CVE-2014-3530 – PicketLink: XXE via insecure DocumentBuilderFactory usage
https://notcve.org/view.php?id=CVE-2014-3530
The org.picketlink.common.util.DocumentUtil.getDocumentBuilderFactory method in PicketLink, as used in Red Hat JBoss Enterprise Application Platform (JBEAP) 5.2.0 and 6.2.4, expands entity references, which allows remote attackers to read arbitrary code and possibly have other unspecified impact via unspecified vectors, related to an XML External Entity (XXE) issue. El método org.picketlink.common.util.DocumentUtil.getDocumentBuilderFactory en PicketLink, utilizado en Red Hat JBoss Enterprise Application Platform (JBEAP) 5.2.0 y 6.2.4, expande referencias de entidad, lo que permite a atacantes remotos leer código arbitrario y posiblemente tener otro impacto no especificado a través de vectores no especificados, relacionado con un problema de entidad externa XML (XXE). It was found that the implementation of the org.picketlink.common.util.DocumentUtil.getDocumentBuilderFactory() method provided a DocumentBuilderFactory that would expand entity references. A remote, unauthenticated attacker could use this flaw to read files accessible to the user running the application server, and potentially perform other more advanced XXE attacks. • http://rhn.redhat.com/errata/RHSA-2014-0883.html http://rhn.redhat.com/errata/RHSA-2014-0884.html http://rhn.redhat.com/errata/RHSA-2014-0885.html http://rhn.redhat.com/errata/RHSA-2014-0886.html http://rhn.redhat.com/errata/RHSA-2015-0091.html http://rhn.redhat.com/errata/RHSA-2015-0675.html http://rhn.redhat.com/errata/RHSA-2015-0720.html http://rhn.redhat.com/errata/RHSA-2015-0765.html http://rhn.redhat.com/errata/RHSA-2015-1888.html http://secuni • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor CWE-611: Improper Restriction of XML External Entity Reference •
CVE-2014-0034 – CXF: The SecurityTokenService accepts certain invalid SAML Tokens as valid
https://notcve.org/view.php?id=CVE-2014-0034
The SecurityTokenService (STS) in Apache CXF before 2.6.12 and 2.7.x before 2.7.9 does not properly validate SAML tokens when caching is enabled, which allows remote attackers to gain access via an invalid SAML token. SecurityTokenService (STS) en Apache CXF anterior a 2.6.12 y 2.7.x anterior a 2.7.9 no valida debidamente los tokens SAML cuando el cacheo está habilitado, lo que permite a atacantes remotos ganar acceso a través de un token SAML inválido. It was found that the SecurityTokenService (STS), provided as a part of Apache CXF, could under certain circumstances accept invalid SAML tokens as valid. A remote attacker could use a specially crafted SAML token to gain access to an application that uses STS for validation of SAML tokens. • http://cxf.apache.org/security-advisories.data/CVE-2014-0034.txt.asc http://rhn.redhat.com/errata/RHSA-2014-0797.html http://rhn.redhat.com/errata/RHSA-2014-0798.html http://rhn.redhat.com/errata/RHSA-2014-0799.html http://rhn.redhat.com/errata/RHSA-2014-1351.html http://rhn.redhat.com/errata/RHSA-2015-0850.html http://rhn.redhat.com/errata/RHSA-2015-0851.html http://svn.apache.org/viewvc?view=revision&revision=1551228 http://www.securityfocus.com/bid/68441 https • CWE-20: Improper Input Validation CWE-345: Insufficient Verification of Data Authenticity •
CVE-2014-0035 – CXF: UsernameTokens are sent in plaintext with a Symmetric EncryptBeforeSigning policy
https://notcve.org/view.php?id=CVE-2014-0035
The SymmetricBinding in Apache CXF before 2.6.13 and 2.7.x before 2.7.10, when EncryptBeforeSigning is enabled and the UsernameToken policy is set to an EncryptedSupportingToken, transmits the UsernameToken in cleartext, which allows remote attackers to obtain sensitive information by sniffing the network. SymmetricBinding en Apache CXF anterior a 2.6.13 y 2.7.x anterior a 2.7.10, cuando EncryptBeforeSigning está habilitado y la política UsernameToken está configurada en un EncryptedSupportingToken, transmite el UsernameToken en texto claro, lo que permite a atacantes remotos obtener información sensible mediante la captura de trafico de la red. It was discovered that UsernameTokens were sent in plain text by an Apache