CVE-2014-0224 – openssl: SSL/TLS MITM vulnerability
https://notcve.org/view.php?id=CVE-2014-0224
OpenSSL before 0.9.8za, 1.0.0 before 1.0.0m, and 1.0.1 before 1.0.1h does not properly restrict processing of ChangeCipherSpec messages, which allows man-in-the-middle attackers to trigger use of a zero-length master key in certain OpenSSL-to-OpenSSL communications, and consequently hijack sessions or obtain sensitive information, via a crafted TLS handshake, aka the "CCS Injection" vulnerability. OpenSSL anterior a 0.9.8za, 1.0.0 anterior a 1.0.0m y 1.0.1 anterior a 1.0.1h no restringe debidamente el procesamiento de mensajes ChangeCipherSpec, lo que permite a atacantes man-in-the-middle provocar el uso de una clave maestra de longitud cero en ciertas comunicaciones OpenSSL-a-OpenSSL, y como consecuencia secuestrar sesiones u obtener información sensible, a través de una negociación TLS manipulada, también conocido como la vulnerabilidad de 'inyección CCS'. It was found that OpenSSL clients and servers could be forced, via a specially crafted handshake packet, to use weak keying material for communication. A man-in-the-middle attacker could use this flaw to decrypt and modify traffic between a client and a server. • https://github.com/secretnonempty/CVE-2014-0224 https://github.com/iph0n3/CVE-2014-0224 http://aix.software.ibm.com/aix/efixes/security/openssl_advisory9.asc http://ccsinjection.lepidum.co.jp http://dev.mysql.com/doc/relnotes/workbench/en/wb-news-6-1-7.html http://esupport.trendmicro.com/solution/en-US/1103813.aspx http://kb.juniper.net/InfoCenter/index?page=content&id=JSA10629 http://kb.juniper.net/InfoCenter/index?page=content&id=KB29195 http://kb.juniper.net/InfoCenter/ • CWE-326: Inadequate Encryption Strength CWE-841: Improper Enforcement of Behavioral Workflow •
CVE-2014-0059 – JBossSX/PicketBox: World readable audit.log file
https://notcve.org/view.php?id=CVE-2014-0059
JBoss SX and PicketBox, as used in Red Hat JBoss Enterprise Application Platform (EAP) before 6.2.3, use world-readable permissions on audit.log, which allows local users to obtain sensitive information by reading this file. JBoss SX y PicketBox, como se usan en Red Hat JBoss Enterprise Application Platform (EAP) en versiones anteriores a 6.2.3, utilizan permisos de lectura universal en audit.log, lo que permite a usuarios locales obtener información sensible leyendo este archivo. It was found that the security auditing functionality provided by PicketBox and JBossSX, both security frameworks for Java applications, used a world-readable audit.log file to record sensitive information. A local user could possibly use this flaw to gain access to the sensitive information in the audit.log file. • http://rhn.redhat.com/errata/RHSA-2014-0563.html http://rhn.redhat.com/errata/RHSA-2014-0564.html http://rhn.redhat.com/errata/RHSA-2014-0565.html http://rhn.redhat.com/errata/RHSA-2015-0675.html http://rhn.redhat.com/errata/RHSA-2015-0850.html http://rhn.redhat.com/errata/RHSA-2015-0851.html https://access.redhat.com/security/cve/CVE-2014-0059 https://bugzilla.redhat.com/show_bug.cgi?id=1063642 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor CWE-532: Insertion of Sensitive Information into Log File •
CVE-2014-0093 – 6: JSM policy not respected by deployed applications
https://notcve.org/view.php?id=CVE-2014-0093
Red Hat JBoss Enterprise Application Platform (JBEAP) 6.2.2, when using a Java Security Manager (JSM), does not properly apply permissions defined by a policy file, which causes applications to be granted the java.security.AllPermission permission and allows remote attackers to bypass intended access restrictions. Red Hat JBoss Enterprise Application Platform (JBEAP) 6.2.2, cuando utiliza un Java Security Manager (JSM), no aplica debidamente permisos definidos por un archivo de política, lo que causa a aplicaciones ser concedidas el permiso java.security.AllPermission y permite a atacantes remotos evadir restricciones de acceso. It was found that Java Security Manager permissions configured via a policy file were not properly applied, causing all deployed applications to be granted the java.security.AllPermission permission. In certain cases, an attacker could use this flaw to circumvent expected security measures to perform actions which would otherwise be restricted. • http://rhn.redhat.com/errata/RHSA-2014-0343.html http://rhn.redhat.com/errata/RHSA-2014-0344.html http://rhn.redhat.com/errata/RHSA-2014-0345.html http://secunia.com/advisories/57675 http://www.securityfocus.com/bid/66596 https://access.redhat.com/security/cve/CVE-2014-0093 https://bugzilla.redhat.com/show_bug.cgi?id=1070046 • CWE-264: Permissions, Privileges, and Access Controls •
CVE-2014-0058 – EAP6: Plain text password logging during security audit
https://notcve.org/view.php?id=CVE-2014-0058
The security audit functionality in Red Hat JBoss Enterprise Application Platform (EAP) 6.x before 6.2.1 logs request parameters in plaintext, which might allow local users to obtain passwords by reading the log files. La funcionalidad de auditoría de seguridad en Red Hat JBoss Enterprise Application Platform (EAP) 6.x anterior a 6.2.1 registra parámetros de solicitud en texto claro, lo que podría permitir a usuarios locales obtener contraseñas mediante la lectura de los archivos de log. It was found that the security audit functionality logged request parameters in plain text. This may have caused passwords to be included in the audit log files when using BASIC or FORM-based authentication. A local attacker with access to audit log files could possibly use this flaw to obtain application or server authentication credentials. • http://rhn.redhat.com/errata/RHSA-2014-0204.html http://rhn.redhat.com/errata/RHSA-2014-0205.html http://rhn.redhat.com/errata/RHSA-2015-0034.html http://www.securityfocus.com/bid/65762 https://access.redhat.com/security/cve/CVE-2014-0058 https://bugzilla.redhat.com/show_bug.cgi?id=1063641 • CWE-310: Cryptographic Issues •
CVE-2014-0018 – jboss-as-server: Unchecked access to MSC Service Registry under JSM
https://notcve.org/view.php?id=CVE-2014-0018
Red Hat JBoss Enterprise Application Platform (JBEAP) 6.2.0 and JBoss WildFly Application Server, when run under a security manager, do not properly restrict access to the Modular Service Container (MSC) service registry, which allows local users to modify the server via a crafted deployment. Red Hat JBoss Enterprise Application Platform (JBEAP) 6.2.0 y JBoss WildFly Application Server, cuando es ejecutado bajo un gestor de seguridad, no restringe debidamente el acceso al registro del servicio Modular Service Container (MSC), lo que permite a usuarios locales modificar el servidor a través de una implementación manipulada. In Red Hat JBoss Enterprise Application Platform, when running under a security manager, it was possible for deployed code to get access to the Modular Service Container (MSC) service registry without any permission checks. This could allow malicious deployments to modify the internal state of the server in various ways. • http://rhn.redhat.com/errata/RHSA-2014-0170.html http://rhn.redhat.com/errata/RHSA-2014-0171.html http://rhn.redhat.com/errata/RHSA-2014-0172.html http://www.securityfocus.com/bid/65591 https://bugzilla.redhat.com/show_bug.cgi?id=1052783 https://access.redhat.com/security/cve/CVE-2014-0018 • CWE-264: Permissions, Privileges, and Access Controls •