CVSS: 7.5EPSS: 8%CPEs: 6EXPL: 2CVE-2018-1041 – JBoss Remoting 6.14.18 - Denial of Service
https://notcve.org/view.php?id=CVE-2018-1041
05 Feb 2018 — A vulnerability was found in the way RemoteMessageChannel, introduced in jboss-remoting versions 3.3.10, reads from an empty buffer. An attacker could use this flaw to cause denial of service via high CPU caused by an infinite loop. Se ha encontrado una vulnerabilidad en la forma en la que RemoteMessageChannel, introducido en las versiones 3.3.10 de jboss-remoting, lee desde un búfer vacío. Un atacante podría emplear este error para provocar una denegación de servicio (DoS) mediante un consumo alto de CPU a... • https://packetstorm.news/files/id/146423 • CWE-835: Loop with Unreachable Exit Condition ('Infinite Loop') •
CVSS: 7.8EPSS: 0%CPEs: 12EXPL: 0CVE-2017-12174 – artemis/hornetq: memory exhaustion via UDP and JGroups discovery
https://notcve.org/view.php?id=CVE-2017-12174
05 Feb 2018 — It was found that when Artemis and HornetQ before 2.4.0 are configured with UDP discovery and JGroups discovery a huge byte array is created when receiving an unexpected multicast message. This may result in a heap memory exhaustion, full GC, or OutOfMemoryError. Se ha descubierto que cuando Artemis y HornetQ, en versiones anteriores a la 2.4.0, se configuran con detección UDP y detección JGroups, se crea un array con muchos bytes al recibir un mensaje multicast inesperado. Esto podría resultar en un agotam... • https://access.redhat.com/errata/RHSA-2018:0268 • CWE-20: Improper Input Validation CWE-400: Uncontrolled Resource Consumption •
CVSS: 9.8EPSS: 21%CPEs: 21EXPL: 4CVE-2017-17485 – jackson-databind: Unsafe deserialization due to incomplete black list (incomplete fix for CVE-2017-15095)
https://notcve.org/view.php?id=CVE-2017-17485
10 Jan 2018 — FasterXML jackson-databind through 2.8.10 and 2.9.x through 2.9.3 allows unauthenticated remote code execution because of an incomplete fix for the CVE-2017-7525 deserialization flaw. This is exploitable by sending maliciously crafted JSON input to the readValue method of the ObjectMapper, bypassing a blacklist that is ineffective if the Spring libraries are available in the classpath. FasterXML jackson-databind hasta la versión 2.8.10 y 2.9.x hasta la 2.9.3 permite que se ejecute código de manera remota y ... • https://packetstorm.news/files/id/145805 • CWE-502: Deserialization of Untrusted Data •
CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 0CVE-2016-7066 – admin-cli: Any local users can connect to jboss-cli
https://notcve.org/view.php?id=CVE-2016-7066
14 Dec 2017 — It was found that the improper default permissions on /tmp/auth directory in JBoss Enterprise Application Platform before 7.1.0 can allow any local user to connect to CLI and allow the user to execute any arbitrary operations. Se ha detectado que los permisos incorrectos por defecto en el directorio /tmp/auth en JBoss Enterprise Application Platform en versiones anteriores a la 7.1.0 pueden permitir que cualquier usuario local se conecte a la interfaz de línea de comandos y ejecute cualquier operación arbit... • https://access.redhat.com/errata/RHSA-2017:3456 • CWE-266: Incorrect Privilege Assignment CWE-275: Permission Issues •
CVSS: 5.5EPSS: 0%CPEs: 7EXPL: 0CVE-2017-12167 – EAP-7: Wrong privileges on multiple property files
https://notcve.org/view.php?id=CVE-2017-12167
14 Dec 2017 — It was found in EAP 7 before 7.0.9 that properties based files of the management and the application realm configuration that contain user to role mapping are world readable allowing access to users and roles information to all the users logged in to the system. Se ha detectado en EAP 7 en versiones anteriores a la 7.0.9 que los archivos basados en propiedades de la administración y la configuración del dominio de la aplicación que contienen mapeo de usuario a rol son legibles para todos los usuarios, permi... • http://www.securityfocus.com/bid/100903 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor CWE-732: Incorrect Permission Assignment for Critical Resource •
CVSS: 9.8EPSS: 17%CPEs: 58EXPL: 0CVE-2017-15095 – jackson-databind: Unsafe deserialization due to incomplete black list (incomplete fix for CVE-2017-7525)
