exploit the possibilities
Home Files News &[SERVICES_TAB]About Contact Add New
Showing 1 - 11 of 11 RSS Feed

CVE-2012-2377

Status Candidate

Overview

JGroups diagnostics service in JBoss Enterprise Portal Platform before 5.2.2, SOA Platform before 5.3.0, and BRMS Platform before 5.3.0, is enabled without authentication when started by the JGroups channel, which allows remote attackers in adjacent networks to read diagnostics information via a crafted IP multicast.

Related Files

Red Hat Security Advisory 2013-0196-01
Posted Jan 25, 2013
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2013-0196-01 - An attack technique against the W3C XML Encryption Standard when block ciphers were used in CBC mode could allow a remote attacker to conduct chosen-ciphertext attacks, leading to the recovery of the entire plain text of a particular cryptogram. JBoss Web Services leaked side-channel data when distributing symmetric keys, allowing a remote attacker to recover the entire plain text form of a symmetric key. Spring framework could possibly evaluate Expression Language expressions twice, allowing a remote attacker to execute arbitrary code in the context of the application server, or to obtain sensitive information from the server. Manual action is required to apply this fix.

tags | advisory, remote, web, arbitrary
systems | linux, redhat
advisories | CVE-2009-5066, CVE-2011-1096, CVE-2011-2487, CVE-2011-2730, CVE-2011-2908, CVE-2011-4575, CVE-2012-0034, CVE-2012-0874, CVE-2012-2377, CVE-2012-2379, CVE-2012-3369, CVE-2012-3370, CVE-2012-3546, CVE-2012-5478
SHA-256 | 2f420dc5393c68f141cd8470fbff93566527c142e6919016b8d51d958b72e142
Red Hat Security Advisory 2013-0198-01
Posted Jan 25, 2013
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2013-0198-01 - An attack technique against the W3C XML Encryption Standard when block ciphers were used in CBC mode could allow a remote attacker to conduct chosen-ciphertext attacks, leading to the recovery of the entire plain text of a particular cryptogram. JBoss Web Services leaked side-channel data when distributing symmetric keys, allowing a remote attacker to recover the entire plain text form of a symmetric key. Spring framework could possibly evaluate Expression Language expressions twice, allowing a remote attacker to execute arbitrary code in the context of the application server, or to obtain sensitive information from the server. Manual action is required to apply this fix.

tags | advisory, remote, web, arbitrary
systems | linux, redhat
advisories | CVE-2009-5066, CVE-2011-1096, CVE-2011-2487, CVE-2011-2730, CVE-2011-2908, CVE-2011-4575, CVE-2012-0874, CVE-2012-2377, CVE-2012-2379, CVE-2012-3369, CVE-2012-3370, CVE-2012-3546, CVE-2012-5478
SHA-256 | 30193e7918c18174e09b0fc9317ff36e69fa478524e48a046aad05faefd491bd
Red Hat Security Advisory 2013-0193-01
Posted Jan 25, 2013
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2013-0193-01 - An attack technique against the W3C XML Encryption Standard when block ciphers were used in CBC mode could allow a remote attacker to conduct chosen-ciphertext attacks, leading to the recovery of the entire plain text of a particular cryptogram. JBoss Web Services leaked side-channel data when distributing symmetric keys, allowing a remote attacker to recover the entire plain text form of a symmetric key. Spring framework could possibly evaluate Expression Language expressions twice, allowing a remote attacker to execute arbitrary code in the context of the application server, or to obtain sensitive information from the server. Manual action is required to apply this fix.

tags | advisory, remote, web, arbitrary
systems | linux, redhat
advisories | CVE-2009-5066, CVE-2011-1096, CVE-2011-2487, CVE-2011-2730, CVE-2011-2908, CVE-2011-4575, CVE-2012-0034, CVE-2012-0874, CVE-2012-2377, CVE-2012-2379, CVE-2012-3369, CVE-2012-3370, CVE-2012-3546, CVE-2012-5478
SHA-256 | 203d4183f97a0b72534165eefaad1051ab80c5b6e961528dfdb812f736af75d9
Red Hat Security Advisory 2013-0197-01
Posted Jan 25, 2013
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2013-0197-01 - An attack technique against the W3C XML Encryption Standard when block ciphers were used in CBC mode could allow a remote attacker to conduct chosen-ciphertext attacks, leading to the recovery of the entire plain text of a particular cryptogram. JBoss Web Services leaked side-channel data when distributing symmetric keys, allowing a remote attacker to recover the entire plain text form of a symmetric key. Spring framework could possibly evaluate Expression Language expressions twice, allowing a remote attacker to execute arbitrary code in the context of the application server, or to obtain sensitive information from the server. Manual action is required to apply this fix.

