Page 2 of 11 results (0.018 seconds)

CVSS: 5.0EPSS: 1%CPEs: 6EXPL: 0

The org.jboss.remoting.transport.socket.ServerThread class in Red Hat JBoss Remoting for Red Hat JBoss SOA Platform 5.3.1 GA, Web Platform 5.2.0, Enterprise Application Platform 5.2.0, and other products allows remote attackers to cause a denial of service (file descriptor consumption) via unspecified vectors. La clase org.jboss.remoting.transport.socket.ServerThread en Red Hat JBoss Remoting para Red Hat JBoss SOA Platform 5.3.1 GA, Web Platform 5.2.0, Enterprise Application Platform 5.2.0, y otros productos, permite a atacantes remotos causar denegación de servicio (consumo de descriptores de fichero) a través de vectores no especificados. • http://rhn.redhat.com/errata/RHSA-2013-1369.html http://rhn.redhat.com/errata/RHSA-2013-1370.html http://rhn.redhat.com/errata/RHSA-2013-1371.html http://rhn.redhat.com/errata/RHSA-2013-1372.html http://rhn.redhat.com/errata/RHSA-2013-1373.html http://rhn.redhat.com/errata/RHSA-2013-1374.html http://rhn.redhat.com/errata/RHSA-2013-1448.html https://access.redhat.com/security/cve/CVE-2013-4210 https://bugzilla.redhat.com/show_bug.cgi?id=994321 •

CVSS: 7.5EPSS: 10%CPEs: 99EXPL: 1

ResourceBuilderImpl.java in the RichFaces 3.x through 5.x implementation in Red Hat JBoss Web Framework Kit before 2.3.0, Red Hat JBoss Web Platform through 5.2.0, Red Hat JBoss Enterprise Application Platform through 4.3.0 CP10 and 5.x through 5.2.0, Red Hat JBoss BRMS through 5.3.1, Red Hat JBoss SOA Platform through 4.3.0 CP05 and 5.x through 5.3.1, Red Hat JBoss Portal through 4.3 CP07 and 5.x through 5.2.2, and Red Hat JBoss Operations Network through 2.4.2 and 3.x through 3.1.2 does not restrict the classes for which deserialization methods can be called, which allows remote attackers to execute arbitrary code via crafted serialized data. ResourceBuilderImpl.java en la implementación de RichFaces 3.x a 5.x en la implementación de Red Hat JBoss Web Framework Kit anterior a 2.3.0, Red Hat JBoss Web Platform a 5.2.0, Red Hat JBoss Enterprise Application Platform a 4.3.0 CP10 y 5.x a la 5.2.0, Red Hat JBoss BRMS hasta la 5.3.1, Red Hat JBoss SOA Platform hasta la 4.3.0 CP05 y 5.x hasta la 5.3.1, Red Hat JBoss Portal hasta la 4.3 CP07 y 5.x hasta 5.2.2, y Red Hat JBoss Operations Network hasta 2.4.2 y 3.x hasta la 3.1.2, no restringe las clases para la deserialización de los métodos que pueden ser invocados, lo que permite a atacantes remotos ejecutar código arbitrario a través de datos serializados. • https://github.com/Pastea/CVE-2013-2165 http://jvn.jp/en/jp/JVN38787103/index.html http://jvndb.jvn.jp/jvndb/JVNDB-2013-000072 http://packetstormsecurity.com/files/156663/Richsploit-RichFaces-Exploitation-Toolkit.html http://rhn.redhat.com/errata/RHSA-2013-1041.html http://rhn.redhat.com/errata/RHSA-2013-1042.html http://rhn.redhat.com/errata/RHSA-2013-1043.html http://rhn.redhat.com/errata/RHSA-2013-1044.html http://rhn.redhat.com/errata/RHSA-2013-1045.html http:/ • CWE-264: Permissions, Privileges, and Access Controls CWE-502: Deserialization of Untrusted Data •

