CVE-2013-1921 – PicketBox: Insecure storage of masked passwords
https://notcve.org/view.php?id=CVE-2013-1921
PicketBox, as used in Red Hat JBoss Enterprise Application Platform before 6.1.1, allows local users to obtain the admin encryption key by reading the Vault data file. PicketBox, utilizado en Red Hat JBoss Enterprise Application Platform anteriores a 6.1.1, permite a un usuario local obtener la clave de cifrado de administrador leyendo el archivo de datos Vault. • http://rhn.redhat.com/errata/RHSA-2013-1207.html http://rhn.redhat.com/errata/RHSA-2013-1208.html http://rhn.redhat.com/errata/RHSA-2013-1209.html http://rhn.redhat.com/errata/RHSA-2013-1437.html http://rhn.redhat.com/errata/RHSA-2014-0029.html https://bugzilla.redhat.com/show_bug.cgi?id=948106 https://access.redhat.com/security/cve/CVE-2013-1921 • CWE-310: Cryptographic Issues •
CVE-2013-2165 – RichFaces: Remote code execution due to insecure deserialization
https://notcve.org/view.php?id=CVE-2013-2165
ResourceBuilderImpl.java in the RichFaces 3.x through 5.x implementation in Red Hat JBoss Web Framework Kit before 2.3.0, Red Hat JBoss Web Platform through 5.2.0, Red Hat JBoss Enterprise Application Platform through 4.3.0 CP10 and 5.x through 5.2.0, Red Hat JBoss BRMS through 5.3.1, Red Hat JBoss SOA Platform through 4.3.0 CP05 and 5.x through 5.3.1, Red Hat JBoss Portal through 4.3 CP07 and 5.x through 5.2.2, and Red Hat JBoss Operations Network through 2.4.2 and 3.x through 3.1.2 does not restrict the classes for which deserialization methods can be called, which allows remote attackers to execute arbitrary code via crafted serialized data. ResourceBuilderImpl.java en la implementación de RichFaces 3.x a 5.x en la implementación de Red Hat JBoss Web Framework Kit anterior a 2.3.0, Red Hat JBoss Web Platform a 5.2.0, Red Hat JBoss Enterprise Application Platform a 4.3.0 CP10 y 5.x a la 5.2.0, Red Hat JBoss BRMS hasta la 5.3.1, Red Hat JBoss SOA Platform hasta la 4.3.0 CP05 y 5.x hasta la 5.3.1, Red Hat JBoss Portal hasta la 4.3 CP07 y 5.x hasta 5.2.2, y Red Hat JBoss Operations Network hasta 2.4.2 y 3.x hasta la 3.1.2, no restringe las clases para la deserialización de los métodos que pueden ser invocados, lo que permite a atacantes remotos ejecutar código arbitrario a través de datos serializados. • https://github.com/Pastea/CVE-2013-2165 http://jvn.jp/en/jp/JVN38787103/index.html http://jvndb.jvn.jp/jvndb/JVNDB-2013-000072 http://packetstormsecurity.com/files/156663/Richsploit-RichFaces-Exploitation-Toolkit.html http://rhn.redhat.com/errata/RHSA-2013-1041.html http://rhn.redhat.com/errata/RHSA-2013-1042.html http://rhn.redhat.com/errata/RHSA-2013-1043.html http://rhn.redhat.com/errata/RHSA-2013-1044.html http://rhn.redhat.com/errata/RHSA-2013-1045.html http:/ • CWE-264: Permissions, Privileges, and Access Controls CWE-502: Deserialization of Untrusted Data •
CVE-2012-4572 – JBoss: custom authorization module implementations shared between applications
https://notcve.org/view.php?id=CVE-2012-4572
Red Hat JBoss Enterprise Application Platform (EAP) before 6.1.0 and JBoss Portal before 6.1.0 does not load the implementation of a custom authorization module for a new application when an implementation is already loaded and the modules share class names, which allows local users to control certain applications' authorization decisions via a crafted application. Red Hat JBoss Enterprise Application Platform (EAP) antes de 6.1.0 y JBoss Portal anteriores a 6.1.0 no carga la implementación de un módulo de autorización personalizado para una nueva aplicación cuando una aplicación está ya cargada y los módulos comparten los nombres de clase, lo que permite a usuarios locales controlar las decisiones de autorización ciertas aplicaciones a través de una aplicación manipulada. • http://rhn.redhat.com/errata/RHSA-2013-0833.html http://rhn.redhat.com/errata/RHSA-2013-0834.html http://rhn.redhat.com/errata/RHSA-2013-1437.html https://access.redhat.com/security/cve/CVE-2012-4572 https://bugzilla.redhat.com/show_bug.cgi?id=872059 • CWE-264: Permissions, Privileges, and Access Controls •
CVE-2012-5629 – JBoss: allows empty password to authenticate against LDAP
https://notcve.org/view.php?id=CVE-2012-5629
The default configuration of the (1) LdapLoginModule and (2) LdapExtLoginModule modules in JBoss Enterprise Application Platform (EAP) 4.3.0 CP10, 5.2.0, and 6.0.1, and Enterprise Web Platform (EWP) 5.2.0 allow remote attackers to bypass authentication via an empty password. La configuración por defecto de los módulos (1) LdapLoginModule y (2) LdapExtLoginModule en JBoss Enterprise Application Platform (EAP)v 4.3.0 CP10, v5.2.0 y v6.0.1 6.0.1, y Enterprise Web Platform (EWP) v5.2.0, permite a atacantes remotos la autenticación sin contraseña. • http://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=885569 http://rhn.redhat.com/errata/RHSA-2013-0229.html http://rhn.redhat.com/errata/RHSA-2013-0230.html http://rhn.redhat.com/errata/RHSA-2013-0231.html http://rhn.redhat.com/errata/RHSA-2013-0232.html http://rhn.redhat.com/errata/RHSA-2013-0233.html http://rhn.redhat.com/errata/RHSA-2013-0234.html http://rhn.redhat.com/errata/RHSA-2013-0248.html http://rhn.redhat.com/errata/RHSA-2013-0533.html http: • CWE-264: Permissions, Privileges, and Access Controls CWE-305: Authentication Bypass by Primary Weakness •
CVE-2012-4549 – AS: EJB authorization succeeds for any role when allowed roles list is empty
https://notcve.org/view.php?id=CVE-2012-4549
The processInvocation function in org.jboss.as.ejb3.security.AuthorizationInterceptor in JBoss Enterprise Application Platform (aka JBoss EAP or JBEAP) before 6.0.1, authorizes all requests when no roles are allowed for an Enterprise Java Beans (EJB) method invocation, which allows attackers to bypass intended access restrictions for EJB methods. La función processInvocation en org.jboss.as.ejb3.security.AuthorizationInterceptor en JBoss Enterprise Application Platform (tambien conocido como JBoss EAP o JBEAP) anteriores a v6.0.1, autoriza todas las peticiones cuando no están permitidos los roles para la invocación del método Enterprise Java Beans (EJB), lo que permite a atacantes remotos evitar las restricciones impuestas a los métodos EJB. • http://rhn.redhat.com/errata/RHSA-2012-1591.html http://rhn.redhat.com/errata/RHSA-2012-1592.html http://rhn.redhat.com/errata/RHSA-2012-1594.html http://secunia.com/advisories/51607 https://access.redhat.com/security/cve/CVE-2012-4549 https://bugzilla.redhat.com/show_bug.cgi?id=870868 • CWE-264: Permissions, Privileges, and Access Controls •