CVE-2011-1483 – JBossWS remote Denial of Service
https://notcve.org/view.php?id=CVE-2011-1483
wsf/common/DOMUtils.java in JBossWS Native in Red Hat JBoss Enterprise Application Platform 4.2.0.CP09, 4.3, and 5.1.1; JBoss Enterprise Portal Platform 4.3.CP06 and 5.1.1; JBoss Enterprise SOA Platform 4.2.CP05, 4.3.CP05, and 5.1.0; JBoss Communications Platform 1.2.11 and 5.1.1; JBoss Enterprise BRMS Platform 5.1.0; and JBoss Enterprise Web Platform 5.1.1 does not properly handle recursion during entity expansion, which allows remote attackers to cause a denial of service (memory and CPU consumption) via a crafted request containing an XML document with a DOCTYPE declaration and a large number of nested entity references, a similar issue to CVE-2003-1564. wsf/common/DOMUtils.java en JBossWS Native en Red Hat JBoss Enterprise Application Platform 4.2.0.CP09, 4.3, y 5.1.1; JBoss Enterprise Portal Platform 4.3.CP06 y 5.1.1; JBoss Enterprise SOA Platform 4.2.CP05, 4.3.CP05, y 5.1.0; JBoss Communications Platform 1.2.11 y 5.1.1; JBoss Enterprise BRMS Platform 5.1.0; y JBoss Enterprise Web Platform 5.1.1, no manejan adecuadamente la recursividad durante la expansión de una entidad, lo que permite a atacantes remotos provocar una denegación de servicio (consumo de memoria y CPU) a través de una petición manipulada que contiene un documento XML una declaración DOCTYPE y un gran número de referencias a entidades anidadas. Similar cuestión que el CVE-2003-1564. • http://source.jboss.org/changelog/JBossWS/?cs=13996 https://bugzilla.redhat.com/show_bug.cgi?id=692584 https://h20564.www2.hp.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c03824583 https://access.redhat.com/security/cve/CVE-2011-1483 •
CVE-2011-1484 – JBoss Seam privilege escalation caused by EL interpolation in FacesMessages
https://notcve.org/view.php?id=CVE-2011-1484
jboss-seam.jar in the JBoss Seam 2 framework 2.2.x and earlier, as distributed in Red Hat JBoss Enterprise SOA Platform 4.3.0.CP04 and 5.1.0 and JBoss Enterprise Application Platform (aka JBoss EAP or JBEAP) 4.3.0.CP09 and 5.1.0, does not properly restrict use of Expression Language (EL) statements in FacesMessages during page exception handling, which allows remote attackers to execute arbitrary Java code via a crafted URL to an application. jboss-seam.jar en el framework JBoss Seam 2 2.2.x y versiones anteriores, tal como se distribuye con la plataforma Hat JBoss Enterprise SOA 4.3.0.CP04 y 5.1.0 y JBoss Enterprise Application Platform (JBoss EAP o JBEAP) 4.3.0.CP09 y 5.1.0, no restringen el uso de instrucciones de "Expression Language" (EL) en FacesMessages durante el manejo de excepciones de página, lo que permite a atacantes remotos ejecutar código Java arbitrario a través de una URL modificada a una aplicación. • http://www.redhat.com/support/errata/RHSA-2011-0460.html http://www.redhat.com/support/errata/RHSA-2011-0461.html http://www.redhat.com/support/errata/RHSA-2011-0462.html http://www.redhat.com/support/errata/RHSA-2011-0463.html http://www.redhat.com/support/errata/RHSA-2011-1148.html http://www.redhat.com/support/errata/RHSA-2011-1251.html https://bugzilla.redhat.com/show_bug.cgi?id=692421 https://docs.redhat.com/docs/en-US/JBoss_Communications_Platform/5.1/html/ • CWE-264: Permissions, Privileges, and Access Controls •
CVE-2011-2196 – JBoss Seam EL interpolation in exception handling
https://notcve.org/view.php?id=CVE-2011-2196
