CVSS: 6.5EPSS: 0%CPEs: 3EXPL: 0CVE-2020-14299 – picketbox: JBoss EAP reload to admin-only mode allows authentication bypass
https://notcve.org/view.php?id=CVE-2020-14299
13 Oct 2020 — A flaw was found in JBoss EAP, where the authentication configuration is set-up using a legacy SecurityRealm, to delegate to a legacy PicketBox SecurityDomain, and then reloaded to admin-only mode. This flaw allows an attacker to perform a complete authentication bypass by using an arbitrary user and password. The highest threat to vulnerability is to system availability. Se encontró un fallo en JBoss EAP, donde la configuración de autenticación se configura usando un SecurityRealm heredado, para delegarlo ... • https://bugzilla.redhat.com/show_bug.cgi?id=1848533 • CWE-287: Improper Authentication •
CVSS: 7.5EPSS: 0%CPEs: 8EXPL: 0CVE-2019-19343 – Undertow: Memory Leak in Undertow HttpOpenListener due to holding remoting connections indefinitely
https://notcve.org/view.php?id=CVE-2019-19343
16 Jun 2020 — A flaw was found in Undertow when using Remoting as shipped in Red Hat Jboss EAP before version 7.2.4. A memory leak in HttpOpenListener due to holding remote connections indefinitely may lead to denial of service. Versions before undertow 2.0.25.SP1 and jboss-remoting 5.0.14.SP1 are believed to be vulnerable. Se encontró una falla en Undertow al usar Remoting como se envió en Red Hat Jboss EAP anterior a la versión 7.2.4. Una filtrado de memoria en HttpOpenListener debido a mantener conexiones remotas... • https://bugzilla.redhat.com/show_bug.cgi?id=1780445 • CWE-400: Uncontrolled Resource Consumption CWE-404: Improper Resource Shutdown or Release •
CVSS: 5.4EPSS: 0%CPEs: 3EXPL: 0CVE-2019-14885 – EAP: Vault system property security attribute value is revealed on CLI 'reload' command
https://notcve.org/view.php?id=CVE-2019-14885
20 Jan 2020 — A flaw was found in the JBoss EAP Vault system in all versions before 7.2.6.GA. Confidential information of the system property's security attribute value is revealed in the JBoss EAP log file when executing a JBoss CLI 'reload' command. This flaw can lead to the exposure of confidential information. Se detectó un fallo en el sistema JBoss EAP Vault en todas las versiones anteriores a 7.2.6.GA. La información confidencial del valor del atributo de seguridad de la propiedad del sistema es revelada en el arch... • https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-14885 • CWE-532: Insertion of Sensitive Information into Log File •
CVSS: 5.5EPSS: 0%CPEs: 7EXPL: 0CVE-2017-12167 – EAP-7: Wrong privileges on multiple property files
https://notcve.org/view.php?id=CVE-2017-12167
14 Dec 2017 — It was found in EAP 7 before 7.0.9 that properties based files of the management and the application realm configuration that contain user to role mapping are world readable allowing access to users and roles information to all the users logged in to the system. Se ha detectado en EAP 7 en versiones anteriores a la 7.0.9 que los archivos basados en propiedades de la administración y la configuración del dominio de la aplicación que contienen mapeo de usuario a rol son legibles para todos los usuarios, permi... • http://www.securityfocus.com/bid/100903 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor CWE-732: Incorrect Permission Assignment for Critical Resource •
CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 0CVE-2016-7066 – admin-cli: Any local users can connect to jboss-cli
https://notcve.org/view.php?id=CVE-2016-7066
14 Dec 2017 — It was found that the improper default permissions on /tmp/auth directory in JBoss Enterprise Application Platform before 7.1.0 can allow any local user to connect to CLI and allow the user to execute any arbitrary operations. Se ha detectado que los permisos incorrectos por defecto en el directorio /tmp/auth en JBoss Enterprise Application Platform en versiones anteriores a la 7.1.0 pueden permitir que cualquier usuario local se conecte a la interfaz de línea de comandos y ejecute cualquier operación arbit... • https://access.redhat.com/errata/RHSA-2017:3456 • CWE-266: Incorrect Privilege Assignment CWE-275: Permission Issues •
