CVE-2015-5220 – OOME from EAP 6 http management console
https://notcve.org/view.php?id=CVE-2015-5220
The Web Console in Red Hat Enterprise Application Platform (EAP) before 6.4.4 and WildFly (formerly JBoss Application Server) allows remote attackers to cause a denial of service (memory consumption) via a large request header. Web Console en Red Hat Enterprise Application Platform (EAP) en versiones anteriores a 6.4.4 y WildFly (anteriormente JBoss Application Server) permite a atacantes remotos provocar una denegación de servicio (consumo de la memoria) a través de una cabecera de petición grande. It was discovered that sending requests containing large headers to the Web Console produced a Java OutOfMemoryError in the HTTP management interface. An attacker could use this flaw to cause a denial of service. • http://rhn.redhat.com/errata/RHSA-2015-1904.html http://rhn.redhat.com/errata/RHSA-2015-1905.html http://rhn.redhat.com/errata/RHSA-2015-1906.html http://rhn.redhat.com/errata/RHSA-2015-1907.html http://rhn.redhat.com/errata/RHSA-2015-1908.html http://rhn.redhat.com/errata/RHSA-2016-1519.html http://www.securitytracker.com/id/1033859 https://bugzilla.redhat.com/show_bug.cgi?id=1255597 https://access.redhat.com/security/cve/CVE-2015-5220 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer CWE-770: Allocation of Resources Without Limits or Throttling •
CVE-2014-3586 – CLI: Insecure default permissions on history file
https://notcve.org/view.php?id=CVE-2014-3586
The default configuration for the Command Line Interface in Red Hat Enterprise Application Platform before 6.4.0 and WildFly (formerly JBoss Application Server) uses weak permissions for .jboss-cli-history, which allows local users to obtain sensitive information via unspecified vectors. La configuración por defecto para la interfaz de la línea de comandos en Red Hat Enterprise Application Platform anterior a 6.4.0 y WildFly (anteriormente JBoss Application Server) utiliza permisos débiles para .jboss-cli-history, lo que permite a usuarios locales obtener información sensible a través de vectores no especificados. It was found that the Command Line Interface, as provided by Red Hat Enterprise Application Platform, created a history file named .jboss-cli-history in the user's home directory with insecure default file permissions. This could allow a malicious local user to gain information otherwise not accessible to them. • http://rhn.redhat.com/errata/RHSA-2015-0846.html http://rhn.redhat.com/errata/RHSA-2015-0847.html http://rhn.redhat.com/errata/RHSA-2015-0848.html http://rhn.redhat.com/errata/RHSA-2015-0849.html http://www.securitytracker.com/id/1032183 https://bugzilla.redhat.com/show_bug.cgi?id=1126687 https://access.redhat.com/security/cve/CVE-2014-3586 • CWE-264: Permissions, Privileges, and Access Controls CWE-732: Incorrect Permission Assignment for Critical Resource •
CVE-2014-7827 – Security: Wrong security context loaded when using SAML2 STS Login Module
https://notcve.org/view.php?id=CVE-2014-7827
The org.jboss.security.plugins.mapping.JBossMappingManager implementation in JBoss Security in Red Hat JBoss Enterprise Application Platform (EAP) before 6.3.3 uses the default security domain when a security domain is undefined, which allows remote authenticated users to bypass intended access restrictions by leveraging credentials on the default domain for a role that is also on the application domain. La implementación org.jboss.security.plugins.mapping.JBossMappingManager en JBoss Security en Red Hat JBoss Enterprise Application Platform (EAP) anterior a 6.3.3 utiliza el dominio de seguridad por defecto cuando un dominio de seguridad no está definido, lo que permite a usuarios remotos autenticados evadir las restricciones de acceso mediante el aprovechamiento de las credenciales en el dominio por defecto para un rol que también está en el dominio de la aplicación. It was found that when processing undefined security domains, the org.jboss.security.plugins.mapping.JBossMappingManager implementation would fall back to the default security domain if it was available. A user with valid credentials in the defined default domain, with a role that is valid in the expected application domain, could perform actions that were otherwise not available to them. When using