CVSS: 7.8EPSS: 0%CPEs: 26EXPL: 1

Apache CXF 2.5.x before 2.5.10, 2.6.x before CXF 2.6.7, and 2.7.x before CXF 2.7.4 does not verify that a specified cryptographic algorithm is allowed by the WS-SecurityPolicy AlgorithmSuite definition before decrypting, which allows remote attackers to force CXF to use weaker cryptographic algorithms than intended and makes it easier to decrypt communications, aka "XML Encryption backwards compatibility attack." Apache CXF en versiones 2.5.x anteriores a la 2.5.10, 2.6.x anteriores a CXF 2.6.7 y 2.7.x anteriores a CXF 2.7.4 no verifica que un algoritmo criptográfico específico esté permitido por la definición de WS-SecurityPolicy AlgorithmSuite antes del descifrado, lo que permite a los atacantes remotos forzar a CXF a usar algoritmos criptográficos más débiles que los previstos y facilita el descifrado de las comunicaciones. Esto también se conoce como "XML Encryption backwards compatibility attack". • https://github.com/tafamace/CVE-2012-5575 http://cxf.apache.org/cve-2012-5575.html http://rhn.redhat.com/errata/RHSA-2013-0833.html http://rhn.redhat.com/errata/RHSA-2013-0834.html http://rhn.redhat.com/errata/RHSA-2013-0839.html http://rhn.redhat.com/errata/RHSA-2013-0873.html http://rhn.redhat.com/errata/RHSA-2013-0874.html http://rhn.redhat.com/errata/RHSA-2013-0875.html http://rhn.redhat.com/errata/RHSA-2013-0876.html http://rhn.redhat.com/errata • CWE-310: Cryptographic Issues CWE-327: Use of a Broken or Risky Cryptographic Algorithm •

CVSS: 7.8EPSS: 0%CPEs: 12EXPL: 0

The implementations of PKCS#1 v1.5 key transport mechanism for XMLEncryption in JBossWS and Apache WSS4J before 1.6.5 is susceptible to a Bleichenbacher attack. Las implementaciones del mecanismo de transporte de claves PKCS#1 versión v1.5 para XMLEncryption en JBossWS y Apache WSS4J versiones anteriores a 1.6.5, son susceptibles a un ataque de tipo Bleichenbacher A flaw was found in JBoss web services where the services used a weak symmetric encryption protocol, PKCS#1 v1.5. An attacker could use this weakness in chosen-ciphertext attacks to recover the symmetric key and conduct further attacks. • http://cxf.apache.org/note-on-cve-2011-2487.html http://rhn.redhat.com/errata/RHSA-2013-0191.html http://rhn.redhat.com/errata/RHSA-2013-0192.html http://rhn.redhat.com/errata/RHSA-2013-0193.html http://rhn.redhat.com/errata/RHSA-2013-0194.html http://rhn.redhat.com/errata/RHSA-2013-0195.html http://rhn.redhat.com/errata/RHSA-2013-0196.html http://rhn.redhat.com/errata/RHSA-2013-0198.html http://rhn.redhat.com/errata/RHSA-2013-0221.html http://www • CWE-327: Use of a Broken or Risky Cryptographic Algorithm •

CVSS: 4.6EPSS: 0%CPEs: 13EXPL: 0

The JBoss Server in JBoss Enterprise Application Platform 5.1.x before 5.1.2 and 5.2.x before 5.2.2, Web Platform before 5.1.2, BRMS Platform before 5.3.0, and SOA Platform before 5.3.0, when the server is configured to use the JaccAuthorizationRealm and the ignoreBaseDecision property is set to true on the JBossWebRealm, does not properly check the permissions created by the WebPermissionMapping class, which allows remote authenticated users to access arbitrary applications. El JBoss Server en JBoss Enterprise Application Platform v5.1.x anterior a v5.1.2 y v5.2.x anterior a v5.2.2, Web Platform anterior a v5.1.2, BRMS Platform anterior a v5.3.0, y SOA Platform anterior a v5.3.0, cuando el servidor está configurado para utilizar el JaccAuthorizationRealm y la propiedad ignoreBaseDecision se establece en true en el JBossWebRealm, no comprueba correctamente los permisos creados por la clase WebPermissionMapping, permitiendo a usuarios remotos autenticados acceder a aplicaciones arbitrarias. • http://rhn.redhat.com/errata/RHSA-2012-1013.html http://rhn.redhat.com/errata/RHSA-2012-1014.html http://rhn.redhat.com/errata/RHSA-2012-1026.html http://rhn.redhat.com/errata/RHSA-2012-1027.html http://rhn.redhat.com/errata/RHSA-2012-1028.html http://rhn.redhat.com/errata/RHSA-2012-1125.html http://rhn.redhat.com/errata/RHSA-2012-1232.html http://secunia.com/advisories/49635 http://secunia.com/advisories/49658 http://secunia.com/advisories/50549 http:/&# • CWE-264: Permissions, Privileges, and Access Controls •