn.redhat.com/errata/RHSA-2014-0785.html http://rhn.redhat.com/errata/RHSA-2014-0791.html http://rhn.redhat.com/errata/RHSA-2014-0792.html http://rhn.redhat.com/errata/RHSA-2014-0793.html http://rhn.redhat.com/errata/RHSA-2014-0794.html http://rhn.redhat.com/errata/RHSA-2015-1888.html http://secunia.com/advisories/59346 http://secunia.com/advisories/59554 http://secunia.com/advisories/59555 http://www.securitytracker.com/id/1030457 https://access.red • CWE-94: Improper Control of Generation of Code ('Code Injection') •

CVSS: 4.3EPSS: 0%CPEs: 1EXPL: 0

Multiple cross-site scripting (XSS) vulnerabilities in Red Hat JBoss Web Framework Kit 2.5.0 allow remote attackers to inject arbitrary web script or HTML via a (1) parameter or (2) id name. Múltiples vulnerabilidades de XSS en Red Hat JBoss Web Framework Kit 2.5.0 permiten a atacantes remotos inyectar script Web o HTML arbitrarios a través de un (1) parámetro o (2) nombre id. • http://rhn.redhat.com/errata/RHSA-2014-0462.html https://bugzilla.redhat.com/show_bug.cgi?id=1078646 https://access.redhat.com/security/cve/CVE-2014-0149 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •

CVSS: 4.3EPSS: 0%CPEs: 6EXPL: 1

The doFilter function in webapp/PushHandlerFilter.java in JBoss RichFaces 4.3.4, 4.3.5, and 5.x allows remote attackers to cause a denial of service (memory consumption and out-of-memory error) via a large number of malformed atmosphere push requests. La función doFilter en webapp/PushHandlerFilter.java en JBoss RichFaces 4.3.4, 4.3.5 y 5.x permite a atacantes remotos causar una denegación de servicio (consumo de memoria y error de falta de memoria) a través de un número grande de solicitudes atmosphere push malformadas. It was found that certain malformed requests caused RichFaces to leak memory. A remote, unauthenticated attacker could use this flaw to send a large number of malformed requests to a RichFaces application that uses the Atmosphere framework, leading to a denial of service (excessive memory consumption) on the application server. • http://rhn.redhat.com/errata/RHSA-2014-0335.html http://secunia.com/advisories/57053 https://bugzilla.redhat.com/show_bug.cgi?id=1067268 https://github.com/pslegr/core-1/commit/8131f15003f5bec73d475d2b724472e4b87d0757 https://issues.jboss.org/browse/RF-13250 https://access.redhat.com/security/cve/CVE-2014-0086 • CWE-20: Improper Input Validation •