Page 10 of 67 results (0.019 seconds)

CVSS: 2.1EPSS: 0%CPEs: 1EXPL: 0

CVE-2014-3586 – CLI: Insecure default permissions on history file

https://notcve.org/view.php?id=CVE-2014-3586

The default configuration for the Command Line Interface in Red Hat Enterprise Application Platform before 6.4.0 and WildFly (formerly JBoss Application Server) uses weak permissions for .jboss-cli-history, which allows local users to obtain sensitive information via unspecified vectors. La configuración por defecto para la interfaz de la línea de comandos en Red Hat Enterprise Application Platform anterior a 6.4.0 y WildFly (anteriormente JBoss Application Server) utiliza permisos débiles para .jboss-cli-history, lo que permite a usuarios locales obtener información sensible a través de vectores no especificados. It was found that the Command Line Interface, as provided by Red Hat Enterprise Application Platform, created a history file named .jboss-cli-history in the user's home directory with insecure default file permissions. This could allow a malicious local user to gain information otherwise not accessible to them. • http://rhn.redhat.com/errata/RHSA-2015-0846.html http://rhn.redhat.com/errata/RHSA-2015-0847.html http://rhn.redhat.com/errata/RHSA-2015-0848.html http://rhn.redhat.com/errata/RHSA-2015-0849.html http://www.securitytracker.com/id/1032183 https://bugzilla.redhat.com/show_bug.cgi?id=1126687 https://access.redhat.com/security/cve/CVE-2014-3586 • CWE-264: Permissions, Privileges, and Access Controls CWE-732: Incorrect Permission Assignment for Critical Resource •

CVSS: 3.5EPSS: 0%CPEs: 1EXPL: 0

CVE-2014-7827 – Security: Wrong security context loaded when using SAML2 STS Login Module

https://notcve.org/view.php?id=CVE-2014-7827

The org.jboss.security.plugins.mapping.JBossMappingManager implementation in JBoss Security in Red Hat JBoss Enterprise Application Platform (EAP) before 6.3.3 uses the default security domain when a security domain is undefined, which allows remote authenticated users to bypass intended access restrictions by leveraging credentials on the default domain for a role that is also on the application domain. La implementación org.jboss.security.plugins.mapping.JBossMappingManager en JBoss Security en Red Hat JBoss Enterprise Application Platform (EAP) anterior a 6.3.3 utiliza el dominio de seguridad por defecto cuando un dominio de seguridad no está definido, lo que permite a usuarios remotos autenticados evadir las restricciones de acceso mediante el aprovechamiento de las credenciales en el dominio por defecto para un rol que también está en el dominio de la aplicación. It was found that when processing undefined security domains, the org.jboss.security.plugins.mapping.JBossMappingManager implementation would fall back to the default security domain if it was available. A user with valid credentials in the defined default domain, with a role that is valid in the expected application domain, could perform actions that were otherwise not available to them. When using the SAML2 STS Login Module, JBossMappingManager exposed this issue due to the PicketLink Trust SecurityActions implementation using a hardcoded default value when defining the context. • http://rhn.redhat.com/errata/RHSA-2015-0215.html http://rhn.redhat.com/errata/RHSA-2015-0216.html http://rhn.redhat.com/errata/RHSA-2015-0217.html http://rhn.redhat.com/errata/RHSA-2015-0218.html http://rhn.redhat.com/errata/RHSA-2015-0850.html http://rhn.redhat.com/errata/RHSA-2015-0851.html http://www.securitytracker.com/id/1031741 https://exchange.xforce.ibmcloud.com/vulnerabilities/100889 https://access.redhat.com/security/cve/CVE-2014-7827 https://bugzilla.red • CWE-264: Permissions, Privileges, and Access Controls CWE-863: Incorrect Authorization •

CVSS: 4.9EPSS: 0%CPEs: 2EXPL: 0

CVE-2014-7853 – Subsystem: Information disclosure via incorrect sensitivity classification of attribute