CXF client that used a Symmetric EncryptBeforeSigning password policy. A man-in-the-middle attacker could use this flaw to obtain the user name and password used by the client application using Apache CXF. • http://cxf.apache.org/security-advisories.data/CVE-2014-0035.txt.asc http://rhn.redhat.com/errata/RHSA-2014-0797.html http://rhn.redhat.com/errata/RHSA-2014-0798.html http://rhn.redhat.com/errata/RHSA-2014-0799.html http://rhn.redhat.com/errata/RHSA-2014-1351.html http://rhn.redhat.com/errata/RHSA-2015-0850.html http://rhn.redhat.com/errata/RHSA-2015-0851.html http://svn.apache.org/viewvc?view=revision&revision=1564724 https://lists.apache.org/thread.html/r36e44ffc • CWE-310: Cryptographic Issues CWE-522: Insufficiently Protected Credentials •
CVE-2014-3481 – JAX-RS: Information disclosure via XML eXternal Entity (XXE)
https://notcve.org/view.php?id=CVE-2014-3481
org.jboss.as.jaxrs.deployment.JaxrsIntegrationProcessor in Red Hat JBoss Enterprise Application Platform (JEAP) before 6.2.4 enables entity expansion, which allows remote attackers to read arbitrary files via unspecified vectors, related to an XML External Entity (XXE) issue. org.jboss.as.jaxrs.deployment.JaxrsIntegrationProcessor en Red Hat JBoss Enterprise Application Platform (JEAP) anterior a 6.2.4 habilita la expansión de entidad, lo que permite a atacantes remotos leer ficheros arbitrarios a través de vectores no especificados, relacionado con un problema de entidad externa XML (XXE). It was found that the default context parameters as provided to RESTEasy deployments by JBoss EAP did not explicitly disable external entity expansion for RESTEasy. A remote attacker could use this flaw to perform XML External Entity (XXE) attacks on RESTEasy applications accepting XML input. • http://rhn.redhat.com/errata/RHSA-2014-0797.html http://rhn.redhat.com/errata/RHSA-2014-0798.html http://rhn.redhat.com/errata/RHSA-2014-0799.html http://rhn.redhat.com/errata/RHSA-2015-0675.html http://rhn.redhat.com/errata/RHSA-2015-0720.html http://rhn.redhat.com/errata/RHSA-2015-0765.html http://www.securitytracker.com/id/1032017 https://bugzilla.redhat.com/show_bug.cgi?id=1105242 https://exchange.xforce.ibmcloud.com/vulnerabilities/94939 https://access.redhat • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor CWE-611: Improper Restriction of XML External Entity Reference •
CVE-2014-0224 – openssl: SSL/TLS MITM vulnerability
https://notcve.org/view.php?id=CVE-2014-0224
OpenSSL before 0.9.8za, 1.0.0 before 1.0.0m, and 1.0.1 before 1.0.1h does not properly restrict processing of ChangeCipherSpec messages, which allows man-in-the-middle attackers to trigger use of a zero-length master key in certain OpenSSL-to-OpenSSL communications, and consequently hijack sessions or obtain sensitive information, via a crafted TLS handshake, aka the "CCS Injection" vulnerability. OpenSSL anterior a 0.9.8za, 1.0.0 anterior a 1.0.0m y 1.0.1 anterior a 1.0.1h no restringe debidamente el procesamiento de mensajes ChangeCipherSpec, lo que permite a atacantes man-in-the-middle provocar el uso de una clave maestra de longitud cero en ciertas comunicaciones OpenSSL-a-OpenSSL, y como consecuencia secuestrar sesiones u obtener información sensible, a través de una negociación TLS manipulada, también conocido como la vulnerabilidad de 'inyección CCS'. It was found that OpenSSL clients and servers could be forced, via a specially crafted handshake packet, to use weak keying material for communication. A man-in-the-middle attacker could use this flaw to decrypt and modify traffic between a client and a server. • https://github.com/secretnonempty/CVE-2014-0224 https://github.com/iph0n3/CVE-2014-0224 http://aix.software.ibm.com/aix/efixes/security/openssl_advisory9.asc http://ccsinjection.lepidum.co.jp http://dev.mysql.com/doc/relnotes/workbench/en/wb-news-6-1-7.html http://esupport.trendmicro.com/solution/en-US/1103813.aspx http://kb.juniper.net/InfoCenter/index?page=content&id=JSA10629 http://kb.juniper.net/InfoCenter/index?page=content&id=KB29195 http://kb.juniper.net/InfoCenter/ • CWE-326: Inadequate Encryption Strength CWE-841: Improper Enforcement of Behavioral Workflow •