CVE-2015-5220 – OOME from EAP 6 http management console
https://notcve.org/view.php?id=CVE-2015-5220
The Web Console in Red Hat Enterprise Application Platform (EAP) before 6.4.4 and WildFly (formerly JBoss Application Server) allows remote attackers to cause a denial of service (memory consumption) via a large request header. Web Console en Red Hat Enterprise Application Platform (EAP) en versiones anteriores a 6.4.4 y WildFly (anteriormente JBoss Application Server) permite a atacantes remotos provocar una denegación de servicio (consumo de la memoria) a través de una cabecera de petición grande. It was discovered that sending requests containing large headers to the Web Console produced a Java OutOfMemoryError in the HTTP management interface. An attacker could use this flaw to cause a denial of service. • http://rhn.redhat.com/errata/RHSA-2015-1904.html http://rhn.redhat.com/errata/RHSA-2015-1905.html http://rhn.redhat.com/errata/RHSA-2015-1906.html http://rhn.redhat.com/errata/RHSA-2015-1907.html http://rhn.redhat.com/errata/RHSA-2015-1908.html http://rhn.redhat.com/errata/RHSA-2016-1519.html http://www.securitytracker.com/id/1033859 https://bugzilla.redhat.com/show_bug.cgi?id=1255597 https://access.redhat.com/security/cve/CVE-2015-5220 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer CWE-770: Allocation of Resources Without Limits or Throttling •
CVE-2014-3586 – CLI: Insecure default permissions on history file
https://notcve.org/view.php?id=CVE-2014-3586
The default configuration for the Command Line Interface in Red Hat Enterprise Application Platform before 6.4.0 and WildFly (formerly JBoss Application Server) uses weak permissions for .jboss-cli-history, which allows local users to obtain sensitive information via unspecified vectors. La configuración por defecto para la interfaz de la línea de comandos en Red Hat Enterprise Application Platform anterior a 6.4.0 y WildFly (anteriormente JBoss Application Server) utiliza permisos débiles para .jboss-cli-history, lo que permite a usuarios locales obtener información sensible a través de vectores no especificados. It was found that the Command Line Interface, as provided by Red Hat Enterprise Application Platform, created a history file named .jboss-cli-history in the user's home directory with insecure default file permissions. This could allow a malicious local user to gain information otherwise not accessible to them. • http://rhn.redhat.com/errata/RHSA-2015-0846.html http://rhn.redhat.com/errata/RHSA-2015-0847.html http://rhn.redhat.com/errata/RHSA-2015-0848.html http://rhn.redhat.com/errata/RHSA-2015-0849.html http://www.securitytracker.com/id/1032183 https://bugzilla.redhat.com/show_bug.cgi?id=1126687 https://access.redhat.com/security/cve/CVE-2014-3586 • CWE-264: Permissions, Privileges, and Access Controls CWE-732: Incorrect Permission Assignment for Critical Resource •
CVE-2014-0005 – PicketBox/JBossSX: Unauthorized access to and modification of application server configuration and state by application
https://notcve.org/view.php?id=CVE-2014-0005
PicketBox and JBossSX, as used in Red Hat JBoss Enterprise Application Platform (JBEAP) 6.2.2 and JBoss BRMS before 6.0.3 roll up patch 2, allows remote authenticated users to read and modify the application sever configuration and state by deploying a crafted application. PicketBox y JBossSX, utilizado en Red Hat JBoss Enterprise Application Platform (JBEAP) 6.2.2 y JBoss BRMS anterior a 6.0.3 roll up patch 2, permite a usuarios remotos autenticados leer y modificar la configuración y estado del servidor de la aplicación mediante el despliegue de una aplicación manipulada. It was identified that PicketBox/JBossSX allowed any deployed application to alter or read the underlying application server configuration and state without any authorization checks. An attacker able to deploy applications could use this flaw to circumvent security constraints applied to other applications deployed on the same system, disclose privileged information, and in certain cases allow arbitrary code execution. • http://rhn.redhat.com/errata/RHSA-2014-0343.html http://rhn.redhat.com/errata/RHSA-2014-0344.html http://rhn.redhat.com/errata/RHSA-2014-0345.html http://rhn.redhat.com/errata/RHSA-2015-0234.html http://rhn.redhat.com/errata/RHSA-2015-0235.html http://rhn.redhat.com/errata/RHSA-2015-0720.html https://access.redhat.com/security/cve/CVE-2014-0005 https://bugzilla.redhat.com/show_bug.cgi?id=1049736 • CWE-264: Permissions, Privileges, and Access Controls CWE-862: Missing Authorization •
