CVSS: 7.5EPSS: 2%CPEs: 6EXPL: 1CVE-2018-1041 – JBoss Remoting 6.14.18 - Denial of Service
https://notcve.org/view.php?id=CVE-2018-1041
A vulnerability was found in the way RemoteMessageChannel, introduced in jboss-remoting versions 3.3.10, reads from an empty buffer. An attacker could use this flaw to cause denial of service via high CPU caused by an infinite loop. Se ha encontrado una vulnerabilidad en la forma en la que RemoteMessageChannel, introducido en las versiones 3.3.10 de jboss-remoting, lee desde un búfer vacío. Un atacante podría emplear este error para provocar una denegación de servicio (DoS) mediante un consumo alto de CPU a través de un bucle infinito. A vulnerability was found in the way RemoteMessageChannel, introduced in jboss-remoting versions 3.3.10.Final-redhat-1, reads from an empty buffer. • https://www.exploit-db.com/exploits/44099 http://www.securitytracker.com/id/1040323 https://access.redhat.com/errata/RHSA-2018:0268 https://access.redhat.com/errata/RHSA-2018:0269 https://access.redhat.com/errata/RHSA-2018:0270 https://access.redhat.com/errata/RHSA-2018:0271 https://access.redhat.com/errata/RHSA-2018:0275 https://bugzilla.redhat.com/show_bug.cgi?id=1530457 https://access.redhat.com/security/cve/CVE-2018-1041 • CWE-835: Loop with Unreachable Exit Condition ('Infinite Loop') •
CVSS: 5.0EPSS: 0%CPEs: 3EXPL: 0CVE-2014-0170 – Teiid: XML eXternal Entity (XXE) flaw in SQL/XML parsing
https://notcve.org/view.php?id=CVE-2014-0170
Teiid before 8.4.3 and before 8.7 and Red Hat JBoss Data Virtualization 6.0.0 before patch 3 allows remote attackers to read arbitrary files via a crafted request to a REST endpoint, related to an XML External Entity (XXE) issue. Teiid anterior a 8.4.3 y anterior a 8.7 y Red Hat JBoss Data Virtualization 6.0.0 anterior a patch 3 permiten a atacantes remotos leer ficheros arbitrarios a través de una solicitud manipulada en un endpoint REST, relacionado con un problema de entidad externa XML (XXE). It was found that Teiid SQL/XML permitted XML eXternal Entity (XXE) attacks. If a REST endpoint was deployed, a remote attacker could submit a request containing an external XML entity that, when resolved, allowed that attacker to read files on the application server in the context of the user running that server. • http://rhn.redhat.com/errata/RHSA-2014-1284.html http://secunia.com/advisories/61530 http://www.securitytracker.com/id/1030886 https://exchange.xforce.ibmcloud.com/vulnerabilities/96192 https://issues.jboss.org/browse/TEIID-2911 https://access.redhat.com/security/cve/CVE-2014-0170 https://bugzilla.redhat.com/show_bug.cgi?id=1085554 • CWE-611: Improper Restriction of XML External Entity Reference •
CVSS: 6.0EPSS: 0%CPEs: 6EXPL: 0CVE-2007-1354
https://notcve.org/view.php?id=CVE-2007-1354
The Access Control functionality (JMXOpsAccessControlFilter) in JMX Console in JBoss Application Server 4.0.2 and 4.0.5 before 20070416 uses a member variable to store the roles of the current user, which allows remote authenticated administrators to trigger a race condition and gain privileges by logging in during a session by a more privileged administrator, as demonstrated by privilege escalation from Read Mode to Write Mode. La funcionalidad Control de Acceso (JMXOpsAccessControlFilter) en JMX Console de JBoss Application Server 4.0.2 y 4.0.5 versiones anteriores a 20070416 utiliza una variable miembro para almacenar los roles del usuario actual, lo cual permite a administradores remotos autenticados disparar una condición de carrera y obtener privilegios al identificarse en una sesión, por los de otro administrador con más privilegios, como se demuestra con un escalado de privilegios de Modo Lectura a Modo Escritura. • http://jira.jboss.com/jira/browse/ASPATCH-172 http://jira.jboss.com/jira/browse/ASPATCH-175 http://osvdb.org/46765 http://rhn.redhat.com/errata/RHSA-2007-0151.html http://www.redhat.com/archives/jboss-watch-list/2007-April/msg00000.html https://access.redhat.com/security/cve/CVE-2007-1354 https://bugzilla.redhat.com/show_bug.cgi?id=1618298 •
CVSS: 7.6EPSS: 0%CPEs: 1EXPL: 0CVE-2007-1157
https://notcve.org/view.php?id=CVE-2007-1157
Cross-site request forgery (CSRF) vulnerability in jmx-console/HtmlAdaptor in JBoss allows remote attackers to perform privileged actions as administrators via certain MBean operations, a different vulnerability than CVE-2006-3733. Vulnerabilidad de falsificación de petición en sitios cruzados (CSRF) en jmx-console/HtmlAdaptor de JBoss permite a atacantes remotos llevar a cabo acciones privilegiadas como administrador mediante ciertas operaciones MBean, una vulnerabilidad diferente que CVE-2006-3733. • http://osvdb.org/33142 http://www.securityfocus.com/archive/1/460934/100/0/threaded http://www.securityfocus.com/archive/1/461004/100/0/threaded https://exchange.xforce.ibmcloud.com/vulnerabilities/32673 • CWE-352: Cross-Site Request Forgery (CSRF) •
CVSS: 7.5EPSS: 96%CPEs: 1EXPL: 2CVE-2007-1036 – JBoss - DeploymentFileRepository WAR Deployment (via JMXInvokerServlet)
https://notcve.org/view.php?id=CVE-2007-1036
The default configuration of JBoss does not restrict access to the (1) console and (2) web management interfaces, which allows remote attackers to bypass authentication and gain administrative access via direct requests. La configuración por defecto de JBoss no restringe el acceso a (1) la consola y (2) interfaces de gestión web, lo cual permite a atacantes remotos evitar la autenticación y obtener acceso administrativo mediante peticiones directas. • https://www.exploit-db.com/exploits/21080 https://www.exploit-db.com/exploits/16318 http://osvdb.org/33744 http://wiki.jboss.org/wiki/Wiki.jsp?page=SecureJBoss http://wiki.jboss.org/wiki/Wiki.jsp?page=SecureTheJmxConsole http://www.kb.cert.org/vuls/id/632656 http://www.securityfocus.com/archive/1/460597/100/0/threaded http://www.securityfocus.com/archive/1/460605/100/0/threaded http://www.securityfocus.com/archive/1/460695/100/0/threaded http://www.securitytrack • CWE-264: Permissions, Privileges, and Access Controls •