https://notcve.org/view.php?id=CVE-2017-15095
13 Nov 2017 — A deserialization flaw was discovered in the jackson-databind in versions before 2.8.10 and 2.9.1, which could allow an unauthenticated user to perform code execution by sending the maliciously crafted input to the readValue method of the ObjectMapper. This issue extends the previous flaw CVE-2017-7525 by blacklisting more classes that could be used maliciously. Se ha descubierto un error de deserialización en jackson-databind, en versiones anteriores a la 2.8.10 y a la 2.9.1, que podría permitir que un usu... • http://www.oracle.com/technetwork/security-advisory/cpuapr2018-3678067.html • CWE-184: Incomplete List of Disallowed Inputs CWE-502: Deserialization of Untrusted Data •
CVSS: 6.5EPSS: 2%CPEs: 8EXPL: 0CVE-2017-2582 – keycloak: SAML request parser replaces special strings with system properties
https://notcve.org/view.php?id=CVE-2017-2582
26 Sep 2017 — It was found that while parsing the SAML messages the StaxParserUtil class of keycloak before 2.5.1 replaces special strings for obtaining attribute values with system property. This could allow an attacker to determine values of system properties at the attacked system by formatting the SAML request ID field to be the chosen system property which could be obtained in the "InResponseTo" field in the response. Se ha descubierto que cuando se analizan los mensajes SAML, la clase StaxParserUtil de keycloak en ... • http://www.securityfocus.com/bid/101046 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor CWE-201: Insertion of Sensitive Information Into Sent Data •
CVSS: 7.0EPSS: 0%CPEs: 17EXPL: 0CVE-2017-7536 – hibernate-validator: Privilege escalation when running under the security manager
https://notcve.org/view.php?id=CVE-2017-7536
26 Sep 2017 — In Hibernate Validator 5.2.x before 5.2.5 final, 5.3.x, and 5.4.x, it was found that when the security manager's reflective permissions, which allows it to access the private members of the class, are granted to Hibernate Validator, a potential privilege escalation can occur. By allowing the calling code to access those private members without the permission an attacker may be able to validate an invalid instance and access the private member value via ConstraintViolation#getInvalidValue(). En Hibernate Val... • http://www.securityfocus.com/bid/101048 • CWE-470: Use of Externally-Controlled Input to Select Classes or Code ('Unsafe Reflection') CWE-592: DEPRECATED: Authentication Bypass Issues •
CVSS: 5.9EPSS: 0%CPEs: 1EXPL: 1CVE-2015-1849
https://notcve.org/view.php?id=CVE-2015-1849
19 Sep 2017 — AdvancedLdapLodinMogule in Red Hat JBoss Enterprise Application Platform (EAP) before 6.4.1 allows attackers to obtain sensitive information via vectors involving logging the LDAP bind credential password when TRACE logging is enabled. AdvancedLdapLodinMogule en Red Hat JBoss Enterprise Application Platform (EAP) en versiones anteriores a la 6.4.1 permite que los atacantes obtengan información sensible mediante vectores que implican el registro de la contraseña de las credenciales asociadas al protocolo LDA... • https://bugzilla.redhat.com/show_bug.cgi?id=1199641 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 9.8EPSS: 82%CPEs: 52EXPL: 7CVE-2017-7525 – jackson-databind: Deserialization vulnerability via readValue method of ObjectMapper
https://notcve.org/view.php?id=CVE-2017-7525
31 Jul 2017 — A deserialization flaw was discovered in the jackson-databind, versions before 2.6.7.1, 2.7.9.1 and 2.8.9, which could allow an unauthenticated user to perform code execution by sending the maliciously crafted input to the readValue method of the ObjectMapper. Se ha descubierto un error de deserialización en jackson-databind, en versiones anteriores a la 2.6.7.1, 2.7.9.1 y a la 2.8.9, que podría permitir que un usuario no autenticado ejecute código enviando las entradas maliciosamente manipuladas al método ... • https://packetstorm.news/files/id/145805 • CWE-20: Improper Input Validation CWE-184: Incomplete List of Disallowed Inputs CWE-502: Deserialization of Untrusted Data •