CVSS: 5.5EPSS: 0%CPEs: 17EXPL: 0CVE-2013-2133 – WS: EJB3 role restrictions are not applied to jaxws handlers
https://notcve.org/view.php?id=CVE-2013-2133
The EJB invocation handler implementation in Red Hat JBossWS, as used in JBoss Enterprise Application Platform (EAP) before 6.2.0, does not properly enforce the method level restrictions for JAX-WS Service endpoints, which allows remote authenticated users to access otherwise restricted JAX-WS handlers by leveraging permissions to the EJB class. La implementación del manejador de invocación EJB en Red Hat JBossWS, como se utiliza en JBoss Enterprise Application Platform (EAP) anteriores a 6.2.0, no hace cumplir correctamente las restricciones de nivel de método para JAX-WS Service endpoints, lo cual permite a usuarios autenticados remotamente acceder a manejadores, de otra manera restringidos, mediante el aprovechamiento de permisos de la clase EJB. A flaw was found in the way method-level authorization for JAX-WS Service endpoints was performed by the EJB invocation handler implementation. Any restrictions declared on EJB methods were ignored when executing the JAX-WS handlers, and only class-level restrictions were applied. A remote attacker who is authorized to access the EJB class, could invoke a JAX-WS handler which they were not authorized to invoke. • http://rhn.redhat.com/errata/RHSA-2013-1784.html http://rhn.redhat.com/errata/RHSA-2013-1785.html http://rhn.redhat.com/errata/RHSA-2013-1786.html http://rhn.redhat.com/errata/RHSA-2015-0850.html http://rhn.redhat.com/errata/RHSA-2015-0851.html http://www.securitytracker.com/id/1029431 https://access.redhat.com/security/cve/CVE-2013-2133 https://bugzilla.redhat.com/show_bug.cgi?id=969924 • CWE-264: Permissions, Privileges, and Access Controls CWE-862: Missing Authorization •
CVSS: 1.9EPSS: 0%CPEs: 13EXPL: 0CVE-2013-1921 – PicketBox: Insecure storage of masked passwords
https://notcve.org/view.php?id=CVE-2013-1921
PicketBox, as used in Red Hat JBoss Enterprise Application Platform before 6.1.1, allows local users to obtain the admin encryption key by reading the Vault data file. PicketBox, utilizado en Red Hat JBoss Enterprise Application Platform anteriores a 6.1.1, permite a un usuario local obtener la clave de cifrado de administrador leyendo el archivo de datos Vault. • http://rhn.redhat.com/errata/RHSA-2013-1207.html http://rhn.redhat.com/errata/RHSA-2013-1208.html http://rhn.redhat.com/errata/RHSA-2013-1209.html http://rhn.redhat.com/errata/RHSA-2013-1437.html http://rhn.redhat.com/errata/RHSA-2014-0029.html https://bugzilla.redhat.com/show_bug.cgi?id=948106 https://access.redhat.com/security/cve/CVE-2013-1921 • CWE-310: Cryptographic Issues •
CVSS: 7.5EPSS: 10%CPEs: 99EXPL: 1CVE-2013-2165 – RichFaces: Remote code execution due to insecure deserialization
https://notcve.org/view.php?id=CVE-2013-2165
ResourceBuilderImpl.java in the RichFaces 3.x through 5.x implementation in Red Hat JBoss Web Framework Kit before 2.3.0, Red Hat JBoss Web Platform through 5.2.0, Red Hat JBoss Enterprise Application Platform through 4.3.0 CP10 and 5.x through 5.2.0, Red Hat JBoss BRMS through 5.3.1, Red Hat JBoss SOA Platform through 4.3.0 CP05 and 5.x through 5.3.1, Red Hat JBoss Portal through 4.3 CP07 and 5.x through 5.2.2, and Red Hat JBoss Operations Network through 2.4.2 and 3.x through 3.1.2 does not restrict the classes for which deserialization methods can be called, which allows remote attackers to execute arbitrary code via crafted serialized data. ResourceBuilderImpl.java en la implementación de RichFaces 3.x a 5.x en la implementación de Red Hat JBoss Web Framework Kit anterior a 2.3.0, Red