CVSS: 6.6EPSS: 0%CPEs: 1EXPL: 0CVE-2013-3734 – JBoss AS Administrative Console Password Disclosure
https://notcve.org/view.php?id=CVE-2013-3734
The Embedded Jopr component in JBoss Application Server includes the cleartext datasource password in unspecified HTML responses, which might allow (1) man-in-the-middle attackers to obtain sensitive information by leveraging failure to use SSL or (2) attackers to obtain sensitive information by reading the HTML source code. NOTE: the vendor says that this does not cross a trust boundary and that it is recommended best-practice that SSL is configured for the administrative console **EN DISPUTA** El componente Embedded Jopr en JBoss Application Server incluye la contraseña del origen de datos en texto en claro en respuestas HTML no especificadas, lo que podría permitir (1) que atacantes Man-in-the-Middle (MitM) obtengan información sensible aprovechando que no se puede utilizar SSL o (2) que los atacantes obtengan información sensible leyendo el código fuente HTML. NOTA: el fabricante dice que no traspasa ningún límite de confianza y que el hecho de que el SSL esté configurado para la consola administrativa es una buena práctica recomendada. JBoss AS administration consoles versions prior to 1.2 re-embed password that are disclosed when viewing page source. This is an obvious poor security practice and the vendor has decided not to fix it, possibly due to lack of comprehending why it is a bad idea. • http://www.securityfocus.com/bid/60429 https://bugzilla.redhat.com/show_bug.cgi?id=971637 https://www.halock.com/blog/cve-2013-3734-jboss-administration-console-password-returned-response • CWE-255: Credentials Management Errors •
CVSS: 4.3EPSS: 0%CPEs: 11EXPL: 0CVE-2012-4529 – Web: jsessionid exposed via encoded url when using cookie based session tracking
https://notcve.org/view.php?id=CVE-2012-4529
The org.apache.catalina.connector.Response.encodeURL method in Red Hat JBoss Web 7.1.x and earlier, when the tracking mode is set to COOKIE, sends the jsessionid in the URL of the first response of a session, which allows remote attackers to obtain the session id (1) via a man-in-the-middle attack or (2) by reading a log. El método org.apache.catalina.connector.Response.encodeURL en Red Hat JBoss Web 7.1.x y anteriores, cuando el modo de traceo está fijado a COOKIE, envia el parámetro jsessionid en la URL de la primera respuesta de una sesion, lo que permite a atacantes remotos obtener el id de sesion a treves de un ataque man-in-the-middle o leyendo un log • http://ocpsoft.org/support/topic/session-id-is-appended-as-url-path-parameter-in-very-first-request http://rhn.redhat.com/errata/RHSA-2013-0833.html http://rhn.redhat.com/errata/RHSA-2013-0834.html http://rhn.redhat.com/errata/RHSA-2013-0839.html http://rhn.redhat.com/errata/RHSA-2013-1437.html https://issues.jboss.org/browse/JBWEB-249 https://access.redhat.com/security/cve/CVE-2012-4529 https://bugzilla.redhat.com/show_bug.cgi?id=868202 •
CVSS: 5.1EPSS: 20%CPEs: 27EXPL: 0CVE-2013-1862 – httpd: mod_rewrite allows terminal escape sequences to be written to the log file
https://notcve.org/view.php?id=CVE-2013-1862
