CVE-2014-0059 – JBossSX/PicketBox: World readable audit.log file
https://notcve.org/view.php?id=CVE-2014-0059
JBoss SX and PicketBox, as used in Red Hat JBoss Enterprise Application Platform (EAP) before 6.2.3, use world-readable permissions on audit.log, which allows local users to obtain sensitive information by reading this file. JBoss SX y PicketBox, como se usan en Red Hat JBoss Enterprise Application Platform (EAP) en versiones anteriores a 6.2.3, utilizan permisos de lectura universal en audit.log, lo que permite a usuarios locales obtener información sensible leyendo este archivo. It was found that the security auditing functionality provided by PicketBox and JBossSX, both security frameworks for Java applications, used a world-readable audit.log file to record sensitive information. A local user could possibly use this flaw to gain access to the sensitive information in the audit.log file. • http://rhn.redhat.com/errata/RHSA-2014-0563.html http://rhn.redhat.com/errata/RHSA-2014-0564.html http://rhn.redhat.com/errata/RHSA-2014-0565.html http://rhn.redhat.com/errata/RHSA-2015-0675.html http://rhn.redhat.com/errata/RHSA-2015-0850.html http://rhn.redhat.com/errata/RHSA-2015-0851.html https://access.redhat.com/security/cve/CVE-2014-0059 https://bugzilla.redhat.com/show_bug.cgi?id=1063642 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor CWE-532: Insertion of Sensitive Information into Log File •
CVE-2014-0058 – EAP6: Plain text password logging during security audit
https://notcve.org/view.php?id=CVE-2014-0058
The security audit functionality in Red Hat JBoss Enterprise Application Platform (EAP) 6.x before 6.2.1 logs request parameters in plaintext, which might allow local users to obtain passwords by reading the log files. La funcionalidad de auditoría de seguridad en Red Hat JBoss Enterprise Application Platform (EAP) 6.x anterior a 6.2.1 registra parámetros de solicitud en texto claro, lo que podría permitir a usuarios locales obtener contraseñas mediante la lectura de los archivos de log. It was found that the security audit functionality logged request parameters in plain text. This may have caused passwords to be included in the audit log files when using BASIC or FORM-based authentication. A local attacker with access to audit log files could possibly use this flaw to obtain application or server authentication credentials. • http://rhn.redhat.com/errata/RHSA-2014-0204.html http://rhn.redhat.com/errata/RHSA-2014-0205.html http://rhn.redhat.com/errata/RHSA-2015-0034.html http://www.securityfocus.com/bid/65762 https://access.redhat.com/security/cve/CVE-2014-0058 https://bugzilla.redhat.com/show_bug.cgi?id=1063641 • CWE-310: Cryptographic Issues •
CVE-2013-2133 – WS: EJB3 role restrictions are not applied to jaxws handlers
https://notcve.org/view.php?id=CVE-2013-2133
The EJB invocation handler implementation in Red Hat JBossWS, as used in JBoss Enterprise Application Platform (EAP) before 6.2.0, does not properly enforce the method level restrictions for JAX-WS Service endpoints, which allows remote authenticated users to access otherwise restricted JAX-WS handlers by leveraging permissions to the EJB class. La implementación del manejador de invocación EJB en Red Hat JBossWS, como se utiliza en JBoss Enterprise Application Platform (EAP) anteriores a 6.2.0, no hace cumplir correctamente las restricciones de nivel de método para JAX-WS Service endpoints, lo cual permite a usuarios autenticados remotamente acceder a manejadores, de otra manera restringidos, mediante el aprovechamiento de permisos de la clase EJB. A flaw was found in the way method-level authorization for JAX-WS Service endpoints was performed by the EJB invocation handler implementation. Any restrictions declared on EJB methods were ignored when executing the JAX-WS handlers, and only class-level restrictions were applied. A remote attacker who is authorized to access the EJB class, could invoke a JAX-WS handler which they were not authorized to invoke. • http://rhn.redhat.com/errata/RHSA-2013-1784.html http://rhn.redhat.com/errata/RHSA-2013-1785.html http://rhn.redhat.com/errata/RHSA-2013-1786.html http://rhn.redhat.com/errata/RHSA-2015-0850.html http://rhn.redhat.com/errata/RHSA-2015-0851.html http://www.securitytracker.com/id/1029431 https://access.redhat.com/security/cve/CVE-2013-2133 https://bugzilla.redhat.com/show_bug.cgi?id=969924 • CWE-264: Permissions, Privileges, and Access Controls CWE-862: Missing Authorization •
CVE-2013-1921 – PicketBox: Insecure storage of masked passwords
https://notcve.org/view.php?id=CVE-2013-1921
PicketBox, as used in Red Hat JBoss Enterprise Application Platform before 6.1.1, allows local users to obtain the admin encryption key by reading the Vault data file. PicketBox, utilizado en Red Hat JBoss Enterprise Application Platform anteriores a 6.1.1, permite a un usuario local obtener la clave de cifrado de administrador leyendo el archivo de datos Vault. • http://rhn.redhat.com/errata/RHSA-2013-1207.html http://rhn.redhat.com/errata/RHSA-2013-1208.html http://rhn.redhat.com/errata/RHSA-2013-1209.html http://rhn.redhat.com/errata/RHSA-2013-1437.html http://rhn.redhat.com/errata/RHSA-2014-0029.html https://bugzilla.redhat.com/show_bug.cgi?id=948106 https://access.redhat.com/security/cve/CVE-2013-1921 • CWE-310: Cryptographic Issues •
CVE-2013-1896 – httpd: mod_dav DoS (httpd child process crash) via a URI MERGE request with source URI not handled by mod_dav
https://notcve.org/view.php?id=CVE-2013-1896
mod_dav.c in the Apache HTTP Server before 2.2.25 does not properly determine whether DAV is enabled for a URI, which allows remote attackers to cause a denial of service (segmentation fault) via a MERGE request in which the URI is configured for handling by the mod_dav_svn module, but a certain href attribute in XML data refers to a non-DAV URI. mod_dav.c en el Apache HTTP Server anterior a 2.2.25 no determina adecuadamente si DAV está activado para URI, lo que permite a atacantes remotos provocar una denegación de servicio (corrupción de memoria) a través de una petición MERGE en la que la URI está configurada para manejarse con el módulo mod_dav_svn, pero determinados atributos href en los datos XML se refieren a una URI que no es del tipo DAV. • http://lists.opensuse.org/opensuse-updates/2013-08/msg00026.html http://lists.opensuse.org/opensuse-updates/2013-08/msg00029.html http://lists.opensuse.org/opensuse-updates/2013-08/msg00030.html http://rhn.redhat.com/errata/RHSA-2013-1156.html http://rhn.redhat.com/errata/RHSA-2013-1207.html http://rhn.redhat.com/errata/RHSA-2013-1208.html http://rhn.redhat.com/errata/RHSA-2013-1209.html http://secunia.com/advisories/55032 http://support.apple.com/kb/HT6150 http:/ •