CVSS: 7.5EPSS: 1%CPEs: 4EXPL: 0CVE-2014-3518 – 5: Remote code execution via unauthenticated JMX/RMI connector
https://notcve.org/view.php?id=CVE-2014-3518
jmx-remoting.sar in JBoss Remoting, as used in Red Hat JBoss Enterprise Application Platform (JEAP) 5.2.0, Red Hat JBoss BRMS 5.3.1, Red Hat JBoss Portal Platform 5.2.2, and Red Hat JBoss SOA Platform 5.3.1, does not properly implement the JSR 160 specification, which allows remote attackers to execute arbitrary code via unspecified vectors. jmx-remoting.sar en JBoss Remoting, utilizado en Red Hat JBoss Enterprise Application Platform (JEAP) 5.2.0, Red Hat JBoss BRMS 5.3.1, Red Hat JBoss Portal Platform 5.2.2 y Red Hat JBoss SOA Platform 5.3.1, no implementa debidamente la especificación JSR 160, lo que permite a atacantes remotos ejecutar código arbitrario a través de vectores no especificados. JBoss Application Server 5 and supported Red Hat JBoss 5.x products contain JBoss Remoting, which includes a partial implementation of the JMX remoting specification JSR 160. This implementation is provided in jmx-remoting.sar, which is deployed by default in unsupported community releases of JBoss Application Server 5.x. This implementation does not implement security as defined in JSR 160, and therefore does not apply any authentication or authorization constraints. A remote attacker could use this flaw to potentially execute arbitrary code on a vulnerable server. • http://rhn.redhat.com/errata/RHSA-2014-0887.html https://access.redhat.com/security/cve/CVE-2014-3518 https://bugzilla.redhat.com/show_bug.cgi?id=1112545 https://access.redhat.com/solutions/1120423 • CWE-94: Improper Control of Generation of Code ('Code Injection') CWE-306: Missing Authentication for Critical Function •
CVSS: 7.5EPSS: 95%CPEs: 18EXPL: 4CVE-2014-0226 – Apache httpd mod_status Heap Buffer Overflow Remote Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2014-0226
Race condition in the mod_status module in the Apache HTTP Server before 2.4.10 allows remote attackers to cause a denial of service (heap-based buffer overflow), or possibly obtain sensitive credential information or execute arbitrary code, via a crafted request that triggers improper scoreboard handling within the status_handler function in modules/generators/mod_status.c and the lua_ap_scoreboard_worker function in modules/lua/lua_request.c. Condición de carrera en el módulo mod_status en Apache HTTP Server anterior a 2.4.10 permite a atacantes remotos causar una denegación de servicio (desbordamiento de buffer basado en memoria dinámica), o posiblemente obtener información sensible de credenciales o ejecutar código arbitrario, a través de una solicitud manipulada que provoca el manejo indebido de la tabla de clasificación (scoreboard) dentro de la función status_handler en modules/generators/mod_status.c y la función lua_ap_scoreboard_worker en modules/lua/lua_request.c. A race condition flaw, leading to heap-based buffer overflows, was found in the mod_status httpd module. A remote attacker able to access a status page served by mod_status on a server using a threaded Multi-Processing Module (MPM) could send a specially crafted request that would cause the httpd child process to crash or, possibly, allow the attacker to execute arbitrary code with the privileges of the "apache" user. This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Apache HTTPD server. • https://www.exploit-db.com/exploits/34133 https://github.com/shreesh1/CVE-2014-0226-poc http://advisories.mageia.org/MGASA-2014-0304.html http://advisories.mageia.org/MGASA-2014-0305.html http://httpd.apache.org/security/vulnerabilities_24.html http://lists.apple.com/archives/security-announce/2015/Apr/msg00001.html http://marc.info/?l=bugtraq&m=143403519711434&w=2 http://marc.info/?l=bugtraq&m=143748090628601&w=2 http://marc.info/?l=bugtraq&m=144050155601375&w=2 http&# • CWE-122: Heap-based Buffer Overflow CWE-362: Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition') •
CVSS: 7.5EPSS: 0%CPEs: 2EXPL: 0CVE-2014-3530 – PicketLink: XXE via insecure DocumentBuilderFactory usage
https://notcve.org/view.php?id=CVE-2014-3530