mod_rewrite.c in the mod_rewrite module in the Apache HTTP Server 2.2.x before 2.2.25 writes data to a log file without sanitizing non-printable characters, which might allow remote attackers to execute arbitrary commands via an HTTP request containing an escape sequence for a terminal emulator. mod_rewrite.c en el modulo mod_rewrite en Apache HTTP Server v2.2.x anterior a v2.2.25 escribe datos en un archivo de log sin eliminar caracteres no imprimibles, lo que podría permitir a un atacante remotos ejecutar comandos arbitrarios a través de una petición HTTP que contiene una secuencia de escape para un emulador de terminal. • http://lists.opensuse.org/opensuse-updates/2013-08/msg00026.html http://lists.opensuse.org/opensuse-updates/2013-08/msg00029.html http://lists.opensuse.org/opensuse-updates/2013-08/msg00030.html http://people.apache.org/~jorton/mod_rewrite-CVE-2013-1862.patch http://rhn.redhat.com/errata/RHSA-2013-0815.html http://rhn.redhat.com/errata/RHSA-2013-1207.html http://rhn.redhat.com/errata/RHSA-2013-1208.html http://rhn.redhat.com/errata/RHSA-2013-1209.html http://secunia. •
CVSS: 2.1EPSS: 0%CPEs: 2EXPL: 0CVE-2009-5066 – JBoss: twiddle.sh accepts credentials as command line arguments, exposing them to other local users via a process listing
https://notcve.org/view.php?id=CVE-2009-5066
twiddle.sh in JBoss AS 5.0 and EAP 5.0 and earlier accepts credentials as command-line arguments, which allows local users to read the credentials by listing the process and its arguments. twiddle.sh en JBoss AS v5.0 y PEA v5.0 y versiones anteriores acepta credenciales como argumentos de línea de comandos, lo que permite a usuarios locales leer las credenciales al listar el proceso y sus argumentos. • http://objectopia.com/2009/10/01/securing-jmx-invoker-layer-in-jboss http://rhn.redhat.com/errata/RHSA-2013-0191.html http://rhn.redhat.com/errata/RHSA-2013-0192.html http://rhn.redhat.com/errata/RHSA-2013-0193.html http://rhn.redhat.com/errata/RHSA-2013-0194.html http://rhn.redhat.com/errata/RHSA-2013-0195.html http://rhn.redhat.com/errata/RHSA-2013-0196.html http://rhn.redhat.com/errata/RHSA-2013-0197.html http://rhn.redhat.com/errata/RHSA-2013-0198.ht • CWE-255: Credentials Management Errors •
CVSS: 4.3EPSS: 84%CPEs: 9EXPL: 5CVE-2008-0455 – Apache 2.2.6 mod_negotiation - HTML Injection / HTTP Response Splitting
https://notcve.org/view.php?id=CVE-2008-0455
Cross-site scripting (XSS) vulnerability in the mod_negotiation module in the Apache HTTP Server 2.2.6 and earlier in the 2.2.x series, 2.0.61 and earlier in the 2.0.x series, and 1.3.39 and earlier in the 1.3.x series allows remote authenticated users to inject arbitrary web script or HTML by uploading a file with a name containing XSS sequences and a file extension, which leads to injection within a (1) "406 Not Acceptable" or (2) "300 Multiple Choices" HTTP response when the extension is omitted in a request for the file. Vulnerabilidad de secuencias de comandos en sitios cruzados (XSS) en el módulo mod_negotiation de Apache HTTP Server 2.2.6 y anteriores en las series 2.2.x, 2.0.61 y anteriores en las series 2.0.x, y 1.3.39 y anteriores en las series 1.3.x permite a usuarios remotos autenticados inyectar secuencias de comandos web o HTML de su elección subiendo un fichero con un nombre que contiene secuencias XSS y una extensión de fichero, lo cual conduce conduce a la inyección en respuestas HTTP (1) "406 Not Acceptable" o (2) "300 Multiple Choices" cuando se omite la extensión en la petición del fichero. • https://www.exploit-db.com/exploits/31052 http://rhn.redhat.com/errata/RHSA-2012-1591.html http://rhn.redhat.com/errata/RHSA-2012-1592.html http://rhn.redhat.com/errata/RHSA-2012-1594.html http://rhn.redhat.com/errata/RHSA-2013-0130.html http://secunia.com/advisories/29348 http://secunia.com/advisories/51607 http://security.gentoo.org/glsa/glsa-200803-19.xml http://securityreason.com/securityalert/3575 http://securitytracker.com/id?1019256 http://www.mindedsecurity.c • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •