CVE-2019-3834
https://notcve.org/view.php?id=CVE-2019-3834
It was found that the fix for CVE-2014-0114 had been reverted in JBoss Operations Network 3 (JON). This flaw allows attackers to manipulate ClassLoader properties on a vulnerable server. Exploits that have been published rely on ClassLoader properties that are exposed such as those in JON 3. Additional information can be found in the Red Hat Knowledgebase article: https://access.redhat.com/site/solutions/869353. Note that while multiple products released patches for the original CVE-2014-0114 flaw, the reversion described by this CVE-2019-3834 flaw only occurred in JON 3. • https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-3834 • CWE-470: Use of Externally-Controlled Input to Select Classes or Code ('Unsafe Reflection') •
CVE-2016-6330
https://notcve.org/view.php?id=CVE-2016-6330
The server in Red Hat JBoss Operations Network (JON), when SSL authentication is not configured for JON server / agent communication, allows remote attackers to execute arbitrary code via a crafted HTTP request, related to message deserialization. NOTE: this vulnerability exists because of an incomplete fix for CVE-2016-3737. El servidor en Red Hat JBoss Operations Network (JON), cuando la autenticación SSL no está configurada para comunicación de agente servidor JON, permite a atacantes remotos ejecutar código arbitrario a través de una petición HTTP manipulada, relacionado con deserialización de mensajes. NOTA: esta vulnerabilidad existe debido a una solución incompleta para CVE-2016-3737. • http://www.securityfocus.com/bid/92568 https://bugzilla.redhat.com/show_bug.cgi?id=1368864 https://www.tenable.com/security/research/tra-2016-22 • CWE-502: Deserialization of Untrusted Data •
CVE-2016-5422 – JON3: privilege escalation via improper authorization
https://notcve.org/view.php?id=CVE-2016-5422
The web console in Red Hat JBoss Operations Network (JON) before 3.3.7 does not properly authorize requests to add users with the super user role, which allows remote authenticated users to gain admin privileges via a crafted POST request. La consola web en Red Hat JBoss Operations Network (JON) en versiones anteriores a 3.3.7 no autoriza adecuadamente peticiones para agregar usuarios con el rol de superusuario, lo que permite a usuarios remotos autenticados obtener privilegios de administrador a través de una petición POST manipulada. It was found that JBoss Operations Network allowed regular users to add a new super user by sending a specially crafted request to the web console. This attacks allows escalation of privileges. • http://rhn.redhat.com/errata/RHSA-2016-1785.html http://www.securityfocus.com/bid/92722 https://access.redhat.com/security/cve/CVE-2016-5422 https://bugzilla.redhat.com/show_bug.cgi?id=1361933 • CWE-264: Permissions, Privileges, and Access Controls CWE-285: Improper Authorization •
CVE-2016-3737
https://notcve.org/view.php?id=CVE-2016-3737
The server in Red Hat JBoss Operations Network (JON) before 3.3.6 allows remote attackers to execute arbitrary code via a crafted HTTP request, related to message deserialization. El servidor en Red Hat JBoss Operations Network (JON) en versiones anteriores a 3.3.6 permite a atacantes remotos ejecutar código arbitrario a traves una petición HTTP manipulada, relacionado con deserialización de mensaje. • http://rhn.redhat.com/errata/RHSA-2016-1519.html http://www.securitytracker.com/id/1036507 https://bugzilla.redhat.com/show_bug.cgi?id=1333618 https://www.tenable.com/security/research/tra-2016-22 • CWE-20: Improper Input Validation •
CVE-2013-2165 – RichFaces: Remote code execution due to insecure deserialization
https://notcve.org/view.php?id=CVE-2013-2165
ResourceBuilderImpl.java in the RichFaces 3.x through 5.x implementation in Red Hat JBoss Web Framework Kit before 2.3.0, Red Hat JBoss Web Platform through 5.2.0, Red Hat JBoss Enterprise Application Platform through 4.3.0 CP10 and 5.x through 5.2.0, Red Hat JBoss BRMS through 5.3.1, Red Hat JBoss SOA Platform through 4.3.0 CP05 and 5.x through 5.3.1, Red Hat JBoss Portal through 4.3 CP07 and 5.x through 5.2.2, and Red Hat JBoss Operations Network through 2.4.2 and 3.x through 3.1.2 does not restrict the classes for which deserialization methods can be called, which allows remote attackers to execute arbitrary code via crafted serialized data. ResourceBuilderImpl.java en la implementación de RichFaces 3.x a 5.x en la implementación de Red Hat JBoss Web Framework Kit anterior a 2.3.0, Red Hat JBoss Web Platform a 5.2.0, Red Hat JBoss Enterprise Application Platform a 4.3.0 CP10 y 5.x a la 5.2.0, Red Hat JBoss BRMS hasta la 5.3.1, Red Hat JBoss SOA Platform hasta la 4.3.0 CP05 y 5.x hasta la 5.3.1, Red Hat JBoss Portal hasta la 4.3 CP07 y 5.x hasta 5.2.2, y Red Hat JBoss Operations Network hasta 2.4.2 y 3.x hasta la 3.1.2, no restringe las clases para la deserialización de los métodos que pueden ser invocados, lo que permite a atacantes remotos ejecutar código arbitrario a través de datos serializados. • https://github.com/Pastea/CVE-2013-2165 http://jvn.jp/en/jp/JVN38787103/index.html http://jvndb.jvn.jp/jvndb/JVNDB-2013-000072 http://packetstormsecurity.com/files/156663/Richsploit-RichFaces-Exploitation-Toolkit.html http://rhn.redhat.com/errata/RHSA-2013-1041.html http://rhn.redhat.com/errata/RHSA-2013-1042.html http://rhn.redhat.com/errata/RHSA-2013-1043.html http://rhn.redhat.com/errata/RHSA-2013-1044.html http://rhn.redhat.com/errata/RHSA-2013-1045.html http:/ • CWE-264: Permissions, Privileges, and Access Controls CWE-502: Deserialization of Untrusted Data •