what you don't know can hurt you
Showing 1 - 11 of 11 RSS Feed

CVE-2011-4314

Status Candidate

Overview

message/ax/AxMessage.java in OpenID4Java before 0.9.6 final, as used in JBoss Enterprise Application Platform 5.1 before 5.1.2, Step2, Kay Framework before 1.0.2, and possibly other products does not verify that Attribute Exchange (AX) information is signed, which allows remote attackers to modify potentially sensitive AX information without detection via a man-in-the-middle (MITM) attack.

Related Files

Red Hat Security Advisory 2012-0519-01
Posted Apr 25, 2012
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2012-0519-01 - JBoss Enterprise Portal Platform is the open source implementation of the Java EE suite of services and Portal services running atop JBoss Enterprise Application Platform. It comprises a set of offerings for enterprise customers who are looking for pre-configured profiles of JBoss Enterprise Middleware components that have been tested and certified together to provide an integrated experience. This release of JBoss Enterprise Portal Platform 5.2.1 serves as a replacement for JBoss Enterprise Portal Platform 5.2.0, and includes bug fixes.

tags | advisory, java
systems | linux, redhat
advisories | CVE-2011-4314, CVE-2012-0818
MD5 | 189d8ae1b672374f456cbd82bbd8e382
Red Hat Security Advisory 2012-0441-01
Posted Apr 3, 2012
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2012-0441-01 - JBoss Enterprise BRMS Platform is a business rules management system for the management, storage, creation, modification, and deployment of JBoss Rules. This roll up patch serves as a cumulative upgrade for JBoss Enterprise BRMS Platform 5.2.0. It includes various bug fixes and enhancements. The following security issues are also fixed with this release: It was found that RESTEasy was vulnerable to XML External Entity attacks. If a remote attacker submitted a request containing an external XML entity to a RESTEasy endpoint, the entity would be resolved, allowing the attacker to read files accessible to the user running the application server. This flaw affected DOM Document and JAXB input.

tags | advisory, remote, xxe
systems | linux, redhat
advisories | CVE-2011-4314, CVE-2012-0818
MD5 | a89039a4a91c060565a037962444f37e
Red Hat Security Advisory 2012-0378-01
Posted Mar 12, 2012
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2012-0378-01 - JBoss Enterprise SOA Platform is the next-generation ESB and business process automation infrastructure. JBoss Enterprise SOA Platform allows IT to leverage existing, modern, and future integration methodologies to dramatically improve business process execution speed and quality. OpenID4Java allows you to implement OpenID authentication in your Java applications. OpenID4Java is a Technology Preview. This roll up patch serves as a cumulative upgrade for JBoss Enterprise SOA Platform 5.2.0. It includes various bug fixes.

tags | advisory, java
systems | linux, redhat
advisories | CVE-2011-4314
MD5 | 9e54c81fde949a5fea60f3bca0f8f736
Red Hat Security Advisory 2011-1806-01
Posted Dec 9, 2011
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2011-1806-01 - The Enterprise Web Platform is a slimmed down profile of the JBoss Enterprise Application Platform intended for mid-size workloads with light and rich Java applications. OpenID4Java allows you to implement OpenID authentication in your Java applications. OpenID4Java is a Technology Preview. This JBoss Enterprise Web Platform 5.1.2 release serves as a replacement for JBoss Enterprise Web Platform 5.1.1. This update includes bug fixes and enhancements. JBoss Enterprise Web Platform is a subset of JBoss Enterprise Application Platform. Users are directed to the JBoss Enterprise Application Platform 5.1.2 Release Notes for information on the most significant of these changes.

tags | advisory, java, web
systems | linux, redhat
advisories | CVE-2011-4314
MD5 | 77476fbcf5623888c35248dcc457d081
Red Hat Security Advisory 2011-1805-01
Posted Dec 9, 2011
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2011-1805-01 - JBoss Enterprise Application Platform is a platform for Java applications, which integrates the JBoss Application Server with JBoss Hibernate and JBoss Seam. OpenID4Java allows you to implement OpenID authentication in your Java applications. OpenID4Java is a Technology Preview. This JBoss Enterprise Application Platform 5.1.2 release serves as a replacement for JBoss Enterprise Application Platform 5.1.1, and includes bug fixes and enhancements.

tags | advisory, java
systems | linux, redhat
advisories | CVE-2011-4085, CVE-2011-4314
MD5 | d47310fc72dba015da5a0d02adef0a41
Red Hat Security Advisory 2011-1804-01
Posted Dec 9, 2011
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2011-1804-01 - The Enterprise Web Platform is a slimmed down profile of the JBoss Enterprise Application Platform intended for mid-size workloads with light and rich Java applications. OpenID4Java allows you to implement OpenID authentication in your Java applications. OpenID4Java is a Technology Preview. This JBoss Enterprise Web Platform 5.1.2 release for Red Hat Enterprise Linux 4 serves as a replacement for JBoss Enterprise Web Platform 5.1.1. These updated packages include bug fixes and enhancements. JBoss Enterprise Web Platform is a subset of JBoss Enterprise Application Platform. Users are directed to the JBoss Enterprise Application Platform 5.1.2 Release Notes for information on the most significant of these changes.

