CVE-2019-14885 – EAP: Vault system property security attribute value is revealed on CLI 'reload' command
https://notcve.org/view.php?id=CVE-2019-14885
A flaw was found in the JBoss EAP Vault system in all versions before 7.2.6.GA. Confidential information of the system property's security attribute value is revealed in the JBoss EAP log file when executing a JBoss CLI 'reload' command. This flaw can lead to the exposure of confidential information. Se detectó un fallo en el sistema JBoss EAP Vault en todas las versiones anteriores a 7.2.6.GA. La información confidencial del valor del atributo de seguridad de la propiedad del sistema es revelada en el archivo de registro de JBoss EAP cuando se ejecuta un comando "reload" de la CLI de JBoss. • https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-14885 https://access.redhat.com/security/cve/CVE-2019-14885 https://bugzilla.redhat.com/show_bug.cgi?id=1770615 • CWE-532: Insertion of Sensitive Information into Log File •
CVE-2016-9585
https://notcve.org/view.php?id=CVE-2016-9585
Red Hat JBoss EAP version 5 is vulnerable to a deserialization of untrusted data in the JMX endpoint when deserializes the credentials passed to it. An attacker could exploit this vulnerability resulting in a denial of service attack. Red Hat JBoss EAP, versión 5, es vulnerable a una deserialización de datos no fiables en el endpoint JMX cuando deserializa las credenciales que se le pasan. Un atacante puede explotar esta vulnerabilidad para provocar una denegación de servicio (DoS). • http://www.securityfocus.com/bid/94932 https://bugzilla.redhat.com/show_bug.cgi?id=1404528 • CWE-502: Deserialization of Untrusted Data •
CVE-2016-7066 – admin-cli: Any local users can connect to jboss-cli
https://notcve.org/view.php?id=CVE-2016-7066
It was found that the improper default permissions on /tmp/auth directory in JBoss Enterprise Application Platform before 7.1.0 can allow any local user to connect to CLI and allow the user to execute any arbitrary operations. Se ha detectado que los permisos incorrectos por defecto en el directorio /tmp/auth en JBoss Enterprise Application Platform en versiones anteriores a la 7.1.0 pueden permitir que cualquier usuario local se conecte a la interfaz de línea de comandos y ejecute cualquier operación arbitraria. It was found that the improper default permissions on /tmp/auth directory in EAP 7 can allow any local user to connect to CLI and allow the user to execute any arbitrary operations. • https://access.redhat.com/errata/RHSA-2017:3456 https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2016-7066 https://access.redhat.com/security/cve/CVE-2016-7066 https://bugzilla.redhat.com/show_bug.cgi?id=1401661 • CWE-266: Incorrect Privilege Assignment CWE-275: Permission Issues •
CVE-2017-12167 – EAP-7: Wrong privileges on multiple property files
https://notcve.org/view.php?id=CVE-2017-12167
It was found in EAP 7 before 7.0.9 that properties based files of the management and the application realm configuration that contain user to role mapping are world readable allowing access to users and roles information to all the users logged in to the system. Se ha detectado en EAP 7 en versiones anteriores a la 7.0.9 que los archivos basados en propiedades de la administración y la configuración del dominio de la aplicación que contienen mapeo de usuario a rol son legibles para todos los usuarios, permitiendo el acceso a la información de usuarios y roles a todos los usuarios conectados al sistema. It was found that properties based files of the management and the application realm configuration that contain user to role mapping are world readable allowing access to users and roles information to all the users logged in to the system. • http://www.securityfocus.com/bid/100903 https://access.redhat.com/errata/RHSA-2017:3454 https://access.redhat.com/errata/RHSA-2017:3455 https://access.redhat.com/errata/RHSA-2017:3456 https://access.redhat.com/errata/RHSA-2017:3458 https://access.redhat.com/errata/RHSA-2018:0002 https://access.redhat.com/errata/RHSA-2018:0003 https://access.redhat.com/errata/RHSA-2018:0004 https://access.redhat.com/errata/RHSA-2018:0005 https://bugzilla.redhat.com/show_bug.cgi?id=C • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor CWE-732: Incorrect Permission Assignment for Critical Resource •
CVE-2017-12149 – Red Hat JBoss Application Server Remote Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2017-12149
In Jboss Application Server as shipped with Red Hat Enterprise Application Platform 5.2, it was found that the doFilter method in the ReadOnlyAccessFilter of the HTTP Invoker does not restrict classes for which it performs deserialization and thus allowing an attacker to execute arbitrary code via crafted serialized data. En Jboss Application Server tal y como se distribuye con Red Hat Enterprise Application Platform 5.2, se ha descubierto que el método doFilter en el ReadOnlyAccessFilter del invocador HTTP no restringe las clases para las que realiza la deserialización y, por lo tanto, permite que un atacante ejecute código arbitrario mediante datos serializados manipulados. It was found that the doFilter method in the ReadOnlyAccessFilter of the HTTP Invoker does not restrict classes for which it performs deserialization. This allows an attacker to execute arbitrary code via crafted serialized data. The JBoss Application Server, shipped with Red Hat Enterprise Application Platform 5.2, allows an attacker to execute arbitrary code via crafted serialized data. • https://github.com/sevck/CVE-2017-12149 https://github.com/1337g/CVE-2017-12149 https://github.com/jreppiks/CVE-2017-12149 https://github.com/JesseClarkND/CVE-2017-12149 https://github.com/VVeakee/CVE-2017-12149 http://www.securityfocus.com/bid/100591 https://access.redhat.com/errata/RHSA-2018:1607 https://access.redhat.com/errata/RHSA-2018:1608 https://bugzilla.redhat.com/show_bug.cgi?id=1486220 https://github.com/gottburgm/Exploits/tree/master/CVE-2017-12149 https: • CWE-502: Deserialization of Untrusted Data •