jboss-seam.jar in the JBoss Seam 2 framework 2.2.x and earlier, as distributed in Red Hat JBoss Enterprise SOA Platform 4.3.0.CP05 and 5.1.0; JBoss Enterprise Application Platform (aka JBoss EAP or JBEAP) 4.3.0, 4.3.0.CP09, and 5.1.1; and JBoss Enterprise Web Platform 5.1.1, does not properly restrict use of Expression Language (EL) statements in FacesMessages during page exception handling, which allows remote attackers to execute arbitrary Java code via a crafted URL to an application. NOTE: this vulnerability exists because of an incomplete fix for CVE-2011-1484. jboss-seam.jar en el framework de JBoss Seam 2 v2.2.x y anteriores, como el distribuido en Red Hat JBoss Enterprise SOA Platform v4.3.0.CP05 y v5.1.0; JBoss Enterprise Application Platform (también conocido como JBoss EAP o JBEAP) v4.3.0, v4.3.0.CP09, y v5.1.1; y JBoss Enterprise Web Platform v5.1.1, no restringen el uso de elementos Expression Language (EL) en FacesMessages durante la gestión de la página de excepción, lo que permite a atacantes remotos ejecutar código Java a través de una URL manipulada para una aplicación. NOTA: esta vulnerabilidad existe debido a una solución incompleta para CVE-2011-1484. • http://www.redhat.com/support/errata/RHSA-2011-0945.html http://www.redhat.com/support/errata/RHSA-2011-0946.html http://www.redhat.com/support/errata/RHSA-2011-0947.html http://www.redhat.com/support/errata/RHSA-2011-0948.html http://www.redhat.com/support/errata/RHSA-2011-0949.html http://www.redhat.com/support/errata/RHSA-2011-0950.html http://www.redhat.com/support/errata/RHSA-2011-0951.html http://www.redhat.com/support/errata/RHSA-2011-0952.html http:// • CWE-264: Permissions, Privileges, and Access Controls •
CVE-2010-2493
https://notcve.org/view.php?id=CVE-2010-2493
The default configuration of the deployment descriptor (aka web.xml) in picketlink-sts.war in (1) the security_saml quickstart, (2) the webservice_proxy_security quickstart, (3) the web-console application, (4) the http-invoker application, (5) the gpd-deployer application, (6) the jbpm-console application, (7) the contract application, and (8) the uddi-console application in JBoss Enterprise SOA Platform before 5.0.2 contains GET and POST http-method elements, which allows remote attackers to bypass intended access restrictions via a crafted HTTP request. La configuración por defecto del "deployment descriptor" (también conocido como web.xml) de picketlink-sts.war en (1) security_sam1 quickstart, (2) webservice_proxy_security quickstart, (3) web-console application, (4) http-invoker application, (5) gpd-deployer application, (6) jbpm-console application, (7) contract application y (8) uddi-console application en JBoss Enterprise SOA Platform anteriores a v5.0.2 contienen elementos http-metod GET y POST que permiten a atacantes remotos evitar restricciones de acceso intencionadas a través de una petición HTTP manipulada. • http://secunia.com/advisories/40681 http://www.redhat.com/docs/en-US/JBoss_SOA_Platform/5.0.2/html/5.0.2_Release_Notes/index.html https://bugzilla.redhat.com/show_bug.cgi?id=614774 https://jira.jboss.org/browse/SOA-2105 • CWE-16: Configuration •
CVE-2010-2474
https://notcve.org/view.php?id=CVE-2010-2474
JBoss Enterprise Service Bus (ESB) before 4.7 CP02 in JBoss Enterprise SOA Platform before 5.0.2 does not properly consider the security domain with which a service is secured, which might allow remote attackers to gain privileges by executing a service. JBoss Enterprise Service Bus (ESB) anterior a v4.7 CP02 en JBoss Enterprise SOA Platform anterior a v5.0.2 no considera apropiadamente el dominio de seguridad con el que un servicio está garantizado, lo que podría permitir a atacantes remotos ganar privilegios mediante la ejecución de un servicio. • http://secunia.com/advisories/40568 http://secunia.com/advisories/40681 http://www.redhat.com/docs/en-US/JBoss_SOA_Platform/5.0.2/html/5.0.2_Release_Notes/index.html https://bugzilla.redhat.com/show_bug.cgi?id=609442 https://jira.jboss.org/browse/JBESB-3345 • CWE-20: Improper Input Validation •