CVSS: 6.1EPSS: 0%CPEs: 4EXPL: 0CVE-2016-4993 – eap: HTTP header injection / response splitting
https://notcve.org/view.php?id=CVE-2016-4993
CRLF injection vulnerability in the Undertow web server in WildFly 10.0.0, as used in Red Hat JBoss Enterprise Application Platform (EAP) 7.x before 7.0.2, allows remote attackers to inject arbitrary HTTP headers and conduct HTTP response splitting attacks via unspecified vectors. Vulnerabilidad de inyección CRLF en el servidor web Undertow en WildFly 10.0.0, tal como se utiliza en Red Hat JBoss Enterprise Application Platform (EAP) 7.x en versiones anteriores a 7.0.2, permite a atacantes remotos inyectar cabeceras HTTP arbitrarias y llevar a cabo ataques de separación de respuesta HTTP a través de vectores no especificados. It was reported that EAP 7 Application Server/Undertow web server is vulnerable to the injection of arbitrary HTTP headers, and also response splitting, due to insufficient sanitization and validation of user input before the input is used as part of an HTTP header value. • http://rhn.redhat.com/errata/RHSA-2016-1838.html http://rhn.redhat.com/errata/RHSA-2016-1839.html http://rhn.redhat.com/errata/RHSA-2016-1840.html http://rhn.redhat.com/errata/RHSA-2016-1841.html http://www.securityfocus.com/bid/92894 http://www.securitytracker.com/id/1036758 https://access.redhat.com/errata/RHSA-2017:3454 https://access.redhat.com/errata/RHSA-2017:3455 https://access.redhat.com/errata/RHSA-2017:3456 https://access.redhat.com/errata/RHSA-2017: • CWE-93: Improper Neutralization of CRLF Sequences ('CRLF Injection') CWE-113: Improper Neutralization of CRLF Sequences in HTTP Headers ('HTTP Request/Response Splitting') •
CVSS: 7.5EPSS: 1%CPEs: 9EXPL: 0CVE-2016-3110 – mod_cluster: remotely Segfault Apache http server
https://notcve.org/view.php?id=CVE-2016-3110
mod_cluster, as used in Red Hat JBoss Web Server 2.1, allows remote attackers to cause a denial of service (Apache http server crash) via an MCMP message containing a series of = (equals) characters after a legitimate element. mod_cluster, tal como se utiliza en Red Hat JBoss Web Server 2.1, permite a atacantes remotos provocar una denegación de servicio (caída del servidor http de Apache) a través de un mensaje MCMP que contiene una serie de caracteres = (iguales) después de un elemento legítimo. It was discovered that it is possible to remotely Segfault Apache http server with a specially crafted string sent to the mod_cluster via service messages (MCMP). • http://rhn.redhat.com/errata/RHSA-2016-1648.html http://rhn.redhat.com/errata/RHSA-2016-1649.html http://rhn.redhat.com/errata/RHSA-2016-1650.html http://rhn.redhat.com/errata/RHSA-2016-2054.html http://rhn.redhat.com/errata/RHSA-2016-2055.html http://rhn.redhat.com/errata/RHSA-2016-2056.html http://www.securityfocus.com/bid/92584 https://bugzilla.redhat.com/show_bug.cgi?id=1326320 https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org&#x • CWE-20: Improper Input Validation •
CVSS: 9.8EPSS: 0%CPEs: 7EXPL: 0CVE-2016-2141 – JGroups: Authorization bypass
https://notcve.org/view.php?id=CVE-2016-2141