tags | advisory, java, web
systems | linux, redhat
advisories | CVE-2011-4314
MD5 | fa9d6fd7d953a2c7181335677927642a
Red Hat Security Advisory 2011-1803-01
Posted Dec 9, 2011
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2011-1803-01 - The Enterprise Web Platform is a slimmed down profile of the JBoss Enterprise Application Platform intended for mid-size workloads with light and rich Java applications. OpenID4Java allows you to implement OpenID authentication in your Java applications. OpenID4Java is a Technology Preview. This JBoss Enterprise Web Platform 5.1.2 release for Red Hat Enterprise Linux 5 serves as a replacement for JBoss Enterprise Web Platform 5.1.1. These updated packages include bug fixes and enhancements. JBoss Enterprise Web Platform is a subset of JBoss Enterprise Application Platform. Users are directed to the JBoss Enterprise Application Platform 5.1.2 Release Notes for information on the most significant of these changes.

tags | advisory, java, web
systems | linux, redhat
advisories | CVE-2011-4314
MD5 | 941221fec088c9fc817288aa58cffc21
Red Hat Security Advisory 2011-1802-01
Posted Dec 9, 2011
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2011-1802-01 - The Enterprise Web Platform is a slimmed down profile of the JBoss Enterprise Application Platform intended for mid-size workloads with light and rich Java applications. OpenID4Java allows you to implement OpenID authentication in your Java applications. OpenID4Java is a Technology Preview. This JBoss Enterprise Web Platform 5.1.2 release for Red Hat Enterprise Linux 6 serves as a replacement for JBoss Enterprise Web Platform 5.1.1. These updated packages include bug fixes and enhancements. JBoss Enterprise Web Platform is a subset of JBoss Enterprise Application Platform. Users are directed to the JBoss Enterprise Application Platform 5.1.2 Release Notes for information on the most significant of these changes.

tags | advisory, java, web
systems | linux, redhat
advisories | CVE-2011-4314
MD5 | adebf187da1830b1bb58e2e4d72f296a
Red Hat Security Advisory 2011-1800-01
Posted Dec 8, 2011
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2011-1800-01 - JBoss Enterprise Application Platform is a platform for Java applications, which integrates the JBoss Application Server with JBoss Hibernate and JBoss Seam. OpenID4Java allows you to implement OpenID authentication in your Java applications. OpenID4Java is a Technology Preview. This JBoss Enterprise Application Platform 5.1.2 release for Red Hat Enterprise Linux 4 serves as a replacement for JBoss Enterprise Application Platform 5.1.1. These updated packages include bug fixes and enhancements.

tags | advisory, java
systems | linux, redhat
advisories | CVE-2011-4085, CVE-2011-4314
MD5 | 296f00f98530195c6dde94e22d9abf79
Red Hat Security Advisory 2011-1799-01
Posted Dec 8, 2011
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2011-1799-01 - JBoss Enterprise Application Platform is a platform for Java applications, which integrates the JBoss Application Server with JBoss Hibernate and JBoss Seam. OpenID4Java allows you to implement OpenID authentication in your Java applications. OpenID4Java is a Technology Preview. This JBoss Enterprise Application Platform 5.1.2 release for Red Hat Enterprise Linux 5 serves as a replacement for JBoss Enterprise Application Platform 5.1.1. These updated packages include bug fixes and enhancements.

tags | advisory, java
systems | linux, redhat
advisories | CVE-2011-4085, CVE-2011-4314
MD5 | 793b887b9a50c55fbd66bf3a7083b713
Red Hat Security Advisory 2011-1798-01
Posted Dec 8, 2011
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2011-1798-01 - JBoss Enterprise Application Platform is a platform for Java applications, which integrates the JBoss Application Server with JBoss Hibernate and JBoss Seam. OpenID4Java allows you to implement OpenID authentication in your Java applications. OpenID4Java is a Technology Preview. This JBoss Enterprise Application Platform 5.1.2 release for Red Hat Enterprise Linux 6 serves as a replacement for JBoss Enterprise Application Platform 5.1.1. These updated packages include bug fixes and enhancements.

tags | exploit, java
systems | linux, redhat
advisories | CVE-2011-4085, CVE-2011-4314
MD5 | 5671b5f7f9fdd48d14d7ab20d42dc559
Page 1 of 1
Back1Next

File Archive:

February 2020

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Feb 1st
    1 Files
  • 2
    Feb 2nd
    2 Files
  • 3
    Feb 3rd
    17 Files
  • 4
    Feb 4th
    15 Files
  • 5
    Feb 5th
    24 Files
  • 6
    Feb 6th
    16 Files
  • 7
    Feb 7th
    19 Files
  • 8
    Feb 8th
    1 Files
  • 9
    Feb 9th
    2 Files
  • 10
    Feb 10th
    15 Files
  • 11
    Feb 11th
    20 Files
  • 12
    Feb 12th
    12 Files
  • 13
    Feb 13th
    18 Files
  • 14
    Feb 14th
    17 Files
  • 15
    Feb 15th
    4 Files
  • 16
    Feb 16th
    4 Files
  • 17
    Feb 17th
    34 Files
  • 18
    Feb 18th
    15 Files
  • 19
    Feb 19th
    19 Files
  • 20
    Feb 20th
    20 Files
  • 21
    Feb 21st
    15 Files
  • 22
    Feb 22nd
    2 Files
  • 23
    Feb 23rd
    2 Files
  • 24
    Feb 24th
    16 Files
  • 25
    Feb 25th
    37 Files
  • 26
    Feb 26th
    0 Files
  • 27
    Feb 27th
    0 Files
  • 28
    Feb 28th
    0 Files
  • 29
    Feb 29th
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2016 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close