
CVE-2017-2582 – keycloak: SAML request parser replaces special strings with system properties
https://notcve.org/view.php?id=CVE-2017-2582
26 Sep 2017 — It was found that while parsing the SAML messages the StaxParserUtil class of keycloak before 2.5.1 replaces special strings for obtaining attribute values with system property. This could allow an attacker to determine values of system properties at the attacked system by formatting the SAML request ID field to be the chosen system property which could be obtained in the "InResponseTo" field in the response. Se ha descubierto que cuando se analizan los mensajes SAML, la clase StaxParserUtil de keycloak en ... • http://www.securityfocus.com/bid/101046 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor CWE-201: Insertion of Sensitive Information Into Sent Data •

CVE-2017-2595 – wildfly: Arbitrary file read via path traversal
https://notcve.org/view.php?id=CVE-2017-2595
07 Jun 2017 — It was found that the log file viewer in Red Hat JBoss Enterprise Application 6 and 7 allows arbitrary file read to authenticated user via path traversal. Se ha encontrado que el visor de archivos de log en Red Hat JBoss Enterprise Application 6 y 7 permite que un archivo arbitrario sea leído por el usuario autenticado a través de un salto de directorio. Red Hat JBoss Enterprise Application Platform is a platform for Java applications based on the JBoss Application Server. This release of Red Hat JBoss Ente... • http://rhn.redhat.com/errata/RHSA-2017-1409.html • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •

CVE-2017-2666 – undertow: HTTP Request smuggling vulnerability due to permitting invalid characters in HTTP requests
https://notcve.org/view.php?id=CVE-2017-2666
07 Jun 2017 — It was discovered in Undertow that the code that parsed the HTTP request line permitted invalid characters. This could be exploited, in conjunction with a proxy that also permitted the invalid characters but with a different interpretation, to inject data into the HTTP response. By manipulating the HTTP response the attacker could poison a web-cache, perform an XSS attack, or obtain sensitive information from requests other than their own. Se ha descubierto en Undertow que el código que analizaba la línea d... • https://github.com/tafamace/CVE-2017-2666 • CWE-444: Inconsistent Interpretation of HTTP Requests ('HTTP Request/Response Smuggling') •

CVE-2017-2670 – undertow: IO thread DoS via unclean Websocket closing
https://notcve.org/view.php?id=CVE-2017-2670
07 Jun 2017 — It was found in Undertow before 1.3.28 that with non-clean TCP close, the Websocket server gets into infinite loop on every IO thread, effectively causing DoS. Se ha encontrado en Undertow en versiones anteriores a la 1.3.28 que con el cierre no seguro de TCP, el servidor Websocket entra en bucle infinito en cada hilo IO, provocando efectivamente una denegación de servicio (DoS). It was found that with non-clean TCP close, Websocket server gets into infinite loop on every IO thread, effectively causing DoS.... • http://rhn.redhat.com/errata/RHSA-2017-1409.html • CWE-835: Loop with Unreachable Exit Condition ('Infinite Loop') •

CVE-2016-8656 – jboss: jbossas: unsafe chown of server.log in jboss init script allows privilege escalation
https://notcve.org/view.php?id=CVE-2016-8656
03 Feb 2017 — Jboss jbossas before versions 5.2.0-23, 6.4.13, 7.0.5 is vulnerable to an unsafe file handling in the jboss init script which could result in local privilege escalation. Jboss jbossas en versiones anteriores a la 5.2.0-23, 6.4.13 y 7.0.5 es vulnerable a una gestión insegura de archivos en el script init de jboss, lo que podría resultar en un escalado de privilegios local. It was discovered that the jboss init script performed unsafe file handling which could result in local privilege escalation. Red Hat JBo... • http://rhn.redhat.com/errata/RHSA-2017-0244.html • CWE-264: Permissions, Privileges, and Access Controls CWE-284: Improper Access Control •

CVE-2016-8627 – admin-cli: Potential EAP resource starvation DOS attack via GET requests for server log files
https://notcve.org/view.php?id=CVE-2016-8627
19 Jan 2017 — admin-cli before versions 3.0.0.alpha25, 2.2.1.cr2 is vulnerable to an EAP feature to download server log files that allows logs to be available via GET requests making them vulnerable to cross-origin attacks. An attacker could trigger the user's browser to request the log files consuming enough resources that normal server functioning could be impaired. admin-cli, en versiones anteriores a la 3.0.0.alpha25 y 2.2.1.cr2, es vulnerable a que una característica EAP descargue archivos de registro del servidor, ... • http://rhn.redhat.com/errata/RHSA-2017-0170.html • CWE-400: Uncontrolled Resource Consumption •

CVE-2016-4978 – Artemis: Deserialization of untrusted input vulnerability
https://notcve.org/view.php?id=CVE-2016-4978
27 Sep 2016 — The getObject method of the javax.jms.ObjectMessage class in the (1) JMS Core client, (2) Artemis broker, and (3) Artemis REST component in Apache ActiveMQ Artemis before 1.4.0 might allow remote authenticated users with permission to send messages to the Artemis broker to deserialize arbitrary objects and execute arbitrary code by leveraging gadget classes being present on the Artemis classpath. El método getObject de la clase javax.jms.ObjectMessage en el (1) cliente JMS Core, (2) broker Artemis y (3) com... • http://mail-archives.apache.org/mod_mbox/activemq-users/201609.mbox/%3CCAH6wpnqzeNtpykT7emtDU1-GV7AvjFP5-YroWcCC4UZyQEFvtA%40mail.gmail.com%3E • CWE-502: Deserialization of Untrusted Data •