tags | advisory, remote, web, arbitrary
systems | linux, redhat
advisories | CVE-2009-5066, CVE-2011-1096, CVE-2011-2487, CVE-2011-2730, CVE-2011-2908, CVE-2011-4575, CVE-2012-0034, CVE-2012-0874, CVE-2012-2377, CVE-2012-2379, CVE-2012-3369, CVE-2012-3370, CVE-2012-3546, CVE-2012-5478
SHA-256 | d097fde655669dd117b8c1860e4328722d06635f85f615a47f270510adf54dff
Red Hat Security Advisory 2013-0194-01
Posted Jan 25, 2013
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2013-0194-01 - An attack technique against the W3C XML Encryption Standard when block ciphers were used in CBC mode could allow a remote attacker to conduct chosen-ciphertext attacks, leading to the recovery of the entire plain text of a particular cryptogram. JBoss Web Services leaked side-channel data when distributing symmetric keys, allowing a remote attacker to recover the entire plain text form of a symmetric key. Spring framework could possibly evaluate Expression Language expressions twice, allowing a remote attacker to execute arbitrary code in the context of the application server, or to obtain sensitive information from the server. Manual action is required to apply this fix.

tags | advisory, remote, web, arbitrary
systems | linux, redhat
advisories | CVE-2009-5066, CVE-2011-1096, CVE-2011-2487, CVE-2011-2730, CVE-2011-2908, CVE-2011-4575, CVE-2012-0874, CVE-2012-2377, CVE-2012-2379, CVE-2012-3369, CVE-2012-3370, CVE-2012-3546, CVE-2012-5478
SHA-256 | 751484bde4f1d4f095ab8daed96a50cce4a169426c1d76fcee30df63f7518f50
Red Hat Security Advisory 2013-0195-01
Posted Jan 25, 2013
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2013-0195-01 - An attack technique against the W3C XML Encryption Standard when block ciphers were used in CBC mode could allow a remote attacker to conduct chosen-ciphertext attacks, leading to the recovery of the entire plain text of a particular cryptogram. JBoss Web Services leaked side-channel data when distributing symmetric keys, allowing a remote attacker to recover the entire plain text form of a symmetric key. Spring framework could possibly evaluate Expression Language expressions twice, allowing a remote attacker to execute arbitrary code in the context of the application server, or to obtain sensitive information from the server. Manual action is required to apply this fix.

tags | advisory, remote, web, arbitrary
systems | linux, redhat
advisories | CVE-2009-5066, CVE-2011-1096, CVE-2011-2487, CVE-2011-2730, CVE-2011-2908, CVE-2011-4575, CVE-2012-0034, CVE-2012-0874, CVE-2012-2377, CVE-2012-2379, CVE-2012-3369, CVE-2012-3370, CVE-2012-3546, CVE-2012-5478
SHA-256 | 8b8aad75ccadcdd4a085ff3236bb83492d636516074fac3d37e0f2b2765dad09
Red Hat Security Advisory 2013-0192-01
Posted Jan 25, 2013
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2013-0192-01 - An attack technique against the W3C XML Encryption Standard when block ciphers were used in CBC mode could allow a remote attacker to conduct chosen-ciphertext attacks, leading to the recovery of the entire plain text of a particular cryptogram. JBoss Web Services leaked side-channel data when distributing symmetric keys, allowing a remote attacker to recover the entire plain text form of a symmetric key. Spring framework could possibly evaluate Expression Language expressions twice, allowing a remote attacker to execute arbitrary code in the context of the application server, or to obtain sensitive information from the server. Manual action is required to apply this fix.

tags | advisory, remote, web, arbitrary
systems | linux, redhat
advisories | CVE-2009-5066, CVE-2011-1096, CVE-2011-2487, CVE-2011-2730, CVE-2011-2908, CVE-2011-4575, CVE-2012-0034, CVE-2012-0874, CVE-2012-2377, CVE-2012-2379, CVE-2012-3369, CVE-2012-3370, CVE-2012-3546, CVE-2012-5478
SHA-256 | decf7b548527298e14368750ef10bad42cfe81748596c00c8a51d19ab1bd60ee
Red Hat Security Advisory 2013-0191-01
Posted Jan 25, 2013
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2013-0191-01 - An attack technique against the W3C XML Encryption Standard when block ciphers were used in CBC mode could allow a remote attacker to conduct chosen-ciphertext attacks, leading to the recovery of the entire plain text of a particular cryptogram. JBoss Web Services leaked side-channel data when distributing symmetric keys, allowing a remote attacker to recover the entire plain text form of a symmetric key. Spring framework could possibly evaluate Expression Language expressions twice, allowing a remote attacker to execute arbitrary code in the context of the application server, or to obtain sensitive information from the server. Manual action is required to apply this fix.

