CVE-2014-0059 – JBossSX/PicketBox: World readable audit.log file
https://notcve.org/view.php?id=CVE-2014-0059
JBoss SX and PicketBox, as used in Red Hat JBoss Enterprise Application Platform (EAP) before 6.2.3, use world-readable permissions on audit.log, which allows local users to obtain sensitive information by reading this file. JBoss SX y PicketBox, como se usan en Red Hat JBoss Enterprise Application Platform (EAP) en versiones anteriores a 6.2.3, utilizan permisos de lectura universal en audit.log, lo que permite a usuarios locales obtener información sensible leyendo este archivo. It was found that the security auditing functionality provided by PicketBox and JBossSX, both security frameworks for Java applications, used a world-readable audit.log file to record sensitive information. A local user could possibly use this flaw to gain access to the sensitive information in the audit.log file. • http://rhn.redhat.com/errata/RHSA-2014-0563.html http://rhn.redhat.com/errata/RHSA-2014-0564.html http://rhn.redhat.com/errata/RHSA-2014-0565.html http://rhn.redhat.com/errata/RHSA-2015-0675.html http://rhn.redhat.com/errata/RHSA-2015-0850.html http://rhn.redhat.com/errata/RHSA-2015-0851.html https://access.redhat.com/security/cve/CVE-2014-0059 https://bugzilla.redhat.com/show_bug.cgi?id=1063642 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor CWE-532: Insertion of Sensitive Information into Log File •
CVE-2014-0058 – EAP6: Plain text password logging during security audit
https://notcve.org/view.php?id=CVE-2014-0058
The security audit functionality in Red Hat JBoss Enterprise Application Platform (EAP) 6.x before 6.2.1 logs request parameters in plaintext, which might allow local users to obtain passwords by reading the log files. La funcionalidad de auditoría de seguridad en Red Hat JBoss Enterprise Application Platform (EAP) 6.x anterior a 6.2.1 registra parámetros de solicitud en texto claro, lo que podría permitir a usuarios locales obtener contraseñas mediante la lectura de los archivos de log. It was found that the security audit functionality logged request parameters in plain text. This may have caused passwords to be included in the audit log files when using BASIC or FORM-based authentication. A local attacker with access to audit log files could possibly use this flaw to obtain application or server authentication credentials. • http://rhn.redhat.com/errata/RHSA-2014-0204.html http://rhn.redhat.com/errata/RHSA-2014-0205.html http://rhn.redhat.com/errata/RHSA-2015-0034.html http://www.securityfocus.com/bid/65762 https://access.redhat.com/security/cve/CVE-2014-0058 https://bugzilla.redhat.com/show_bug.cgi?id=1063641 • CWE-310: Cryptographic Issues •
CVE-2013-2133 – WS: EJB3 role restrictions are not applied to jaxws handlers
https://notcve.org/view.php?id=CVE-2013-2133
The EJB invocation handler implementation in Red Hat JBossWS, as used in JBoss Enterprise Application Platform (EAP) before 6.2.0, does not properly enforce the method level restrictions for JAX-WS Service endpoints, which allows remote authenticated users to access otherwise restricted JAX-WS handlers by leveraging permissions to the EJB class. La implementación del manejador de invocación EJB en Red Hat JBossWS, como se utiliza en JBoss Enterprise Application Platform (EAP) anteriores a 6.2.0, no hace cumplir correctamente las restricciones de nivel de método para JAX-WS Service endpoints, lo cual permite a usuarios autenticados remotamente acceder a manejadores, de otra manera restringidos, mediante el aprovechamiento de permisos de la clase EJB. A flaw was found in the way method-level authorization for JAX-WS Service endpoints was performed by the EJB invocation handler implementation. Any restrictions declared on EJB methods were ignored when executing the JAX-WS handlers, and only class-level restrictions were applied. A remote attacker who is authorized to access the EJB class, could invoke a JAX-WS handler which they were not authorized to invoke. • http://rhn.redhat.com/errata/RHSA-2013-1784.html http://rhn.redhat.com/errata/RHSA-2013-1785.html http://rhn.redhat.com/errata/RHSA-2013-1786.html http://rhn.redhat.com/errata/RHSA-2015-0850.html http://rhn.redhat.com/errata/RHSA-2015-0851.html http://www.securitytracker.com/id/1029431 https://access.redhat.com/security/cve/CVE-2013-2133 https://bugzilla.redhat.com/show_bug.cgi?id=969924 • CWE-264: Permissions, Privileges, and Access Controls CWE-862: Missing Authorization •
CVE-2013-1921 – PicketBox: Insecure storage of masked passwords
https://notcve.org/view.php?id=CVE-2013-1921
PicketBox, as used in Red Hat JBoss Enterprise Application Platform before 6.1.1, allows local users to obtain the admin encryption key by reading the Vault data file. PicketBox, utilizado en Red Hat JBoss Enterprise Application Platform anteriores a 6.1.1, permite a un usuario local obtener la clave de cifrado de administrador leyendo el archivo de datos Vault. • http://rhn.redhat.com/errata/RHSA-2013-1207.html http://rhn.redhat.com/errata/RHSA-2013-1208.html http://rhn.redhat.com/errata/RHSA-2013-1209.html http://rhn.redhat.com/errata/RHSA-2013-1437.html http://rhn.redhat.com/errata/RHSA-2014-0029.html https://bugzilla.redhat.com/show_bug.cgi?id=948106 https://access.redhat.com/security/cve/CVE-2013-1921 • CWE-310: Cryptographic Issues •
CVE-2013-2185 – Tomcat/JBossWeb: Arbitrary file upload via deserialization
https://notcve.org/view.php?id=CVE-2013-2185
The readObject method in the DiskFileItem class in Apache Tomcat and JBoss Web, as used in Red Hat JBoss Enterprise Application Platform 6.1.0 and Red Hat JBoss Portal 6.0.0, allows remote attackers to write to arbitrary files via a NULL byte in a file name in a serialized instance, a similar issue to CVE-2013-2186. NOTE: this issue is reportedly disputed by the Apache Tomcat team, although Red Hat considers it a vulnerability. The dispute appears to regard whether it is the responsibility of applications to avoid providing untrusted data to be deserialized, or whether this class should inherently protect against this issue ** EN DISPUTA ** ** El método readObject en la clase DiskFileItem en Apache Tomcat y JBoss Web, tal como se utiliza en la plataforma Red Hat JBoss Enterprise Application 6.1.0 y Red Hat JBoss Portal 6.0.0, permite a atacantes remotos para escribir en archivos arbitrarios a través de un byte NULL en un nombre de archivo en una instancia serializada, un problema similar a CVE-2013-2.186. NOTA: se ha informado que este problema es disputado por el equipo de Apache Tomcat, aunque Red Hat lo considera una vulnerabilidad. La disputa parece considerar si se trata de la responsabilidad de las aplicaciones para evitar que los datos no confiables para ser deserializados, o si esta clase debe proteger inherentemente contra este tema. • http://openwall.com/lists/oss-security/2014/10/24/12 http://rhn.redhat.com/errata/RHSA-2013-1193.html http://rhn.redhat.com/errata/RHSA-2013-1194.html http://rhn.redhat.com/errata/RHSA-2013-1265.html http://www.openwall.com/lists/oss-security/2013/09/05/4 https://access.redhat.com/security/cve/CVE-2013-2185 https://bugzilla.redhat.com/show_bug.cgi?id=974813 • CWE-20: Improper Input Validation CWE-626: Null Byte Interaction Error (Poison Null Byte) •