CVE-2014-3518 – 5: Remote code execution via unauthenticated JMX/RMI connector
https://notcve.org/view.php?id=CVE-2014-3518
jmx-remoting.sar in JBoss Remoting, as used in Red Hat JBoss Enterprise Application Platform (JEAP) 5.2.0, Red Hat JBoss BRMS 5.3.1, Red Hat JBoss Portal Platform 5.2.2, and Red Hat JBoss SOA Platform 5.3.1, does not properly implement the JSR 160 specification, which allows remote attackers to execute arbitrary code via unspecified vectors. jmx-remoting.sar en JBoss Remoting, utilizado en Red Hat JBoss Enterprise Application Platform (JEAP) 5.2.0, Red Hat JBoss BRMS 5.3.1, Red Hat JBoss Portal Platform 5.2.2 y Red Hat JBoss SOA Platform 5.3.1, no implementa debidamente la especificación JSR 160, lo que permite a atacantes remotos ejecutar código arbitrario a través de vectores no especificados. JBoss Application Server 5 and supported Red Hat JBoss 5.x products contain JBoss Remoting, which includes a partial implementation of the JMX remoting specification JSR 160. This implementation is provided in jmx-remoting.sar, which is deployed by default in unsupported community releases of JBoss Application Server 5.x. This implementation does not implement security as defined in JSR 160, and therefore does not apply any authentication or authorization constraints. A remote attacker could use this flaw to potentially execute arbitrary code on a vulnerable server. • http://rhn.redhat.com/errata/RHSA-2014-0887.html https://access.redhat.com/security/cve/CVE-2014-3518 https://bugzilla.redhat.com/show_bug.cgi?id=1112545 https://access.redhat.com/solutions/1120423 • CWE-94: Improper Control of Generation of Code ('Code Injection') CWE-306: Missing Authentication for Critical Function •
CVE-2013-4424 – GateIn: XSS due to improper url escaping
https://notcve.org/view.php?id=CVE-2013-4424
Multiple cross-site scripting (XSS) vulnerabilities in the GateIn Portal component in Red Hat JBoss Portal 6.1.0 allow remote attackers to inject arbitrary web script or HTML via unspecified vectors. Múltiples vulnerabilidades de cross-site scripting (XSS) en el componente GateIn Portal para Red Hat JBoss Portal v6.1.0 permite a atacantes remotos inyectar script web o HTML arbitrario a través de vectores sin especificar. • http://rhn.redhat.com/errata/RHSA-2013-1843.html https://access.redhat.com/security/cve/CVE-2013-4424 https://bugzilla.redhat.com/show_bug.cgi?id=1019052 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVE-2013-2102 – Gatein: JGroups configurations enable diagnostics without authentication
https://notcve.org/view.php?id=CVE-2013-2102
The default configuration of Red Hat JBoss Portal before 6.1.0 enables the JGroups diagnostics service with no authentication when a JGroups channel is started, which allows remote attackers to obtain sensitive information (diagnostics) by accessing the service. La configuración por defecto de Red Hat JBoss Portal anterior a la versión 6.1.0 habilita el servicio de diagnóstico JGroups sin autenticación cuando se inicia un canal JGroups, lo que permite a atacantes remotos obtener información sensible (diagnóstico) accediendo al servicio. • http://rhn.redhat.com/errata/RHSA-2013-1437.html https://bugzilla.redhat.com/show_bug.cgi?id=963984 https://access.redhat.com/security/cve/CVE-2013-2102 • CWE-287: Improper Authentication •
CVE-2013-2186 – commons-fileupload: Arbitrary file upload via deserialization
https://notcve.org/view.php?id=CVE-2013-2186
The DiskFileItem class in Apache Commons FileUpload, as used in Red Hat JBoss BRMS 5.3.1; JBoss Portal 4.3 CP07, 5.2.2, and 6.0.0; and Red Hat JBoss Web Server 1.0.2 allows remote attackers to write to arbitrary files via a NULL byte in a file name in a serialized instance. La clase DiskFileItem en Apache Commons FileUpload, tal como se utiliza en Red Hat JBoss BRMS 5.3.1; JBoss Portal 4.3 CP07, 5.2.2 y 6.0.0; y Red Hat JBoss Web Server 1.0.2 permite a atacantes remotos escribir en archivos arbitrarios a través de un byte NULL en un nombre de archivo en una instancia serializada. • http://lists.opensuse.org/opensuse-security-announce/2013-11/msg00008.html http://lists.opensuse.org/opensuse-updates/2013-10/msg00033.html http://lists.opensuse.org/opensuse-updates/2013-10/msg00050.html http://rhn.redhat.com/errata/RHSA-2013-1428.html http://rhn.redhat.com/errata/RHSA-2013-1429.html http://rhn.redhat.com/errata/RHSA-2013-1430.html http://rhn.redhat.com/errata/RHSA-2013-1442.html http://rhn.redhat.com/errata/RHSA-2013-1448.html http://secunia.com/advis • CWE-20: Improper Input Validation CWE-626: Null Byte Interaction Error (Poison Null Byte) •
CVE-2013-2185 – Tomcat/JBossWeb: Arbitrary file upload via deserialization
https://notcve.org/view.php?id=CVE-2013-2185
The readObject method in the DiskFileItem class in Apache Tomcat and JBoss Web, as used in Red Hat JBoss Enterprise Application Platform 6.1.0 and Red Hat JBoss Portal 6.0.0, allows remote attackers to write to arbitrary files via a NULL byte in a file name in a serialized instance, a similar issue to CVE-2013-2186. NOTE: this issue is reportedly disputed by the Apache Tomcat team, although Red Hat considers it a vulnerability. The dispute appears to regard whether it is the responsibility of applications to avoid providing untrusted data to be deserialized, or whether this class should inherently protect against this issue ** EN DISPUTA ** ** El método readObject en la clase DiskFileItem en Apache Tomcat y JBoss Web, tal como se utiliza en la plataforma Red Hat JBoss Enterprise Application 6.1.0 y Red Hat JBoss Portal 6.0.0, permite a atacantes remotos para escribir en archivos arbitrarios a través de un byte NULL en un nombre de archivo en una instancia serializada, un problema similar a CVE-2013-2.186. NOTA: se ha informado que este problema es disputado por el equipo de Apache Tomcat, aunque Red Hat lo considera una vulnerabilidad. La disputa parece considerar si se trata de la responsabilidad de las aplicaciones para evitar que los datos no confiables para ser deserializados, o si esta clase debe proteger inherentemente contra este tema. • http://openwall.com/lists/oss-security/2014/10/24/12 http://rhn.redhat.com/errata/RHSA-2013-1193.html http://rhn.redhat.com/errata/RHSA-2013-1194.html http://rhn.redhat.com/errata/RHSA-2013-1265.html http://www.openwall.com/lists/oss-security/2013/09/05/4 https://access.redhat.com/security/cve/CVE-2013-2185 https://bugzilla.redhat.com/show_bug.cgi?id=974813 • CWE-20: Improper Input Validation CWE-626: Null Byte Interaction Error (Poison Null Byte) •