tags | advisory, remote, web, arbitrary
systems | linux, redhat
advisories | CVE-2009-5066, CVE-2011-1096, CVE-2011-2487, CVE-2011-2730, CVE-2011-2908, CVE-2011-4575, CVE-2012-0034, CVE-2012-0874, CVE-2012-2377, CVE-2012-2379, CVE-2012-3369, CVE-2012-3370, CVE-2012-3546, CVE-2012-5478
SHA-256 | 0118f719b859c9ded96e3c08f5bd52ca98c57d394f73c70376f8c790151e7a7f
Red Hat Security Advisory 2012-1232-01
Posted Sep 5, 2012
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2012-1232-01 - JBoss Enterprise Portal Platform is the open source implementation of the Java EE suite of services and Portal services running atop JBoss Enterprise Application Platform. It comprises a set of offerings for enterprise customers who are looking for pre-configured profiles of JBoss Enterprise Middleware components that have been tested and certified together to provide an integrated experience. This release of JBoss Enterprise Portal Platform 5.2.2 serves as a replacement for JBoss Enterprise Portal Platform 5.2.1, and includes bug fixes.

tags | advisory, java
systems | linux, redhat
advisories | CVE-2009-2625, CVE-2011-2908, CVE-2011-4605, CVE-2012-0213, CVE-2012-1167, CVE-2012-2377
SHA-256 | bfe1fd78f8e8200d810ee7a288e9dc1353758cb7ece9cd3e7b7a530ff76c782b
Red Hat Security Advisory 2012-1125-01
Posted Jul 31, 2012
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2012-1125-01 - JBoss Enterprise SOA Platform is the next-generation ESB and business process automation infrastructure. This release of JBoss Enterprise SOA Platform 5.3.0 serves as a replacement for JBoss Enterprise SOA Platform 5.2.0. It includes various bug fixes and enhancements which are detailed in the JBoss Enterprise SOA Platform 5.3.0 Release Notes.

tags | advisory
systems | linux, redhat
advisories | CVE-2011-3506, CVE-2011-3517, CVE-2011-4605, CVE-2011-4838, CVE-2012-0079, CVE-2012-0818, CVE-2012-2377
SHA-256 | b8d763d67a55bbd9739b6389ec7a18b563c208224d53204c1a9cca5f0d61037e
Red Hat Security Advisory 2012-1028-01
Posted Jun 22, 2012
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2012-1028-01 - JBoss Enterprise BRMS Platform is a business rules management system for the management, storage, creation, modification, and deployment of JBoss Rules. The Java Naming and Directory Interface Java API allows Java software clients to locate objects or services in an application server. This release of JBoss Enterprise BRMS Platform 5.3.0 serves as a replacement for JBoss Enterprise BRMS Platform 5.2.0. It includes various bug fixes and enhancements which are detailed in the JBoss Enterprise BRMS Platform 5.3.0 Release Notes.

tags | advisory, java
systems | linux, redhat
advisories | CVE-2011-4085, CVE-2011-4605, CVE-2012-2377
SHA-256 | f5a6eab4adeb9bde444f861593d0766d2577f80b17b7949872cefc121c3995e8
Page 1 of 1
Back1Next

File Archive:

May 2024

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    May 1st
    44 Files
  • 2
    May 2nd
    5 Files
  • 3
    May 3rd
    11 Files
  • 4
    May 4th
    0 Files
  • 5
    May 5th
    0 Files
  • 6
    May 6th
    28 Files
  • 7
    May 7th
    3 Files
  • 8
    May 8th
    4 Files
  • 9
    May 9th
    54 Files
  • 10
    May 10th
    12 Files
  • 11
    May 11th
    0 Files
  • 12
    May 12th
    0 Files
  • 13
    May 13th
    18 Files
  • 14
    May 14th
    11 Files
  • 15
    May 15th
    17 Files
  • 16
    May 16th
    13 Files
  • 17
    May 17th
    22 Files
  • 18
    May 18th
    0 Files
  • 19
    May 19th
    0 Files
  • 20
    May 20th
    17 Files
  • 21
    May 21st
    18 Files
  • 22
    May 22nd
    7 Files
  • 23
    May 23rd
    111 Files
  • 24
    May 24th
    27 Files
  • 25
    May 25th
    0 Files
  • 26
    May 26th
    0 Files
  • 27
    May 27th
    6 Files
  • 28
    May 28th
    12 Files
  • 29
    May 29th
    31 Files
  • 30
    May 30th
    22 Files
  • 31
    May 31st
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2022 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close