Hat JBoss Web Platform a 5.2.0, Red Hat JBoss Enterprise Application Platform a 4.3.0 CP10 y 5.x a la 5.2.0, Red Hat JBoss BRMS hasta la 5.3.1, Red Hat JBoss SOA Platform hasta la 4.3.0 CP05 y 5.x hasta la 5.3.1, Red Hat JBoss Portal hasta la 4.3 CP07 y 5.x hasta 5.2.2, y Red Hat JBoss Operations Network hasta 2.4.2 y 3.x hasta la 3.1.2, no restringe las clases para la deserialización de los métodos que pueden ser invocados, lo que permite a atacantes remotos ejecutar código arbitrario a través de datos serializados. • https://github.com/Pastea/CVE-2013-2165 http://jvn.jp/en/jp/JVN38787103/index.html http://jvndb.jvn.jp/jvndb/JVNDB-2013-000072 http://packetstormsecurity.com/files/156663/Richsploit-RichFaces-Exploitation-Toolkit.html http://rhn.redhat.com/errata/RHSA-2013-1041.html http://rhn.redhat.com/errata/RHSA-2013-1042.html http://rhn.redhat.com/errata/RHSA-2013-1043.html http://rhn.redhat.com/errata/RHSA-2013-1044.html http://rhn.redhat.com/errata/RHSA-2013-1045.html http:/ • CWE-264: Permissions, Privileges, and Access Controls CWE-502: Deserialization of Untrusted Data •
CVSS: 3.7EPSS: 0%CPEs: 21EXPL: 0CVE-2012-4572 – JBoss: custom authorization module implementations shared between applications
https://notcve.org/view.php?id=CVE-2012-4572
Red Hat JBoss Enterprise Application Platform (EAP) before 6.1.0 and JBoss Portal before 6.1.0 does not load the implementation of a custom authorization module for a new application when an implementation is already loaded and the modules share class names, which allows local users to control certain applications' authorization decisions via a crafted application. Red Hat JBoss Enterprise Application Platform (EAP) antes de 6.1.0 y JBoss Portal anteriores a 6.1.0 no carga la implementación de un módulo de autorización personalizado para una nueva aplicación cuando una aplicación está ya cargada y los módulos comparten los nombres de clase, lo que permite a usuarios locales controlar las decisiones de autorización ciertas aplicaciones a través de una aplicación manipulada. • http://rhn.redhat.com/errata/RHSA-2013-0833.html http://rhn.redhat.com/errata/RHSA-2013-0834.html http://rhn.redhat.com/errata/RHSA-2013-1437.html https://access.redhat.com/security/cve/CVE-2012-4572 https://bugzilla.redhat.com/show_bug.cgi?id=872059 • CWE-264: Permissions, Privileges, and Access Controls •
CVSS: 7.8EPSS: 0%CPEs: 12EXPL: 0CVE-2011-2487 – jbossws: Prone to Bleichenbacher attack against to be distributed symmetric key
https://notcve.org/view.php?id=CVE-2011-2487
The implementations of PKCS#1 v1.5 key transport mechanism for XMLEncryption in JBossWS and Apache WSS4J before 1.6.5 is susceptible to a Bleichenbacher attack. Las implementaciones del mecanismo de transporte de claves PKCS#1 versión v1.5 para XMLEncryption en JBossWS y Apache WSS4J versiones anteriores a 1.6.5, son susceptibles a un ataque de tipo Bleichenbacher A flaw was found in JBoss web services where the services used a weak symmetric encryption protocol, PKCS#1 v1.5. An attacker could use this weakness in chosen-ciphertext attacks to recover the symmetric key and conduct further attacks. • http://cxf.apache.org/note-on-cve-2011-2487.html http://rhn.redhat.com/errata/RHSA-2013-0191.html http://rhn.redhat.com/errata/RHSA-2013-0192.html http://rhn.redhat.com/errata/RHSA-2013-0193.html http://rhn.redhat.com/errata/RHSA-2013-0194.html http://rhn.redhat.com/errata/RHSA-2013-0195.html http://rhn.redhat.com/errata/RHSA-2013-0196.html http://rhn.redhat.com/errata/RHSA-2013-0198.html http://rhn.redhat.com/errata/RHSA-2013-0221.html http://www • CWE-327: Use of a Broken or Risky Cryptographic Algorithm •