CVE-2014-7827 – Security: Wrong security context loaded when using SAML2 STS Login Module
https://notcve.org/view.php?id=CVE-2014-7827
The org.jboss.security.plugins.mapping.JBossMappingManager implementation in JBoss Security in Red Hat JBoss Enterprise Application Platform (EAP) before 6.3.3 uses the default security domain when a security domain is undefined, which allows remote authenticated users to bypass intended access restrictions by leveraging credentials on the default domain for a role that is also on the application domain. La implementación org.jboss.security.plugins.mapping.JBossMappingManager en JBoss Security en Red Hat JBoss Enterprise Application Platform (EAP) anterior a 6.3.3 utiliza el dominio de seguridad por defecto cuando un dominio de seguridad no está definido, lo que permite a usuarios remotos autenticados evadir las restricciones de acceso mediante el aprovechamiento de las credenciales en el dominio por defecto para un rol que también está en el dominio de la aplicación. It was found that when processing undefined security domains, the org.jboss.security.plugins.mapping.JBossMappingManager implementation would fall back to the default security domain if it was available. A user with valid credentials in the defined default domain, with a role that is valid in the expected application domain, could perform actions that were otherwise not available to them. When using the SAML2 STS Login Module, JBossMappingManager exposed this issue due to the PicketLink Trust SecurityActions implementation using a hardcoded default value when defining the context. • http://rhn.redhat.com/errata/RHSA-2015-0215.html http://rhn.redhat.com/errata/RHSA-2015-0216.html http://rhn.redhat.com/errata/RHSA-2015-0217.html http://rhn.redhat.com/errata/RHSA-2015-0218.html http://rhn.redhat.com/errata/RHSA-2015-0850.html http://rhn.redhat.com/errata/RHSA-2015-0851.html http://www.securitytracker.com/id/1031741 https://exchange.xforce.ibmcloud.com/vulnerabilities/100889 https://access.redhat.com/security/cve/CVE-2014-7827 https://bugzilla.red • CWE-264: Permissions, Privileges, and Access Controls CWE-863: Incorrect Authorization •
CVE-2014-7853 – Subsystem: Information disclosure via incorrect sensitivity classification of attribute
https://notcve.org/view.php?id=CVE-2014-7853
The JBoss Application Server (WildFly) JacORB subsystem in Red Hat JBoss Enterprise Application Platform (EAP) before 6.3.3 does not properly assign socket-binding-ref sensitivity classification to the security-domain attribute, which allows remote authenticated users to obtain sensitive information by leveraging access to the security-domain attribute. El subsistema JBoss Application Server (WildFly) JacORB en Red Hat JBoss Enterprise Application Platform (EAP) anterior a 6.3.3 no asigna correctamente la configuración de la sensibilidad de las referencias a vinculaciones de sockets al atributo del dominio de seguridad, lo que permite a usuarios remotos autenticados obtener información sensible mediante el aprovechamiento del acceso al atributo del dominio de seguridad. It was discovered that the JBoss Application Server (WildFly) JacORB subsystem incorrectly assigned socket-binding-ref sensitivity classification for the security-domain attribute. An authenticated user with a role that has access to attributes with socket-binding-ref and not security-domain-ref sensitivity classification could use this flaw to access sensitive information present in the security-domain attribute. • http://rhn.redhat.com/errata/RHSA-2015-0215.html http://rhn.redhat.com/errata/RHSA-2015-0216.html http://rhn.redhat.com/errata/RHSA-2015-0217.html http://rhn.redhat.com/errata/RHSA-2015-0218.html http://rhn.redhat.com/errata/RHSA-2015-0920.html http://www.securitytracker.com/id/1031741 https://exchange.xforce.ibmcloud.com/vulnerabilities/100891 https://access.redhat.com/security/cve/CVE-2014-7853 https://bugzilla.redhat.com/show_bug.cgi?id=1165522 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •