Search criteria
16 vulnerabilities by jboss
CVE-2014-3655 (GCVE-0-2014-3655)
Vulnerability from cvelistv5 – Published: 2019-11-13 15:45 – Updated: 2024-08-06 10:50
VLAI?
Summary
JBoss KeyCloak is vulnerable to soft token deletion via CSRF
Severity ?
No CVSS data available.
CWE
- Soft Token deletion via CSRF
Assigner
References
| URL | Tags | ||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T10:50:18.303Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2014-3655"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://access.redhat.com/security/cve/cve-2014-3655"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://snyk.io/vuln/SNYK-JAVA-ORGKEYCLOAK-30138"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "KeyCloak",
"vendor": "JBoss",
"versions": [
{
"status": "affected",
"version": "Fixed in version 1.1.0-Alpha1"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "JBoss KeyCloak is vulnerable to soft token deletion via CSRF"
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Soft Token deletion via CSRF",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2019-11-13T15:45:32",
"orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"shortName": "redhat"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2014-3655"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://access.redhat.com/security/cve/cve-2014-3655"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://snyk.io/vuln/SNYK-JAVA-ORGKEYCLOAK-30138"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "secalert@redhat.com",
"ID": "CVE-2014-3655",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "KeyCloak",
"version": {
"version_data": [
{
"version_value": "Fixed in version 1.1.0-Alpha1"
}
]
}
}
]
},
"vendor_name": "JBoss"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "JBoss KeyCloak is vulnerable to soft token deletion via CSRF"
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Soft Token deletion via CSRF"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2014-3655",
"refsource": "MISC",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2014-3655"
},
{
"name": "https://access.redhat.com/security/cve/cve-2014-3655",
"refsource": "MISC",
"url": "https://access.redhat.com/security/cve/cve-2014-3655"
},
{
"name": "https://snyk.io/vuln/SNYK-JAVA-ORGKEYCLOAK-30138",
"refsource": "MISC",
"url": "https://snyk.io/vuln/SNYK-JAVA-ORGKEYCLOAK-30138"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"assignerShortName": "redhat",
"cveId": "CVE-2014-3655",
"datePublished": "2019-11-13T15:45:32",
"dateReserved": "2014-05-14T00:00:00",
"dateUpdated": "2024-08-06T10:50:18.303Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2014-3649 (GCVE-0-2014-3649)
Vulnerability from cvelistv5 – Published: 2019-11-04 14:02 – Updated: 2024-08-06 10:50
VLAI?
Summary
JBoss AeroGear has reflected XSS via the password field
Severity ?
No CVSS data available.
CWE
- reflected XSS via password field of the login page
Assigner
References
| URL | Tags | |||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T10:50:17.942Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2014-3649"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://access.redhat.com/security/cve/cve-2014-3649"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "AeroGear",
"vendor": "JBoss",
"versions": [
{
"status": "affected",
"version": "through 2014-09-19"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "JBoss AeroGear has reflected XSS via the password field"
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "reflected XSS via password field of the login page",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2019-11-04T14:02:24",
"orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"shortName": "redhat"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2014-3649"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://access.redhat.com/security/cve/cve-2014-3649"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"assignerShortName": "redhat",
"cveId": "CVE-2014-3649",
"datePublished": "2019-11-04T14:02:24",
"dateReserved": "2014-05-14T00:00:00",
"dateUpdated": "2024-08-06T10:50:17.942Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2016-8656 (GCVE-0-2016-8656)
Vulnerability from cvelistv5 – Published: 2018-05-22 17:00 – Updated: 2024-08-06 02:27
VLAI?
Summary
Jboss jbossas before versions 5.2.0-23, 6.4.13, 7.0.5 is vulnerable to an unsafe file handling in the jboss init script which could result in local privilege escalation.
Severity ?
CWE
Assigner
References
Impacted products
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T02:27:41.215Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "RHSA-2017:0250",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "http://rhn.redhat.com/errata/RHSA-2017-0250.html"
},
{
"name": "RHSA-2017:0831",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "http://rhn.redhat.com/errata/RHSA-2017-0831.html"
},
{
"name": "RHSA-2017:0834",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "http://rhn.redhat.com/errata/RHSA-2017-0834.html"
},
{
"name": "RHSA-2017:3458",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "https://access.redhat.com/errata/RHSA-2017:3458"
},
{
"name": "RHSA-2018:1609",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "https://access.redhat.com/errata/RHSA-2018:1609"
},
{
"name": "RHSA-2017:0832",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "http://rhn.redhat.com/errata/RHSA-2017-0832.html"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2016-8656"
},
{
"name": "96035",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/96035"
},
{
"name": "RHSA-2017:0244",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "http://rhn.redhat.com/errata/RHSA-2017-0244.html"
},
{
"name": "RHSA-2017:0246",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "http://rhn.redhat.com/errata/RHSA-2017-0246.html"
},
{
"name": "RHSA-2017:3455",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "https://access.redhat.com/errata/RHSA-2017:3455"
},
{
"name": "RHSA-2017:3454",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "https://access.redhat.com/errata/RHSA-2017:3454"
},
{
"name": "RHSA-2017:0245",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "http://rhn.redhat.com/errata/RHSA-2017-0245.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "jbossas",
"vendor": "jboss",
"versions": [
{
"status": "affected",
"version": "jbossas 5.2.0-23"
},
{
"status": "affected",
"version": "jbossas 6.4.13"
},
{
"status": "affected",
"version": "jbossas 7.0.5"
}
]
}
],
"datePublic": "2016-11-30T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Jboss jbossas before versions 5.2.0-23, 6.4.13, 7.0.5 is vulnerable to an unsafe file handling in the jboss init script which could result in local privilege escalation."
}
],
"metrics": [
{
"cvssV3_0": {
"attackComplexity": "HIGH",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-284",
"description": "CWE-284",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-05-23T09:57:01",
"orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"shortName": "redhat"
},
"references": [
{
"name": "RHSA-2017:0250",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "http://rhn.redhat.com/errata/RHSA-2017-0250.html"
},
{
"name": "RHSA-2017:0831",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "http://rhn.redhat.com/errata/RHSA-2017-0831.html"
},
{
"name": "RHSA-2017:0834",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "http://rhn.redhat.com/errata/RHSA-2017-0834.html"
},
{
"name": "RHSA-2017:3458",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2017:3458"
},
{
"name": "RHSA-2018:1609",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2018:1609"
},
{
"name": "RHSA-2017:0832",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "http://rhn.redhat.com/errata/RHSA-2017-0832.html"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2016-8656"
},
{
"name": "96035",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/96035"
},
{
"name": "RHSA-2017:0244",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "http://rhn.redhat.com/errata/RHSA-2017-0244.html"
},
{
"name": "RHSA-2017:0246",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "http://rhn.redhat.com/errata/RHSA-2017-0246.html"
},
{
"name": "RHSA-2017:3455",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2017:3455"
},
{
"name": "RHSA-2017:3454",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2017:3454"
},
{
"name": "RHSA-2017:0245",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "http://rhn.redhat.com/errata/RHSA-2017-0245.html"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "secalert@redhat.com",
"ID": "CVE-2016-8656",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "jbossas",
"version": {
"version_data": [
{
"version_value": "jbossas 5.2.0-23"
},
{
"version_value": "jbossas 6.4.13"
},
{
"version_value": "jbossas 7.0.5"
}
]
}
}
]
},
"vendor_name": "jboss"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Jboss jbossas before versions 5.2.0-23, 6.4.13, 7.0.5 is vulnerable to an unsafe file handling in the jboss init script which could result in local privilege escalation."
}
]
},
"impact": {
"cvss": [
[
{
"vectorString": "7.0/CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
}
],
[
{
"vectorString": "6.9/AV:L/AC:M/Au:N/C:C/I:C/A:C",
"version": "2.0"
}
]
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-284"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "RHSA-2017:0250",
"refsource": "REDHAT",
"url": "http://rhn.redhat.com/errata/RHSA-2017-0250.html"
},
{
"name": "RHSA-2017:0831",
"refsource": "REDHAT",
"url": "http://rhn.redhat.com/errata/RHSA-2017-0831.html"
},
{
"name": "RHSA-2017:0834",
"refsource": "REDHAT",
"url": "http://rhn.redhat.com/errata/RHSA-2017-0834.html"
},
{
"name": "RHSA-2017:3458",
"refsource": "REDHAT",
"url": "https://access.redhat.com/errata/RHSA-2017:3458"
},
{
"name": "RHSA-2018:1609",
"refsource": "REDHAT",
"url": "https://access.redhat.com/errata/RHSA-2018:1609"
},
{
"name": "RHSA-2017:0832",
"refsource": "REDHAT",
"url": "http://rhn.redhat.com/errata/RHSA-2017-0832.html"
},
{
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2016-8656",
"refsource": "CONFIRM",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2016-8656"
},
{
"name": "96035",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/96035"
},
{
"name": "RHSA-2017:0244",
"refsource": "REDHAT",
"url": "http://rhn.redhat.com/errata/RHSA-2017-0244.html"
},
{
"name": "RHSA-2017:0246",
"refsource": "REDHAT",
"url": "http://rhn.redhat.com/errata/RHSA-2017-0246.html"
},
{
"name": "RHSA-2017:3455",
"refsource": "REDHAT",
"url": "https://access.redhat.com/errata/RHSA-2017:3455"
},
{
"name": "RHSA-2017:3454",
"refsource": "REDHAT",
"url": "https://access.redhat.com/errata/RHSA-2017:3454"
},
{
"name": "RHSA-2017:0245",
"refsource": "REDHAT",
"url": "http://rhn.redhat.com/errata/RHSA-2017-0245.html"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"assignerShortName": "redhat",
"cveId": "CVE-2016-8656",
"datePublished": "2018-05-22T17:00:00",
"dateReserved": "2016-10-12T00:00:00",
"dateUpdated": "2024-08-06T02:27:41.215Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2018-1041 (GCVE-0-2018-1041)
Vulnerability from cvelistv5 – Published: 2018-02-15 17:00 – Updated: 2024-08-05 03:44
VLAI?
Summary
A vulnerability was found in the way RemoteMessageChannel, introduced in jboss-remoting versions 3.3.10, reads from an empty buffer. An attacker could use this flaw to cause denial of service via high CPU caused by an infinite loop.
Severity ?
No CVSS data available.
CWE
Assigner
References
| URL | Tags | |||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Red Hat, Inc. | jboss-remoting |
Affected:
since 3.3.10
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T03:44:11.948Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "44099",
"tags": [
"exploit",
"x_refsource_EXPLOIT-DB",
"x_transferred"
],
"url": "https://www.exploit-db.com/exploits/44099/"
},
{
"name": "RHSA-2018:0269",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "https://access.redhat.com/errata/RHSA-2018:0269"
},
{
"name": "RHSA-2018:0270",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "https://access.redhat.com/errata/RHSA-2018:0270"
},
{
"name": "RHSA-2018:0271",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "https://access.redhat.com/errata/RHSA-2018:0271"
},
{
"name": "RHSA-2018:0268",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "https://access.redhat.com/errata/RHSA-2018:0268"
},
{
"name": "RHSA-2018:0275",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "https://access.redhat.com/errata/RHSA-2018:0275"
},
{
"name": "1040323",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://www.securitytracker.com/id/1040323"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1530457"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "jboss-remoting",
"vendor": "Red Hat, Inc.",
"versions": [
{
"status": "affected",
"version": "since 3.3.10"
}
]
}
],
"datePublic": "2018-02-05T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "A vulnerability was found in the way RemoteMessageChannel, introduced in jboss-remoting versions 3.3.10, reads from an empty buffer. An attacker could use this flaw to cause denial of service via high CPU caused by an infinite loop."
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-835",
"description": "CWE-835",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-02-18T10:57:01",
"orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"shortName": "redhat"
},
"references": [
{
"name": "44099",
"tags": [
"exploit",
"x_refsource_EXPLOIT-DB"
],
"url": "https://www.exploit-db.com/exploits/44099/"
},
{
"name": "RHSA-2018:0269",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2018:0269"
},
{
"name": "RHSA-2018:0270",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2018:0270"
},
{
"name": "RHSA-2018:0271",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2018:0271"
},
{
"name": "RHSA-2018:0268",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2018:0268"
},
{
"name": "RHSA-2018:0275",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2018:0275"
},
{
"name": "1040323",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://www.securitytracker.com/id/1040323"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1530457"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"assignerShortName": "redhat",
"cveId": "CVE-2018-1041",
"datePublished": "2018-02-15T17:00:00Z",
"dateReserved": "2017-12-04T00:00:00",
"dateUpdated": "2024-08-05T03:44:11.948Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2016-2094 (GCVE-0-2016-2094)
Vulnerability from cvelistv5 – Published: 2016-05-06 17:00 – Updated: 2024-08-05 23:17
VLAI?
Summary
The HTTPS NIO Connector allows remote attackers to cause a denial of service (thread consumption) by opening a socket and not sending an SSL handshake, aka a read-timeout vulnerability.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | |||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T23:17:50.584Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "RHSA-2016:0599",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "http://rhn.redhat.com/errata/RHSA-2016-0599.html"
},
{
"name": "RHSA-2016:0596",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "http://rhn.redhat.com/errata/RHSA-2016-0596.html"
},
{
"name": "RHSA-2016:0595",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "http://rhn.redhat.com/errata/RHSA-2016-0595.html"
},
{
"name": "RHSA-2016:0598",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "http://rhn.redhat.com/errata/RHSA-2016-0598.html"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1308465"
},
{
"name": "RHSA-2016:0597",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "http://rhn.redhat.com/errata/RHSA-2016-0597.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2016-04-05T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "The HTTPS NIO Connector allows remote attackers to cause a denial of service (thread consumption) by opening a socket and not sending an SSL handshake, aka a read-timeout vulnerability."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2016-05-06T16:57:01",
"orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"shortName": "redhat"
},
"references": [
{
"name": "RHSA-2016:0599",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "http://rhn.redhat.com/errata/RHSA-2016-0599.html"
},
{
"name": "RHSA-2016:0596",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "http://rhn.redhat.com/errata/RHSA-2016-0596.html"
},
{
"name": "RHSA-2016:0595",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "http://rhn.redhat.com/errata/RHSA-2016-0595.html"
},
{
"name": "RHSA-2016:0598",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "http://rhn.redhat.com/errata/RHSA-2016-0598.html"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1308465"
},
{
"name": "RHSA-2016:0597",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "http://rhn.redhat.com/errata/RHSA-2016-0597.html"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"assignerShortName": "redhat",
"cveId": "CVE-2016-2094",
"datePublished": "2016-05-06T17:00:00",
"dateReserved": "2016-01-29T00:00:00",
"dateUpdated": "2024-08-05T23:17:50.584Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2014-0170 (GCVE-0-2014-0170)
Vulnerability from cvelistv5 – Published: 2014-09-30 14:00 – Updated: 2024-08-06 09:05
VLAI?
Summary
Teiid before 8.4.3 and before 8.7 and Red Hat JBoss Data Virtualization 6.0.0 before patch 3 allows remote attackers to read arbitrary files via a crafted request to a REST endpoint, related to an XML External Entity (XXE) issue.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | ||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T09:05:39.161Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "jboss-data-cve20140170-info-disc(96192)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/96192"
},
{
"name": "61530",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/61530"
},
{
"name": "1030886",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://www.securitytracker.com/id/1030886"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://issues.jboss.org/browse/TEIID-2911"
},
{
"name": "RHSA-2014:1284",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "http://rhn.redhat.com/errata/RHSA-2014-1284.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2014-03-31T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Teiid before 8.4.3 and before 8.7 and Red Hat JBoss Data Virtualization 6.0.0 before patch 3 allows remote attackers to read arbitrary files via a crafted request to a REST endpoint, related to an XML External Entity (XXE) issue."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-08-28T12:57:01",
"orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"shortName": "redhat"
},
"references": [
{
"name": "jboss-data-cve20140170-info-disc(96192)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/96192"
},
{
"name": "61530",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/61530"
},
{
"name": "1030886",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://www.securitytracker.com/id/1030886"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://issues.jboss.org/browse/TEIID-2911"
},
{
"name": "RHSA-2014:1284",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "http://rhn.redhat.com/errata/RHSA-2014-1284.html"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"assignerShortName": "redhat",
"cveId": "CVE-2014-0170",
"datePublished": "2014-09-30T14:00:00",
"dateReserved": "2013-12-03T00:00:00",
"dateUpdated": "2024-08-06T09:05:39.161Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2012-3428 (GCVE-0-2012-3428)
Vulnerability from cvelistv5 – Published: 2012-12-20 11:00 – Updated: 2024-08-06 20:05
VLAI?
Summary
The IronJacamar container before 1.0.12.Final for JBoss Application Server, when allow-multiple-users is enabled in conjunction with a security domain, does not use the credentials supplied in a getConnection function call, which allows remote attackers to obtain access to an arbitrary datasource connection in opportunistic circumstances via an invalid connection attempt.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | |||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T20:05:12.444Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://issues.jboss.org/browse/JBPAPP-9584"
},
{
"name": "RHSA-2012:1594",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "http://rhn.redhat.com/errata/RHSA-2012-1594.html"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://issues.jboss.org/browse/JBJCA-864"
},
{
"name": "51607",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/51607"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://issues.jboss.org/secure/ReleaseNote.jspa?projectId=12310691\u0026version=12319522"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=843358"
},
{
"name": "RHSA-2012:1592",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "http://rhn.redhat.com/errata/RHSA-2012-1592.html"
},
{
"name": "RHSA-2012:1591",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "http://rhn.redhat.com/errata/RHSA-2012-1591.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2012-08-02T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "The IronJacamar container before 1.0.12.Final for JBoss Application Server, when allow-multiple-users is enabled in conjunction with a security domain, does not use the credentials supplied in a getConnection function call, which allows remote attackers to obtain access to an arbitrary datasource connection in opportunistic circumstances via an invalid connection attempt."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2013-01-08T10:00:00",
"orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"shortName": "redhat"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://issues.jboss.org/browse/JBPAPP-9584"
},
{
"name": "RHSA-2012:1594",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "http://rhn.redhat.com/errata/RHSA-2012-1594.html"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://issues.jboss.org/browse/JBJCA-864"
},
{
"name": "51607",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/51607"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://issues.jboss.org/secure/ReleaseNote.jspa?projectId=12310691\u0026version=12319522"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=843358"
},
{
"name": "RHSA-2012:1592",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "http://rhn.redhat.com/errata/RHSA-2012-1592.html"
},
{
"name": "RHSA-2012:1591",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "http://rhn.redhat.com/errata/RHSA-2012-1591.html"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"assignerShortName": "redhat",
"cveId": "CVE-2012-3428",
"datePublished": "2012-12-20T11:00:00",
"dateReserved": "2012-06-14T00:00:00",
"dateUpdated": "2024-08-06T20:05:12.444Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2008-3273 (GCVE-0-2008-3273)
Vulnerability from cvelistv5 – Published: 2008-08-10 20:00 – Updated: 2024-08-07 09:28
VLAI?
Summary
JBoss Enterprise Application Platform (aka JBossEAP or EAP) before 4.2.0.CP03, and 4.3.0 before 4.3.0.CP01, allows remote attackers to obtain sensitive information about "deployed web contexts" via a request to the status servlet, as demonstrated by a full=true query string.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | ||||||||||||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||||||||||||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T09:28:41.976Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "RHSA-2008:0828",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "http://rhn.redhat.com/errata/RHSA-2008-0828.html"
},
{
"name": "RHSA-2008:0826",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "http://rhn.redhat.com/errata/RHSA-2008-0826.html"
},
{
"name": "HPSBMU02736",
"tags": [
"vendor-advisory",
"x_refsource_HP",
"x_transferred"
],
"url": "http://marc.info/?l=bugtraq\u0026m=132698550418872\u0026w=2"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.redhat.com/docs/en-US/JBoss_Enterprise_Application_Platform/4.2.0.cp03/html-single/readme/index.html"
},
{
"name": "jbosseap-statusservlet-info-disclosure(44235)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/44235"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=457757"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.redhat.com/docs/en-US/JBoss_Enterprise_Application_Platform/4.3.0.cp01/html-single/readme/"
},
{
"name": "RHSA-2008:0827",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "http://rhn.redhat.com/errata/RHSA-2008-0827.html"
},
{
"name": "SSRT100699",
"tags": [
"vendor-advisory",
"x_refsource_HP",
"x_transferred"
],
"url": "http://marc.info/?l=bugtraq\u0026m=132698550418872\u0026w=2"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://jira.jboss.org/jira/browse/JBPAPP-544"
},
{
"name": "RHSA-2008:0825",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "http://rhn.redhat.com/errata/RHSA-2008-0825.html"
},
{
"name": "1020628",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://www.securitytracker.com/id?1020628"
},
{
"name": "30540",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/30540"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2008-08-05T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "JBoss Enterprise Application Platform (aka JBossEAP or EAP) before 4.2.0.CP03, and 4.3.0 before 4.3.0.CP01, allows remote attackers to obtain sensitive information about \"deployed web contexts\" via a request to the status servlet, as demonstrated by a full=true query string."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-08-07T12:57:01",
"orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"shortName": "redhat"
},
"references": [
{
"name": "RHSA-2008:0828",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "http://rhn.redhat.com/errata/RHSA-2008-0828.html"
},
{
"name": "RHSA-2008:0826",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "http://rhn.redhat.com/errata/RHSA-2008-0826.html"
},
{
"name": "HPSBMU02736",
"tags": [
"vendor-advisory",
"x_refsource_HP"
],
"url": "http://marc.info/?l=bugtraq\u0026m=132698550418872\u0026w=2"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.redhat.com/docs/en-US/JBoss_Enterprise_Application_Platform/4.2.0.cp03/html-single/readme/index.html"
},
{
"name": "jbosseap-statusservlet-info-disclosure(44235)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/44235"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=457757"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.redhat.com/docs/en-US/JBoss_Enterprise_Application_Platform/4.3.0.cp01/html-single/readme/"
},
{
"name": "RHSA-2008:0827",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "http://rhn.redhat.com/errata/RHSA-2008-0827.html"
},
{
"name": "SSRT100699",
"tags": [
"vendor-advisory",
"x_refsource_HP"
],
"url": "http://marc.info/?l=bugtraq\u0026m=132698550418872\u0026w=2"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://jira.jboss.org/jira/browse/JBPAPP-544"
},
{
"name": "RHSA-2008:0825",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "http://rhn.redhat.com/errata/RHSA-2008-0825.html"
},
{
"name": "1020628",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://www.securitytracker.com/id?1020628"
},
{
"name": "30540",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/30540"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"assignerShortName": "redhat",
"cveId": "CVE-2008-3273",
"datePublished": "2008-08-10T20:00:00",
"dateReserved": "2008-07-24T00:00:00",
"dateUpdated": "2024-08-07T09:28:41.976Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2007-6433 (GCVE-0-2007-6433)
Vulnerability from cvelistv5 – Published: 2007-12-18 20:00 – Updated: 2024-08-07 16:02
VLAI?
Summary
The getRenderedEjbql method in the org.jboss.seam.framework.Query class in JBoss Seam 2.x before 2.0.0.CR3 allows remote attackers to inject and execute arbitrary EJBQL commands via the order parameter.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | ||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T16:02:36.381Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://sourceforge.net/project/shownotes.php?release_id=549490\u0026group_id=22866"
},
{
"name": "RHSA-2008:0213",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "http://www.redhat.com/support/errata/RHSA-2008-0213.html"
},
{
"name": "RHSA-2008:0151",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "http://www.redhat.com/support/errata/RHSA-2008-0151.html"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://jira.jboss.com/jira/browse/JBSEAM-2084"
},
{
"name": "26850",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/26850"
},
{
"name": "42631",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://osvdb.org/42631"
},
{
"name": "ADV-2007-4215",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2007/4215"
},
{
"name": "RHSA-2008:0158",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "http://www.redhat.com/support/errata/RHSA-2008-0158.html"
},
{
"name": "28077",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/28077"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2007-10-12T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "The getRenderedEjbql method in the org.jboss.seam.framework.Query class in JBoss Seam 2.x before 2.0.0.CR3 allows remote attackers to inject and execute arbitrary EJBQL commands via the order parameter."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2008-04-08T09:00:00",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://sourceforge.net/project/shownotes.php?release_id=549490\u0026group_id=22866"
},
{
"name": "RHSA-2008:0213",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "http://www.redhat.com/support/errata/RHSA-2008-0213.html"
},
{
"name": "RHSA-2008:0151",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "http://www.redhat.com/support/errata/RHSA-2008-0151.html"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://jira.jboss.com/jira/browse/JBSEAM-2084"
},
{
"name": "26850",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/26850"
},
{
"name": "42631",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://osvdb.org/42631"
},
{
"name": "ADV-2007-4215",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2007/4215"
},
{
"name": "RHSA-2008:0158",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "http://www.redhat.com/support/errata/RHSA-2008-0158.html"
},
{
"name": "28077",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/28077"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2007-6433",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The getRenderedEjbql method in the org.jboss.seam.framework.Query class in JBoss Seam 2.x before 2.0.0.CR3 allows remote attackers to inject and execute arbitrary EJBQL commands via the order parameter."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://sourceforge.net/project/shownotes.php?release_id=549490\u0026group_id=22866",
"refsource": "CONFIRM",
"url": "http://sourceforge.net/project/shownotes.php?release_id=549490\u0026group_id=22866"
},
{
"name": "RHSA-2008:0213",
"refsource": "REDHAT",
"url": "http://www.redhat.com/support/errata/RHSA-2008-0213.html"
},
{
"name": "RHSA-2008:0151",
"refsource": "REDHAT",
"url": "http://www.redhat.com/support/errata/RHSA-2008-0151.html"
},
{
"name": "http://jira.jboss.com/jira/browse/JBSEAM-2084",
"refsource": "CONFIRM",
"url": "http://jira.jboss.com/jira/browse/JBSEAM-2084"
},
{
"name": "26850",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/26850"
},
{
"name": "42631",
"refsource": "OSVDB",
"url": "http://osvdb.org/42631"
},
{
"name": "ADV-2007-4215",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2007/4215"
},
{
"name": "RHSA-2008:0158",
"refsource": "REDHAT",
"url": "http://www.redhat.com/support/errata/RHSA-2008-0158.html"
},
{
"name": "28077",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/28077"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2007-6433",
"datePublished": "2007-12-18T20:00:00",
"dateReserved": "2007-12-18T00:00:00",
"dateUpdated": "2024-08-07T16:02:36.381Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2007-1354 (GCVE-0-2007-1354)
Vulnerability from cvelistv5 – Published: 2007-07-27 21:00 – Updated: 2024-08-07 12:50
VLAI?
Summary
The Access Control functionality (JMXOpsAccessControlFilter) in JMX Console in JBoss Application Server 4.0.2 and 4.0.5 before 20070416 uses a member variable to store the roles of the current user, which allows remote authenticated administrators to trigger a race condition and gain privileges by logging in during a session by a more privileged administrator, as demonstrated by privilege escalation from Read Mode to Write Mode.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | ||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T12:50:35.274Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "RHSA-2007:0151",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "http://rhn.redhat.com/errata/RHSA-2007-0151.html"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://jira.jboss.com/jira/browse/ASPATCH-172"
},
{
"name": "[jboss-watch-list] 20070416 [RHSA-2007:0151-01] Low: JBoss Application Server security update",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://www.redhat.com/archives/jboss-watch-list/2007-April/msg00000.html"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://jira.jboss.com/jira/browse/ASPATCH-175"
},
{
"name": "46765",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://osvdb.org/46765"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2007-04-16T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "The Access Control functionality (JMXOpsAccessControlFilter) in JMX Console in JBoss Application Server 4.0.2 and 4.0.5 before 20070416 uses a member variable to store the roles of the current user, which allows remote authenticated administrators to trigger a race condition and gain privileges by logging in during a session by a more privileged administrator, as demonstrated by privilege escalation from Read Mode to Write Mode."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2008-11-13T10:00:00",
"orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"shortName": "redhat"
},
"references": [
{
"name": "RHSA-2007:0151",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "http://rhn.redhat.com/errata/RHSA-2007-0151.html"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://jira.jboss.com/jira/browse/ASPATCH-172"
},
{
"name": "[jboss-watch-list] 20070416 [RHSA-2007:0151-01] Low: JBoss Application Server security update",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://www.redhat.com/archives/jboss-watch-list/2007-April/msg00000.html"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://jira.jboss.com/jira/browse/ASPATCH-175"
},
{
"name": "46765",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://osvdb.org/46765"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"assignerShortName": "redhat",
"cveId": "CVE-2007-1354",
"datePublished": "2007-07-27T21:00:00",
"dateReserved": "2007-03-08T00:00:00",
"dateUpdated": "2024-08-07T12:50:35.274Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2007-1157 (GCVE-0-2007-1157)
Vulnerability from cvelistv5 – Published: 2007-02-27 18:00 – Updated: 2024-08-07 12:43
VLAI?
Summary
Cross-site request forgery (CSRF) vulnerability in jmx-console/HtmlAdaptor in JBoss allows remote attackers to perform privileged actions as administrators via certain MBean operations, a different vulnerability than CVE-2006-3733.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | |||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T12:43:22.580Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "33142",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://osvdb.org/33142"
},
{
"name": "jboss-jmxconsole-csrf(32673)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/32673"
},
{
"name": "20070222 JBoss jmx-console CSRF",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://www.securityfocus.com/archive/1/460934/100/0/threaded"
},
{
"name": "20070223 Re: JBoss jmx-console CSRF",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://www.securityfocus.com/archive/1/461004/100/0/threaded"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2007-02-22T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Cross-site request forgery (CSRF) vulnerability in jmx-console/HtmlAdaptor in JBoss allows remote attackers to perform privileged actions as administrators via certain MBean operations, a different vulnerability than CVE-2006-3733."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-10-16T14:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "33142",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://osvdb.org/33142"
},
{
"name": "jboss-jmxconsole-csrf(32673)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/32673"
},
{
"name": "20070222 JBoss jmx-console CSRF",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://www.securityfocus.com/archive/1/460934/100/0/threaded"
},
{
"name": "20070223 Re: JBoss jmx-console CSRF",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://www.securityfocus.com/archive/1/461004/100/0/threaded"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2007-1157",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Cross-site request forgery (CSRF) vulnerability in jmx-console/HtmlAdaptor in JBoss allows remote attackers to perform privileged actions as administrators via certain MBean operations, a different vulnerability than CVE-2006-3733."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "33142",
"refsource": "OSVDB",
"url": "http://osvdb.org/33142"
},
{
"name": "jboss-jmxconsole-csrf(32673)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/32673"
},
{
"name": "20070222 JBoss jmx-console CSRF",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/460934/100/0/threaded"
},
{
"name": "20070223 Re: JBoss jmx-console CSRF",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/461004/100/0/threaded"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2007-1157",
"datePublished": "2007-02-27T18:00:00",
"dateReserved": "2007-02-27T00:00:00",
"dateUpdated": "2024-08-07T12:43:22.580Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2007-1036 (GCVE-0-2007-1036)
Vulnerability from cvelistv5 – Published: 2007-02-21 11:00 – Updated: 2024-08-07 12:43
VLAI?
Summary
The default configuration of JBoss does not restrict access to the (1) console and (2) web management interfaces, which allows remote attackers to bypass authentication and gain administrative access via direct requests.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | ||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T12:43:22.417Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://wiki.jboss.org/wiki/Wiki.jsp?page=SecureJBoss"
},
{
"name": "1017677",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://www.securitytracker.com/id?1017677"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://wiki.jboss.org/wiki/Wiki.jsp?page=SecureTheJmxConsole"
},
{
"name": "jboss-admin-unauth-access(32596)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/32596"
},
{
"name": "VU#632656",
"tags": [
"third-party-advisory",
"x_refsource_CERT-VN",
"x_transferred"
],
"url": "http://www.kb.cert.org/vuls/id/632656"
},
{
"name": "20070220 Jboss vulnerability",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://www.securityfocus.com/archive/1/460597/100/0/threaded"
},
{
"name": "33744",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://osvdb.org/33744"
},
{
"name": "20070220 Re: Jboss vulnerability",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://www.securityfocus.com/archive/1/460605/100/0/threaded"
},
{
"name": "20070220 Re: Jboss vulnerability",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://www.securityfocus.com/archive/1/460695/100/0/threaded"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2007-02-20T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "The default configuration of JBoss does not restrict access to the (1) console and (2) web management interfaces, which allows remote attackers to bypass authentication and gain administrative access via direct requests."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-10-16T14:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "http://wiki.jboss.org/wiki/Wiki.jsp?page=SecureJBoss"
},
{
"name": "1017677",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://www.securitytracker.com/id?1017677"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://wiki.jboss.org/wiki/Wiki.jsp?page=SecureTheJmxConsole"
},
{
"name": "jboss-admin-unauth-access(32596)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/32596"
},
{
"name": "VU#632656",
"tags": [
"third-party-advisory",
"x_refsource_CERT-VN"
],
"url": "http://www.kb.cert.org/vuls/id/632656"
},
{
"name": "20070220 Jboss vulnerability",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://www.securityfocus.com/archive/1/460597/100/0/threaded"
},
{
"name": "33744",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://osvdb.org/33744"
},
{
"name": "20070220 Re: Jboss vulnerability",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://www.securityfocus.com/archive/1/460605/100/0/threaded"
},
{
"name": "20070220 Re: Jboss vulnerability",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://www.securityfocus.com/archive/1/460695/100/0/threaded"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2007-1036",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The default configuration of JBoss does not restrict access to the (1) console and (2) web management interfaces, which allows remote attackers to bypass authentication and gain administrative access via direct requests."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://wiki.jboss.org/wiki/Wiki.jsp?page=SecureJBoss",
"refsource": "MISC",
"url": "http://wiki.jboss.org/wiki/Wiki.jsp?page=SecureJBoss"
},
{
"name": "1017677",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id?1017677"
},
{
"name": "http://wiki.jboss.org/wiki/Wiki.jsp?page=SecureTheJmxConsole",
"refsource": "MISC",
"url": "http://wiki.jboss.org/wiki/Wiki.jsp?page=SecureTheJmxConsole"
},
{
"name": "jboss-admin-unauth-access(32596)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/32596"
},
{
"name": "VU#632656",
"refsource": "CERT-VN",
"url": "http://www.kb.cert.org/vuls/id/632656"
},
{
"name": "20070220 Jboss vulnerability",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/460597/100/0/threaded"
},
{
"name": "33744",
"refsource": "OSVDB",
"url": "http://osvdb.org/33744"
},
{
"name": "20070220 Re: Jboss vulnerability",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/460605/100/0/threaded"
},
{
"name": "20070220 Re: Jboss vulnerability",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/460695/100/0/threaded"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2007-1036",
"datePublished": "2007-02-21T11:00:00",
"dateReserved": "2007-02-20T00:00:00",
"dateUpdated": "2024-08-07T12:43:22.417Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2006-5750 (GCVE-0-2006-5750)
Vulnerability from cvelistv5 – Published: 2006-11-27 20:00 – Updated: 2024-08-07 20:04
VLAI?
Summary
Directory traversal vulnerability in the DeploymentFileRepository class in JBoss Application Server (jbossas) 3.2.4 through 4.0.5 allows remote authenticated users to read or modify arbitrary files, and possibly execute arbitrary code, via unspecified vectors related to the console manager.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | |||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T20:04:54.589Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "23984",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/23984"
},
{
"name": "ADV-2008-1155",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2008/1155/references"
},
{
"name": "SSRT080018",
"tags": [
"vendor-advisory",
"x_refsource_HP",
"x_transferred"
],
"url": "http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c01390402"
},
{
"name": "RHSA-2006:0743",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "http://www.redhat.com/support/errata/RHSA-2006-0743.html"
},
{
"name": "30767",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://www.osvdb.org/30767"
},
{
"name": "21219",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/21219"
},
{
"name": "ADV-2006-4724",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2006/4724"
},
{
"name": "23095",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/23095"
},
{
"name": "HPSBST02318",
"tags": [
"vendor-advisory",
"x_refsource_HP",
"x_transferred"
],
"url": "http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c01390402"
},
{
"name": "29726",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/29726"
},
{
"name": "20061128 Re: SYMSA-2006-011: JBoss Java Class DeploymentFileRepository Directory Traversal",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://www.securityfocus.com/archive/1/452862/100/100/threaded"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://jira.jboss.com/jira/browse/ASPATCH-126"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://secure-support.novell.com/KanisaPlatform/Publishing/719/3024921_f.SAL_Public.html"
},
{
"name": "1017289",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://securitytracker.com/id?1017289"
},
{
"name": "SUSE-SR:2007:002",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://www.novell.com/linux/security/advisories/2007_02_sr.html"
},
{
"name": "ADV-2007-0554",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2007/0554"
},
{
"name": "ADV-2006-4726",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2006/4726"
},
{
"name": "24104",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/24104"
},
{
"name": "20061127 SYMSA-2006-011: JBoss Java Class DeploymentFileRepository Directory Traversal",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://www.securityfocus.com/archive/1/452830/100/0/threaded"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://jira.jboss.com/jira/browse/JBAS-3861"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2006-11-27T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Directory traversal vulnerability in the DeploymentFileRepository class in JBoss Application Server (jbossas) 3.2.4 through 4.0.5 allows remote authenticated users to read or modify arbitrary files, and possibly execute arbitrary code, via unspecified vectors related to the console manager."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-10-17T20:57:01",
"orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"shortName": "redhat"
},
"references": [
{
"name": "23984",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/23984"
},
{
"name": "ADV-2008-1155",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2008/1155/references"
},
{
"name": "SSRT080018",
"tags": [
"vendor-advisory",
"x_refsource_HP"
],
"url": "http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c01390402"
},
{
"name": "RHSA-2006:0743",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "http://www.redhat.com/support/errata/RHSA-2006-0743.html"
},
{
"name": "30767",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://www.osvdb.org/30767"
},
{
"name": "21219",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/21219"
},
{
"name": "ADV-2006-4724",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2006/4724"
},
{
"name": "23095",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/23095"
},
{
"name": "HPSBST02318",
"tags": [
"vendor-advisory",
"x_refsource_HP"
],
"url": "http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c01390402"
},
{
"name": "29726",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/29726"
},
{
"name": "20061128 Re: SYMSA-2006-011: JBoss Java Class DeploymentFileRepository Directory Traversal",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://www.securityfocus.com/archive/1/452862/100/100/threaded"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://jira.jboss.com/jira/browse/ASPATCH-126"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://secure-support.novell.com/KanisaPlatform/Publishing/719/3024921_f.SAL_Public.html"
},
{
"name": "1017289",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://securitytracker.com/id?1017289"
},
{
"name": "SUSE-SR:2007:002",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://www.novell.com/linux/security/advisories/2007_02_sr.html"
},
{
"name": "ADV-2007-0554",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2007/0554"
},
{
"name": "ADV-2006-4726",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2006/4726"
},
{
"name": "24104",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/24104"
},
{
"name": "20061127 SYMSA-2006-011: JBoss Java Class DeploymentFileRepository Directory Traversal",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://www.securityfocus.com/archive/1/452830/100/0/threaded"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://jira.jboss.com/jira/browse/JBAS-3861"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"assignerShortName": "redhat",
"cveId": "CVE-2006-5750",
"datePublished": "2006-11-27T20:00:00",
"dateReserved": "2006-11-06T00:00:00",
"dateUpdated": "2024-08-07T20:04:54.589Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2005-2158 (GCVE-0-2005-2158)
Vulnerability from cvelistv5 – Published: 2005-07-06 04:00 – Updated: 2024-08-07 22:15
VLAI?