the SAML2 STS Login Module, JBossMappingManager exposed this issue due to the PicketLink Trust SecurityActions implementation using a hardcoded default value when defining the context. • http://rhn.redhat.com/errata/RHSA-2015-0215.html http://rhn.redhat.com/errata/RHSA-2015-0216.html http://rhn.redhat.com/errata/RHSA-2015-0217.html http://rhn.redhat.com/errata/RHSA-2015-0218.html http://rhn.redhat.com/errata/RHSA-2015-0850.html http://rhn.redhat.com/errata/RHSA-2015-0851.html http://www.securitytracker.com/id/1031741 https://exchange.xforce.ibmcloud.com/vulnerabilities/100889 https://access.redhat.com/security/cve/CVE-2014-7827 https://bugzilla.red • CWE-264: Permissions, Privileges, and Access Controls CWE-863: Incorrect Authorization •
CVE-2014-7853 – Subsystem: Information disclosure via incorrect sensitivity classification of attribute
https://notcve.org/view.php?id=CVE-2014-7853
The JBoss Application Server (WildFly) JacORB subsystem in Red Hat JBoss Enterprise Application Platform (EAP) before 6.3.3 does not properly assign socket-binding-ref sensitivity classification to the security-domain attribute, which allows remote authenticated users to obtain sensitive information by leveraging access to the security-domain attribute. El subsistema JBoss Application Server (WildFly) JacORB en Red Hat JBoss Enterprise Application Platform (EAP) anterior a 6.3.3 no asigna correctamente la configuración de la sensibilidad de las referencias a vinculaciones de sockets al atributo del dominio de seguridad, lo que permite a usuarios remotos autenticados obtener información sensible mediante el aprovechamiento del acceso al atributo del dominio de seguridad. It was discovered that the JBoss Application Server (WildFly) JacORB subsystem incorrectly assigned socket-binding-ref sensitivity classification for the security-domain attribute. An authenticated user with a role that has access to attributes with socket-binding-ref and not security-domain-ref sensitivity classification could use this flaw to access sensitive information present in the security-domain attribute. • http://rhn.redhat.com/errata/RHSA-2015-0215.html http://rhn.redhat.com/errata/RHSA-2015-0216.html http://rhn.redhat.com/errata/RHSA-2015-0217.html http://rhn.redhat.com/errata/RHSA-2015-0218.html http://rhn.redhat.com/errata/RHSA-2015-0920.html http://www.securitytracker.com/id/1031741 https://exchange.xforce.ibmcloud.com/vulnerabilities/100891 https://access.redhat.com/security/cve/CVE-2014-7853 https://bugzilla.redhat.com/show_bug.cgi?id=1165522 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVE-2014-7849 – Management: Limited RBAC authorization bypass
https://notcve.org/view.php?id=CVE-2014-7849
The Role Based Access Control (RBAC) implementation in JBoss Enterprise Application Platform (EAP) 6.2.0 through 6.3.2 does not properly verify authorization conditions, which allows remote authenticated users to add, modify, and undefine otherwise restricted attributes by leveraging the Maintainer role. La implementación Role Based Access Control (RBAC) en JBoss Enterprise Application Platform (EAP) 6.2.0 hasta 6.3.2 no verifica correctamente las condiciones de la autorización, lo que permite a usuarios remotos autenticados añadir, modificar y desdefinir atributos de otra manera restringidos mediante el aprovechamiento del rol de mantenador (Maintainer). It was discovered that the Role Based Access Control (RBAC) implementation did not sufficiently verify all authorization conditions that are required by the Maintainer role to perform certain administrative actions. An authenticated user with the Maintainer role could use this flaw to add, modify, or undefine a limited set of attributes and their values, which otherwise cannot be written to. • http://rhn.redhat.com/errata/RHSA-2015-0215.html http://rhn.redhat.com/errata/RHSA-2015-0216.html http://rhn.redhat.com/errata/RHSA-2015-0217.html http://rhn.redhat.com/errata/RHSA-2015-0218.html http://rhn.redhat.com/errata/RHSA-2015-0920.html http://www.securitytracker.com/id/1031741 https://bugzilla.redhat.com/show_bug.cgi?id=1165170 https://exchange.xforce.ibmcloud.com/vulnerabilities/100890 https://access.redhat.com/security/cve/CVE-2014-7849 • CWE-264: Permissions, Privileges, and Access Controls CWE-863: Incorrect Authorization •