It was found that JGroups did not require necessary headers for encrypt and auth protocols from new nodes joining the cluster. An attacker could use this flaw to bypass security restrictions, and use this vulnerability to send and receive messages within the cluster, leading to information disclosure, message spoofing, or further possible attacks. JGroups en versiones anteriores a 4.0 no solicita las cabeceras adecuadas para los protocolos ENCRYPT y AUTH desde los nodos uniéndose al grupo, lo que permite a atacantes remotos eludir las restricciones de seguridad y enviar y recibir mensajes dentro del grupo a través de vectores no especificados. • http://rhn.redhat.com/errata/RHSA-2016-1435.html http://rhn.redhat.com/errata/RHSA-2016-1439.html http://rhn.redhat.com/errata/RHSA-2016-2035.html http://www.securityfocus.com/bid/91481 http://www.securitytracker.com/id/1036165 https://access.redhat.com/errata/RHSA-2016:1345 https://access.redhat.com/errata/RHSA-2016:1346 https://access.redhat.com/errata/RHSA-2016:1347 https://access.redhat.com/errata/RHSA-2016:1374 https://access.redhat.com/errata/RHSA-2016:1376& •
CVSS: 4.0EPSS: 0%CPEs: 1EXPL: 0CVE-2015-5304 – EAP: missing authorization check for Monitor/Deployer/Auditor role when shutting down server
https://notcve.org/view.php?id=CVE-2015-5304
Red Hat JBoss Enterprise Application Platform (EAP) before 6.4.5 does not properly authorize access to shut down the server, which allows remote authenticated users with the Monitor, Deployer, or Auditor role to cause a denial of service via unspecified vectors. Red Hat JBoss Enterprise Application Platform (EAP) en versiones anteriores a 6.4.5 no autoriza adecuadamente el acceso para apagar el servidor, lo que permite a usuarios remotos autenticados con el rol Monitor, Deployer o Auditor causar una denegación de servicio a través de vectores no especificados. It was found that JBoss EAP did not properly authorize a user performing a shut down. A remote user with the Monitor, Deployer, or Auditor role could use this flaw to shut down the EAP server, which is an action restricted to admin users. • http://rhn.redhat.com/errata/RHSA-2015-2538.html http://rhn.redhat.com/errata/RHSA-2015-2539.html http://rhn.redhat.com/errata/RHSA-2015-2540.html http://rhn.redhat.com/errata/RHSA-2015-2541.html http://rhn.redhat.com/errata/RHSA-2015-2542.html http://www.securitytracker.com/id/1034280 https://bugzilla.redhat.com/show_bug.cgi?id=1273046 https://access.redhat.com/security/cve/CVE-2015-5304 • CWE-264: Permissions, Privileges, and Access Controls CWE-862: Missing Authorization •
CVSS: 4.3EPSS: 0%CPEs: 2EXPL: 0CVE-2015-5178 – AS/WildFly: missing X-Frame-Options header leading to clickjacking
https://notcve.org/view.php?id=CVE-2015-5178
The Management Console in Red Hat Enterprise Application Platform before 6.4.4 and WildFly (formerly JBoss Application Server) does not send an X-Frame-Options HTTP header, which makes it easier for remote attackers to conduct clickjacking attacks via a crafted web page that contains a (1) FRAME or (2) IFRAME element. Management Console en Red Hat Enterprise Application Platform en versiones anteriores a 6.4.4 y WildFly (anteriormente JBoss Application Server) no envía una cabecera HTTP X-Frame-Options, lo que hace más fácil para atacantes remotos llevar a cabo ataques de secuestro de click a través de una página web manipulada que contiene un elemento (1) FRAME o (2) IFRAME. It was discovered that the EAP Management Console could be opened in an IFRAME, which made it possible to intercept and manipulate requests. An attacker could use this flaw to trick a user into performing arbitrary actions in the Console (clickjacking). • http://rhn.redhat.com/errata/RHSA-2015-1904.html http://rhn.redhat.com/errata/RHSA-2015-1905.html http://rhn.redhat.com/errata/RHSA-2015-1906.html http://rhn.redhat.com/errata/RHSA-2015-1907.html http://rhn.redhat.com/errata/RHSA-2015-1908.html http://www.securitytracker.com/id/1033859 https://bugzilla.redhat.com/show_bug.cgi?id=1250552 https://access.redhat.com/security/cve/CVE-2015-5178 • CWE-20: Improper Input Validation CWE-254: 7PK - Security Features •