Summary
A regression error in the embedded HSQLDB in JBoss jBPM 2.0 allows remote attackers to execute arbitrary comands, a re-introduction of a vulnerability that was originally identified by CVE-2003-0845.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | |||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T22:15:37.623Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "20050703 JBoss jBPM 2.0: Remote code execution and classloader covert channel",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://marc.info/?l=bugtraq\u0026m=112051548512338\u0026w=2"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://www.illegalaccess.org/java/jboss.php"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2005-07-03T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "A regression error in the embedded HSQLDB in JBoss jBPM 2.0 allows remote attackers to execute arbitrary comands, a re-introduction of a vulnerability that was originally identified by CVE-2003-0845."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2016-10-17T13:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "20050703 JBoss jBPM 2.0: Remote code execution and classloader covert channel",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://marc.info/?l=bugtraq\u0026m=112051548512338\u0026w=2"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://www.illegalaccess.org/java/jboss.php"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2005-2158",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "A regression error in the embedded HSQLDB in JBoss jBPM 2.0 allows remote attackers to execute arbitrary comands, a re-introduction of a vulnerability that was originally identified by CVE-2003-0845."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "20050703 JBoss jBPM 2.0: Remote code execution and classloader covert channel",
"refsource": "BUGTRAQ",
"url": "http://marc.info/?l=bugtraq\u0026m=112051548512338\u0026w=2"
},
{
"name": "http://www.illegalaccess.org/java/jboss.php",
"refsource": "MISC",
"url": "http://www.illegalaccess.org/java/jboss.php"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2005-2158",
"datePublished": "2005-07-06T04:00:00",
"dateReserved": "2005-07-06T00:00:00",
"dateUpdated": "2024-08-07T22:15:37.623Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2005-2006 (GCVE-0-2005-2006)
Vulnerability from cvelistv5 – Published: 2005-06-20 04:00 – Updated: 2024-08-07 22:15
VLAI?
Summary
JBOSS 3.2.2 through 3.2.7 and 4.0.2 allows remote attackers to obtain sensitive information via a GET request (1) with a "%." (percent dot), which reveals the installation path or (2) with a % (percent) before a filename, which reveals the contents of the file.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | ||||||||||||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||||||||||||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T22:15:36.865Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "SSRT061108",
"tags": [
"vendor-advisory",
"x_refsource_HP",
"x_transferred"
],
"url": "http://www1.itrc.hp.com/service/cki/docDisplay.do?docId=c00597967"
},
{
"name": "ADV-2005-0815",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2005/0815"
},
{
"name": "15746",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/15746"
},
{
"name": "13985",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/13985"
},
{
"name": "20060720 Cisco MARS \u003c 4.2.1 remote compromise",
"tags": [
"mailing-list",
"x_refsource_FULLDISC",
"x_transferred"
],
"url": "http://archives.neohapsis.com/archives/fulldisclosure/2006-07/0424.html"
},
{
"name": "17559",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/17559"
},
{
"name": "18789",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/18789"
},
{
"name": "1015605",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://securitytracker.com/id?1015605"
},
{
"name": "20060720 Cisco MARS \u003c 4.2.1 remote compromise",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://www.securityfocus.com/archive/1/440641/100/100/threaded"
},
{
"name": "ADV-2006-0497",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2006/0497"
},
{
"name": "20050617 JBOSS 3.2.2-3.2.7 / 4.0.2 installation path disclosure / config disclosure / version fingerprinting",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://marc.info/?l=bugtraq\u0026m=111911095424496\u0026w=2"
},
{
"name": "439",
"tags": [
"third-party-advisory",
"x_refsource_SREASON",
"x_transferred"
],
"url": "http://securityreason.com/securityalert/439"
},
{
"name": "HPSBMA02096",
"tags": [
"vendor-advisory",
"x_refsource_HP",
"x_transferred"
],
"url": "http://www1.itrc.hp.com/service/cki/docDisplay.do?docId=c00597967"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2005-06-17T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "JBOSS 3.2.2 through 3.2.7 and 4.0.2 allows remote attackers to obtain sensitive information via a GET request (1) with a \"%.\" (percent dot), which reveals the installation path or (2) with a % (percent) before a filename, which reveals the contents of the file."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-10-19T14:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "SSRT061108",
"tags": [
"vendor-advisory",
"x_refsource_HP"
],
"url": "http://www1.itrc.hp.com/service/cki/docDisplay.do?docId=c00597967"
},
{
"name": "ADV-2005-0815",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2005/0815"
},
{
"name": "15746",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/15746"
},
{
"name": "13985",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/13985"
},
{
"name": "20060720 Cisco MARS \u003c 4.2.1 remote compromise",
"tags": [
"mailing-list",
"x_refsource_FULLDISC"
],
"url": "http://archives.neohapsis.com/archives/fulldisclosure/2006-07/0424.html"
},
{
"name": "17559",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/17559"
},
{
"name": "18789",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/18789"
},
{
"name": "1015605",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://securitytracker.com/id?1015605"
},
{
"name": "20060720 Cisco MARS \u003c 4.2.1 remote compromise",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://www.securityfocus.com/archive/1/440641/100/100/threaded"
},
{
"name": "ADV-2006-0497",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2006/0497"
},
{
"name": "20050617 JBOSS 3.2.2-3.2.7 / 4.0.2 installation path disclosure / config disclosure / version fingerprinting",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://marc.info/?l=bugtraq\u0026m=111911095424496\u0026w=2"
},
{
"name": "439",
"tags": [
"third-party-advisory",
"x_refsource_SREASON"
],
"url": "http://securityreason.com/securityalert/439"
},
{
"name": "HPSBMA02096",
"tags": [
"vendor-advisory",
"x_refsource_HP"
],