https://notcve.org/view.php?id=CVE-2014-7853

The JBoss Application Server (WildFly) JacORB subsystem in Red Hat JBoss Enterprise Application Platform (EAP) before 6.3.3 does not properly assign socket-binding-ref sensitivity classification to the security-domain attribute, which allows remote authenticated users to obtain sensitive information by leveraging access to the security-domain attribute. El subsistema JBoss Application Server (WildFly) JacORB en Red Hat JBoss Enterprise Application Platform (EAP) anterior a 6.3.3 no asigna correctamente la configuración de la sensibilidad de las referencias a vinculaciones de sockets al atributo del dominio de seguridad, lo que permite a usuarios remotos autenticados obtener información sensible mediante el aprovechamiento del acceso al atributo del dominio de seguridad. It was discovered that the JBoss Application Server (WildFly) JacORB subsystem incorrectly assigned socket-binding-ref sensitivity classification for the security-domain attribute. An authenticated user with a role that has access to attributes with socket-binding-ref and not security-domain-ref sensitivity classification could use this flaw to access sensitive information present in the security-domain attribute. • http://rhn.redhat.com/errata/RHSA-2015-0215.html http://rhn.redhat.com/errata/RHSA-2015-0216.html http://rhn.redhat.com/errata/RHSA-2015-0217.html http://rhn.redhat.com/errata/RHSA-2015-0218.html http://rhn.redhat.com/errata/RHSA-2015-0920.html http://www.securitytracker.com/id/1031741 https://exchange.xforce.ibmcloud.com/vulnerabilities/100891 https://access.redhat.com/security/cve/CVE-2014-7853 https://bugzilla.redhat.com/show_bug.cgi?id=1165522 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •

CVSS: 5.0EPSS: 45%CPEs: 8EXPL: 0

CVE-2014-0118 – httpd: mod_deflate denial of service

https://notcve.org/view.php?id=CVE-2014-0118

The deflate_in_filter function in mod_deflate.c in the mod_deflate module in the Apache HTTP Server before 2.4.10, when request body decompression is enabled, allows remote attackers to cause a denial of service (resource consumption) via crafted request data that decompresses to a much larger size. La función deflate_in_filter en mod_deflate.c en el módulo mod_deflate en Apache HTTP Server anterior a 2.4.10, cuando la descompresión del cuerpo de una solicitud está habilitada, permite a atacantes remotos causar una denegación de servicio (consumo de recursos) a través de datos de solicitudes manipulados que descomprime a un tamaño mucho más grande. A denial of service flaw was found in the way httpd's mod_deflate module handled request body decompression (configured via the "DEFLATE" input filter). A remote attacker able to send a request whose body would be decompressed could use this flaw to consume an excessive amount of system memory and CPU on the target system. • http://advisories.mageia.org/MGASA-2014-0304.html http://advisories.mageia.org/MGASA-2014-0305.html http://httpd.apache.org/security/vulnerabilities_24.html http://lists.apple.com/archives/security-announce/2015/Apr/msg00001.html http://marc.info/?l=bugtraq&m=143403519711434&w=2 http://marc.info/?l=bugtraq&m=143748090628601&w=2 http://marc.info/?l=bugtraq&m=144050155601375&w=2 http://marc.info/?l=bugtraq&m=144493176821532&w=2 http://rhn.redhat.com/errata/RHSA-2014 • CWE-400: Uncontrolled Resource Consumption •

CVSS: 7.5EPSS: 95%CPEs: 18EXPL: 4

CVE-2014-0226 – Apache httpd mod_status Heap Buffer Overflow Remote Code Execution Vulnerability

https://notcve.org/view.php?id=CVE-2014-0226

Race condition in the mod_status module in the Apache HTTP Server before 2.4.10 allows remote attackers to cause a denial of service (heap-based buffer overflow), or possibly obtain sensitive credential information or execute arbitrary code, via a crafted request that triggers improper scoreboard handling within the status_handler function in modules/generators/mod_status.c and the lua_ap_scoreboard_worker function in modules/lua/lua_request.c. Condición de carrera en el módulo mod_status en Apache HTTP Server anterior a 2.4.10 permite a atacantes remotos causar una denegación de servicio (desbordamiento de buffer basado en memoria dinámica), o posiblemente obtener información sensible de credenciales o ejecutar código arbitrario, a través de una solicitud manipulada que provoca el manejo indebido de la tabla de clasificación (scoreboard) dentro de la función status_handler en modules/generators/mod_status.c y la función lua_ap_scoreboard_worker en modules/lua/lua_request.c. A race condition flaw, leading to heap-based buffer overflows, was found in the mod_status httpd module. A remote attacker able to access a status page served by mod_status on a server using a threaded Multi-Processing Module (MPM) could send a specially crafted request that would cause the httpd child process to crash or, possibly, allow the attacker to execute arbitrary code with the privileges of the "apache" user. This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Apache HTTPD server. • https://www.exploit-db.com/exploits/34133 https://github.com/shreesh1/CVE-2014-0226-poc http://advisories.mageia.org/MGASA-2014-0304.html http://advisories.mageia.org/MGASA-2014-0305.html http://httpd.apache.org/security/vulnerabilities_24.html http://lists.apple.com/archives/security-announce/2015/Apr/msg00001.html http://marc.info/?l=bugtraq&m=143403519711434&w=2 http://marc.info/?l=bugtraq&m=143748090628601&w=2 http://marc.info/?l=bugtraq&m=144050155601375&w=2 http&# • CWE-122: Heap-based Buffer Overflow CWE-362: Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition') •