CVSS: 5.5EPSS: 0%CPEs: 7EXPL: 0CVE-2017-12167 – EAP-7: Wrong privileges on multiple property files
https://notcve.org/view.php?id=CVE-2017-12167
It was found in EAP 7 before 7.0.9 that properties based files of the management and the application realm configuration that contain user to role mapping are world readable allowing access to users and roles information to all the users logged in to the system. Se ha detectado en EAP 7 en versiones anteriores a la 7.0.9 que los archivos basados en propiedades de la administración y la configuración del dominio de la aplicación que contienen mapeo de usuario a rol son legibles para todos los usuarios, permitiendo el acceso a la información de usuarios y roles a todos los usuarios conectados al sistema. It was found that properties based files of the management and the application realm configuration that contain user to role mapping are world readable allowing access to users and roles information to all the users logged in to the system. • http://www.securityfocus.com/bid/100903 https://access.redhat.com/errata/RHSA-2017:3454 https://access.redhat.com/errata/RHSA-2017:3455 https://access.redhat.com/errata/RHSA-2017:3456 https://access.redhat.com/errata/RHSA-2017:3458 https://access.redhat.com/errata/RHSA-2018:0002 https://access.redhat.com/errata/RHSA-2018:0003 https://access.redhat.com/errata/RHSA-2018:0004 https://access.redhat.com/errata/RHSA-2018:0005 https://bugzilla.redhat.com/show_bug.cgi?id=C • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor CWE-732: Incorrect Permission Assignment for Critical Resource •
CVSS: 9.8EPSS: 93%CPEs: 9EXPL: 5CVE-2017-12149 – Red Hat JBoss Application Server Remote Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2017-12149
In Jboss Application Server as shipped with Red Hat Enterprise Application Platform 5.2, it was found that the doFilter method in the ReadOnlyAccessFilter of the HTTP Invoker does not restrict classes for which it performs deserialization and thus allowing an attacker to execute arbitrary code via crafted serialized data. En Jboss Application Server tal y como se distribuye con Red Hat Enterprise Application Platform 5.2, se ha descubierto que el método doFilter en el ReadOnlyAccessFilter del invocador HTTP no restringe las clases para las que realiza la deserialización y, por lo tanto, permite que un atacante ejecute código arbitrario mediante datos serializados manipulados. It was found that the doFilter method in the ReadOnlyAccessFilter of the HTTP Invoker does not restrict classes for which it performs deserialization. This allows an attacker to execute arbitrary code via crafted serialized data. The JBoss Application Server, shipped with Red Hat Enterprise Application Platform 5.2, allows an attacker to execute arbitrary code via crafted serialized data. • https://github.com/sevck/CVE-2017-12149 https://github.com/1337g/CVE-2017-12149 https://github.com/jreppiks/CVE-2017-12149 https://github.com/JesseClarkND/CVE-2017-12149 https://github.com/VVeakee/CVE-2017-12149 http://www.securityfocus.com/bid/100591 https://access.redhat.com/errata/RHSA-2018:1607 https://access.redhat.com/errata/RHSA-2018:1608 https://bugzilla.redhat.com/show_bug.cgi?id=1486220 https://github.com/gottburgm/Exploits/tree/master/CVE-2017-12149 https: • CWE-502: Deserialization of Untrusted Data •
CVSS: 5.9EPSS: 0%CPEs: 1EXPL: 1CVE-2015-1849
https://notcve.org/view.php?id=CVE-2015-1849
AdvancedLdapLodinMogule in Red Hat JBoss Enterprise Application Platform (EAP) before 6.4.1 allows attackers to obtain sensitive information via vectors involving logging the LDAP bind credential password when TRACE logging is enabled. AdvancedLdapLodinMogule en Red Hat JBoss Enterprise Application Platform (EAP) en versiones anteriores a la 6.4.1 permite que los atacantes obtengan información sensible mediante vectores que implican el registro de la contraseña de las credenciales asociadas al protocolo LDAP cuando el registro TRACE está habilitado. • https://bugzilla.redhat.com/show_bug.cgi?id=1199641 https://bugzilla.redhat.com/show_bug.cgi?id=1208580 https://github.com/wildfly-security/jboss-negotiation/commit/0dc9d191b6eb1d13b8f0189c5b02ba6576f4722e https://github.com/wildfly-security/jboss-negotiation/pull/21 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 9.8EPSS: 1%CPEs: 7EXPL: 0CVE-2016-3690
https://notcve.org/view.php?id=CVE-2016-3690
The PooledInvokerServlet in JBoss EAP 4.x and 5.x allows remote attackers to execute arbitrary code via a crafted serialized payload. El PooledInvokerServlet de Jboss EAP en sus versiones 4.x y 5.x permite a un atacante remoto la ejecución de un código aleatorio mediante un payload de diseño serializado. • http://www.securityfocus.com/bid/99079 https://access.redhat.com/solutions/178393 https://access.redhat.com/solutions/45530 https://bugzilla.redhat.com/show_bug.cgi?id=1327037 • CWE-502: Deserialization of Untrusted Data •
CVSS: 7.8EPSS: 0%CPEs: 12EXPL: 0CVE-2016-8657 – jboss: jbossas writable config files allow privilege escalation
https://notcve.org/view.php?id=CVE-2016-8657
It was discovered that EAP packages in certain versions of Red Hat Enterprise Linux use incorrect permissions for /etc/sysconfig/jbossas configuration files. The file is writable to jboss group (root:jboss, 664). On systems using classic /etc/init.d init scripts (i.e. on Red Hat Enterprise Linux 6 and earlier), the file is sourced by the jboss init script and its content executed with root privileges when jboss service is started, stopped, or restarted. Se ha descubierto que los paquetes EAP en ciertas versiones de Red Hat Enterprise Linux emplean permisos incorrectos para los archivo de configuración /etc/sysconfig/jbossas. El archivo puede escribirse en el grupo jboss (root:jboss, 664). • http://rhn.redhat.com/errata/RHSA-2017-0826.html http://rhn.redhat.com/errata/RHSA-2017-0827.html http://rhn.redhat.com/errata/RHSA-2017-0828.html http://rhn.redhat.com/errata/RHSA-2017-0829.html http://www.securityfocus.com/bid/96896 https://access.redhat.com/errata/RHSA-2018:1609 https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2016-8657 https://access.redhat.com/security/cve/CVE-2016-8657 https://bugzilla.redhat.com/show_bug.cgi?id=1400343 • CWE-264: Permissions, Privileges, and Access Controls CWE-732: Incorrect Permission Assignment for Critical Resource •