"url": "http://www1.itrc.hp.com/service/cki/docDisplay.do?docId=c00597967"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2005-2006",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "JBOSS 3.2.2 through 3.2.7 and 4.0.2 allows remote attackers to obtain sensitive information via a GET request (1) with a \"%.\" (percent dot), which reveals the installation path or (2) with a % (percent) before a filename, which reveals the contents of the file."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "SSRT061108",
"refsource": "HP",
"url": "http://www1.itrc.hp.com/service/cki/docDisplay.do?docId=c00597967"
},
{
"name": "ADV-2005-0815",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2005/0815"
},
{
"name": "15746",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/15746"
},
{
"name": "13985",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/13985"
},
{
"name": "20060720 Cisco MARS \u003c 4.2.1 remote compromise",
"refsource": "FULLDISC",
"url": "http://archives.neohapsis.com/archives/fulldisclosure/2006-07/0424.html"
},
{
"name": "17559",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/17559"
},
{
"name": "18789",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/18789"
},
{
"name": "1015605",
"refsource": "SECTRACK",
"url": "http://securitytracker.com/id?1015605"
},
{
"name": "20060720 Cisco MARS \u003c 4.2.1 remote compromise",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/440641/100/100/threaded"
},
{
"name": "ADV-2006-0497",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2006/0497"
},
{
"name": "20050617 JBOSS 3.2.2-3.2.7 / 4.0.2 installation path disclosure / config disclosure / version fingerprinting",
"refsource": "BUGTRAQ",
"url": "http://marc.info/?l=bugtraq\u0026m=111911095424496\u0026w=2"
},
{
"name": "439",
"refsource": "SREASON",
"url": "http://securityreason.com/securityalert/439"
},
{
"name": "HPSBMA02096",
"refsource": "HP",
"url": "http://www1.itrc.hp.com/service/cki/docDisplay.do?docId=c00597967"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2005-2006",
"datePublished": "2005-06-20T04:00:00",
"dateReserved": "2005-06-20T00:00:00",
"dateUpdated": "2024-08-07T22:15:36.865Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2003-0845 (GCVE-0-2003-0845)
Vulnerability from cvelistv5 – Published: 2003-10-09 04:00 – Updated: 2024-08-08 02:05
VLAI?
Summary
Unknown vulnerability in the HSQLDB component in JBoss 3.2.1 and 3.0.8 on Java 1.4.x platforms, when running in the default configuration, allows remote attackers to conduct unauthorized activities and possibly execute arbitrary code via certain SQL statements to (1) TCP port 1701 in JBoss 3.2.1, and (2) port 1476 in JBoss 3.0.8.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | ||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-08T02:05:12.637Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "8773",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/8773"
},
{
"name": "20031005 JBoss 3.2.1: Remote Command Injection",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://marc.info/?l=bugtraq\u0026m=106546044416498\u0026w=2"
},
{
"name": "27914",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/27914"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://sourceforge.net/docman/display_doc.php?docid=19314\u0026group_id=22866"
},
{
"name": "oval:org.mitre.oval:def:11300",
"tags": [
"vdb-entry",
"signature",
"x_refsource_OVAL",
"x_transferred"
],
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11300"
},
{
"name": "20031006 Update JBoss 308 \u0026 321: Remote Command Injection",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://marc.info/?l=bugtraq\u0026m=106547728803252\u0026w=2"
},
{
"name": "RHSA-2007:1048",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "http://www.redhat.com/support/errata/RHSA-2007-1048.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2003-10-05T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Unknown vulnerability in the HSQLDB component in JBoss 3.2.1 and 3.0.8 on Java 1.4.x platforms, when running in the default configuration, allows remote attackers to conduct unauthorized activities and possibly execute arbitrary code via certain SQL statements to (1) TCP port 1701 in JBoss 3.2.1, and (2) port 1476 in JBoss 3.0.8."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-10-10T00:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "8773",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/8773"
},
{
"name": "20031005 JBoss 3.2.1: Remote Command Injection",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://marc.info/?l=bugtraq\u0026m=106546044416498\u0026w=2"
},
{
"name": "27914",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/27914"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://sourceforge.net/docman/display_doc.php?docid=19314\u0026group_id=22866"
},
{
"name": "oval:org.mitre.oval:def:11300",
"tags": [
"vdb-entry",
"signature",
"x_refsource_OVAL"
],
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11300"
},
{
"name": "20031006 Update JBoss 308 \u0026 321: Remote Command Injection",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://marc.info/?l=bugtraq\u0026m=106547728803252\u0026w=2"
},
{
"name": "RHSA-2007:1048",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "http://www.redhat.com/support/errata/RHSA-2007-1048.html"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2003-0845",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Unknown vulnerability in the HSQLDB component in JBoss 3.2.1 and 3.0.8 on Java 1.4.x platforms, when running in the default configuration, allows remote attackers to conduct unauthorized activities and possibly execute arbitrary code via certain SQL statements to (1) TCP port 1701 in JBoss 3.2.1, and (2) port 1476 in JBoss 3.0.8."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "8773",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/8773"
},
{
"name": "20031005 JBoss 3.2.1: Remote Command Injection",
"refsource": "BUGTRAQ",
"url": "http://marc.info/?l=bugtraq\u0026m=106546044416498\u0026w=2"
},
{
"name": "27914",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/27914"
},
{
"name": "http://sourceforge.net/docman/display_doc.php?docid=19314\u0026group_id=22866",
"refsource": "CONFIRM",
"url": "http://sourceforge.net/docman/display_doc.php?docid=19314\u0026group_id=22866"
},
{
"name": "oval:org.mitre.oval:def:11300",
"refsource": "OVAL",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11300"
},
{
"name": "20031006 Update JBoss 308 \u0026 321: Remote Command Injection",
"refsource": "BUGTRAQ",
"url": "http://marc.info/?l=bugtraq\u0026m=106547728803252\u0026w=2"
},
{
"name": "RHSA-2007:1048",
"refsource": "REDHAT",
"url": "http://www.redhat.com/support/errata/RHSA-2007-1048.html"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2003-0845",
"datePublished": "2003-10-09T04:00:00",
"dateReserved": "2003-10-08T00:00:00",
"dateUpdated": "2024-08-08T02:05:12.637Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}