The org.picketlink.common.util.DocumentUtil.getDocumentBuilderFactory method in PicketLink, as used in Red Hat JBoss Enterprise Application Platform (JBEAP) 5.2.0 and 6.2.4, expands entity references, which allows remote attackers to read arbitrary code and possibly have other unspecified impact via unspecified vectors, related to an XML External Entity (XXE) issue. El método org.picketlink.common.util.DocumentUtil.getDocumentBuilderFactory en PicketLink, utilizado en Red Hat JBoss Enterprise Application Platform (JBEAP) 5.2.0 y 6.2.4, expande referencias de entidad, lo que permite a atacantes remotos leer código arbitrario y posiblemente tener otro impacto no especificado a través de vectores no especificados, relacionado con un problema de entidad externa XML (XXE). It was found that the implementation of the org.picketlink.common.util.DocumentUtil.getDocumentBuilderFactory() method provided a DocumentBuilderFactory that would expand entity references. A remote, unauthenticated attacker could use this flaw to read files accessible to the user running the application server, and potentially perform other more advanced XXE attacks. • http://rhn.redhat.com/errata/RHSA-2014-0883.html http://rhn.redhat.com/errata/RHSA-2014-0884.html http://rhn.redhat.com/errata/RHSA-2014-0885.html http://rhn.redhat.com/errata/RHSA-2014-0886.html http://rhn.redhat.com/errata/RHSA-2015-0091.html http://rhn.redhat.com/errata/RHSA-2015-0675.html http://rhn.redhat.com/errata/RHSA-2015-0720.html http://rhn.redhat.com/errata/RHSA-2015-0765.html http://rhn.redhat.com/errata/RHSA-2015-1888.html http://secuni • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor CWE-611: Improper Restriction of XML External Entity Reference •
CVSS: 4.3EPSS: 0%CPEs: 23EXPL: 0CVE-2014-0034 – CXF: The SecurityTokenService accepts certain invalid SAML Tokens as valid
https://notcve.org/view.php?id=CVE-2014-0034
The SecurityTokenService (STS) in Apache CXF before 2.6.12 and 2.7.x before 2.7.9 does not properly validate SAML tokens when caching is enabled, which allows remote attackers to gain access via an invalid SAML token. SecurityTokenService (STS) en Apache CXF anterior a 2.6.12 y 2.7.x anterior a 2.7.9 no valida debidamente los tokens SAML cuando el cacheo está habilitado, lo que permite a atacantes remotos ganar acceso a través de un token SAML inválido. It was found that the SecurityTokenService (STS), provided as a part of Apache CXF, could under certain circumstances accept invalid SAML tokens as valid. A remote attacker could use a specially crafted SAML token to gain access to an application that uses STS for validation of SAML tokens. • http://cxf.apache.org/security-advisories.data/CVE-2014-0034.txt.asc http://rhn.redhat.com/errata/RHSA-2014-0797.html http://rhn.redhat.com/errata/RHSA-2014-0798.html http://rhn.redhat.com/errata/RHSA-2014-0799.html http://rhn.redhat.com/errata/RHSA-2014-1351.html http://rhn.redhat.com/errata/RHSA-2015-0850.html http://rhn.redhat.com/errata/RHSA-2015-0851.html http://svn.apache.org/viewvc?view=revision&revision=1551228 http://www.securityfocus.com/bid/68441 https&# • CWE-20: Improper Input Validation CWE-345: Insufficient Verification of Data Authenticity •
CVSS: 4.3EPSS: 0%CPEs: 25EXPL: 0CVE-2014-0035 – CXF: UsernameTokens are sent in plaintext with a Symmetric EncryptBeforeSigning policy
https://notcve.org/view.php?id=CVE-2014-0035
The SymmetricBinding in Apache CXF before 2.6.13 and 2.7.x before 2.7.10, when EncryptBeforeSigning is enabled and the UsernameToken policy is set to an EncryptedSupportingToken, transmits the UsernameToken in cleartext, which allows remote attackers to obtain sensitive information by sniffing the network. SymmetricBinding en Apache CXF anterior a 2.6.13 y 2.7.x anterior a 2.7.10, cuando EncryptBeforeSigning está habilitado y la política UsernameToken está configurada en un EncryptedSupportingToken, transmite el UsernameToken en texto claro, lo que permite a atacantes remotos obtener información sensible mediante la captura de trafico de la red. It was discovered that UsernameTokens were sent in plain text by an Apache CXF client that used a Symmetric EncryptBeforeSigning password policy. A man-in-the-middle attacker could use this flaw to obtain the user name and password used by the client application using Apache CXF. • http://cxf.apache.org/security-advisories.data/CVE-2014-0035.txt.asc http://rhn.redhat.com/errata/RHSA-2014-0797.html http://rhn.redhat.com/errata/RHSA-2014-0798.html http://rhn.redhat.com/errata/RHSA-2014-0799.html http://rhn.redhat.com/errata/RHSA-2014-1351.html http://rhn.redhat.com/errata/RHSA-2015-0850.html http://rhn.redhat.com/errata/RHSA-2015-0851.html http://svn.apache.org/viewvc?view=revision&revision=1564724 https://lists.apache.org/thread.html/r36e44ffc • CWE-310: Cryptographic Issues CWE-522: Insufficiently Protected Credentials •