CVSS: 5.9EPSS: 0%CPEs: 1EXPL: 1CVE-2015-1849
https://notcve.org/view.php?id=CVE-2015-1849
19 Sep 2017 — AdvancedLdapLodinMogule in Red Hat JBoss Enterprise Application Platform (EAP) before 6.4.1 allows attackers to obtain sensitive information via vectors involving logging the LDAP bind credential password when TRACE logging is enabled. AdvancedLdapLodinMogule en Red Hat JBoss Enterprise Application Platform (EAP) en versiones anteriores a la 6.4.1 permite que los atacantes obtengan información sensible mediante vectores que implican el registro de la contraseña de las credenciales asociadas al protocolo LDA... • https://bugzilla.redhat.com/show_bug.cgi?id=1199641 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 7.5EPSS: 1%CPEs: 14EXPL: 0CVE-2017-7561 – resteasy: Vary header not added by CORS filter leading to cache poisoning
https://notcve.org/view.php?id=CVE-2017-7561
13 Sep 2017 — Red Hat JBoss EAP version 3.0.7 through before 4.0.0.Beta1 is vulnerable to a server-side cache poisoning or CORS requests in the JAX-RS component resulting in a moderate impact. Red Hat JBoss EAP en su versión 3.0.7 hasta antes de la versión 4.0.0.Beta1 es vulnerable a un envenenamiento de la caché por parte del servidor o a peticiones CORS en el componente JAX-RS, resultando en un impacto moderado. It was discovered that the CORS Filter did not add an HTTP Vary header indicating that the response varies d... • http://www.securityfocus.com/bid/100465 • CWE-345: Insufficient Verification of Data Authenticity CWE-346: Origin Validation Error CWE-444: Inconsistent Interpretation of HTTP Requests ('HTTP Request/Response Smuggling') •
CVSS: 9.8EPSS: 2%CPEs: 7EXPL: 0CVE-2016-3690
https://notcve.org/view.php?id=CVE-2016-3690
08 Jun 2017 — The PooledInvokerServlet in JBoss EAP 4.x and 5.x allows remote attackers to execute arbitrary code via a crafted serialized payload. El PooledInvokerServlet de Jboss EAP en sus versiones 4.x y 5.x permite a un atacante remoto la ejecución de un código aleatorio mediante un payload de diseño serializado. • http://www.securityfocus.com/bid/99079 • CWE-502: Deserialization of Untrusted Data •
CVSS: 9.8EPSS: 90%CPEs: 1EXPL: 1CVE-2017-7504
https://notcve.org/view.php?id=CVE-2017-7504
19 May 2017 — HTTPServerILServlet.java in JMS over HTTP Invocation Layer of the JbossMQ implementation, which is enabled by default in Red Hat Jboss Application Server <= Jboss 4.X does not restrict the classes for which it performs deserialization, which allows remote attackers to execute arbitrary code via crafted serialized data. En el archivo HTTPServerILServlet.java en la capa de invocación JMS sobre HTTP de la implementación de JbossMQ, que está habilitada por defecto en Red Hat Jboss Application Server versiones a... • https://github.com/wudidwo/CVE-2017-7504-poc • CWE-502: Deserialization of Untrusted Data •
CVSS: 6.5EPSS: 0%CPEs: 3EXPL: 0CVE-2016-7061 – EAP: Sensitive data can be exposed at the server level in domain mode
https://notcve.org/view.php?id=CVE-2016-7061
19 Jan 2017 — An information disclosure vulnerability was found in JBoss Enterprise Application Platform before 7.0.4. It was discovered that when configuring RBAC and marking information as sensitive, users with a Monitor role are able to view the sensitive information. Se ha detectado una vulnerabilidad de divulgación de información en JBoss Enterprise Application Platform en versiones anteriores a la 7.0.4. Se ha descubierto que, al configurar RBAC y marcar información como sensible, los usuarios con rol Monitor puede... • http://rhn.redhat.com/errata/RHSA-2017-0170.html • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •