CVSS: 9.0EPSS: 0%CPEs: 1EXPL: 0CVE-2015-0297 – RHQ: ServerInvokerServlet remote code exec
https://notcve.org/view.php?id=CVE-2015-0297
Red Hat JBoss Operations Network 3.3.1 does not properly restrict access to certain APIs, which allows remote attackers to execute arbitrary Java methods via the (1) ServerInvokerServlet or (2) SchedulerService or (3) cause a denial of service (disk consumption) via the ContentManager. Red Hat JBoss Operations Network 3.3.1 no restringe adecuadamente el acceso a ciertas APIs, lo que permite a atacantes remotos ejecutar métodos Java arbitrarios a través de (1) ServerInvokerServlet o (2) SchedulerService o (3) causar una denegación de servicio (consumo de disco) a través de ContentManager. It was discovered that the JBoss Operations Network server did not correctly restrict access to certain remote APIs. A remote, unauthenticated attacker could use this flaw to execute arbitrary Java methods via ServerInvokerServlet or SchedulerService, and possibly exhaust all available disk space via ContentManager. • http://rhn.redhat.com/errata/RHSA-2015-0862.html http://www.securitytracker.com/id/1032181 https://access.redhat.com/security/cve/CVE-2015-0297 https://bugzilla.redhat.com/show_bug.cgi?id=1198008 • CWE-284: Improper Access Control CWE-306: Missing Authentication for Critical Function •
CVSS: 4.9EPSS: 0%CPEs: 2EXPL: 0CVE-2014-7853 – Subsystem: Information disclosure via incorrect sensitivity classification of attribute
https://notcve.org/view.php?id=CVE-2014-7853
The JBoss Application Server (WildFly) JacORB subsystem in Red Hat JBoss Enterprise Application Platform (EAP) before 6.3.3 does not properly assign socket-binding-ref sensitivity classification to the security-domain attribute, which allows remote authenticated users to obtain sensitive information by leveraging access to the security-domain attribute. El subsistema JBoss Application Server (WildFly) JacORB en Red Hat JBoss Enterprise Application Platform (EAP) anterior a 6.3.3 no asigna correctamente la configuración de la sensibilidad de las referencias a vinculaciones de sockets al atributo del dominio de seguridad, lo que permite a usuarios remotos autenticados obtener información sensible mediante el aprovechamiento del acceso al atributo del dominio de seguridad. It was discovered that the JBoss Application Server (WildFly) JacORB subsystem incorrectly assigned socket-binding-ref sensitivity classification for the security-domain attribute. An authenticated user with a role that has access to attributes with socket-binding-ref and not security-domain-ref sensitivity classification could use this flaw to access sensitive information present in the security-domain attribute. • http://rhn.redhat.com/errata/RHSA-2015-0215.html http://rhn.redhat.com/errata/RHSA-2015-0216.html http://rhn.redhat.com/errata/RHSA-2015-0217.html http://rhn.redhat.com/errata/RHSA-2015-0218.html http://rhn.redhat.com/errata/RHSA-2015-0920.html http://www.securitytracker.com/id/1031741 https://exchange.xforce.ibmcloud.com/vulnerabilities/100891 https://access.redhat.com/security/cve/CVE-2014-7853 https://bugzilla.redhat.com/show_bug.cgi?id=1165522 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 7.5EPSS: 10%CPEs: 99EXPL: 1CVE-2013-2165 – RichFaces: Remote code execution due to insecure deserialization
https://notcve.org/view.php?id=CVE-2013-2165
ResourceBuilderImpl.java in the RichFaces 3.x through 5.x implementation in Red Hat JBoss Web Framework Kit before 2.3.0, Red Hat JBoss Web Platform through 5.2.0, Red Hat JBoss Enterprise Application Platform through 4.3.0 CP10 and 5.x through 5.2.0, Red Hat JBoss BRMS through 5.3.1, Red Hat JBoss SOA Platform through 4.3.0 CP05 and 5.x through 5.3.1, Red Hat JBoss Portal through 4.3 CP07 and 5.x through 5.2.2, and Red Hat JBoss Operations Network through 2.4.2 and 3.x through 3.1.2 does not restrict the classes for which deserialization methods can be called, which allows remote attackers to execute arbitrary code via crafted serialized data. ResourceBuilderImpl.java en la implementación de RichFaces 3.x a 5.x en la implementación de Red Hat JBoss Web Framework Kit anterior a 2.3.0, Red Hat JBoss Web Platform a 5.2.0, Red Hat JBoss Enterprise Application Platform a 4.3.0 CP10 y 5.x a la 5.2.0, Red Hat JBoss BRMS hasta la 5.3.1, Red Hat JBoss SOA Platform hasta la 4.3.0 CP05 y 5.x hasta la 5.3.1, Red Hat JBoss Portal hasta la 4.3 CP07 y 5.x hasta 5.2.2, y Red Hat JBoss Operations Network hasta 2.4.2 y 3.x hasta la 3.1.2, no restringe las clases para la deserialización de los métodos que pueden ser invocados, lo que permite a atacantes remotos ejecutar código arbitrario a través de datos serializados. • https://github.com/Pastea/CVE-2013-2165 http://jvn.jp/en/jp/JVN38787103/index.html http://jvndb.jvn.jp/jvndb/JVNDB-2013-000072 http://packetstormsecurity.com/files/156663/Richsploit-RichFaces-Exploitation-Toolkit.html http://rhn.redhat.com/errata/RHSA-2013-1041.html http://rhn.redhat.com/errata/RHSA-2013-1042.html http://rhn.redhat.com/errata/RHSA-2013-1043.html http://rhn.redhat.com/errata/RHSA-2013-1044.html http://rhn.redhat.com/errata/RHSA-2013-1045.html http:/ • CWE-264: Permissions, Privileges, and Access Controls CWE-502: Deserialization of Untrusted Data •