what you don't know can hurt you
Showing 1 - 10 of 10 RSS Feed

CVE-2012-3370

Status Candidate

Overview

The SecurityAssociation.getCredential method in JBoss Enterprise Application Platform (EAP) before 5.2.0, Web Platform (EWP) before 5.2.0, BRMS Platform before 5.3.1, and SOA Platform before 5.3.1 returns the credentials of the previous user when a security context is not provided, which allows remote attackers to gain privileges as other users.

Related Files

Red Hat Security Advisory 2013-0533-01
Posted Feb 21, 2013
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2013-0533-01 - Security: JBoss Web Services leaked side-channel data when distributing symmetric keys, allowing a remote attacker to recover the entire plain text form of a symmetric key. Spring framework could possibly evaluate Expression Language expressions twice, allowing a remote attacker to execute arbitrary code in the context of the application server, or to obtain sensitive information from the server.

tags | advisory, remote, web, arbitrary
systems | linux, redhat
advisories | CVE-2009-5066, CVE-2011-2487, CVE-2011-2730, CVE-2011-4575, CVE-2012-0034, CVE-2012-0874, CVE-2012-3369, CVE-2012-3370, CVE-2012-5370, CVE-2012-5478
MD5 | 1ed7e59a1ff7e876d819b45399bf9f64
Red Hat Security Advisory 2013-0221-01
Posted Feb 1, 2013
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2013-0221-01 - An attack technique against the W3C XML Encryption Standard when block ciphers were used in CBC mode could allow a remote attacker to conduct chosen-ciphertext attacks, leading to the recovery of the entire plain text of a particular cryptogram. JBoss Web Services leaked side-channel data when distributing symmetric keys, allowing a remote attacker to recover the entire plain text form of a symmetric key. Various other issues were also addressed.

tags | advisory, remote, web
systems | linux, redhat
advisories | CVE-2009-5066, CVE-2011-1096, CVE-2011-2487, CVE-2011-2730, CVE-2011-4575, CVE-2012-0034, CVE-2012-0874, CVE-2012-3369, CVE-2012-3370, CVE-2012-3546, CVE-2012-5478
MD5 | 28481e8fdfb034ff65e82f80e6540009
Red Hat Security Advisory 2013-0196-01
Posted Jan 25, 2013
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2013-0196-01 - An attack technique against the W3C XML Encryption Standard when block ciphers were used in CBC mode could allow a remote attacker to conduct chosen-ciphertext attacks, leading to the recovery of the entire plain text of a particular cryptogram. JBoss Web Services leaked side-channel data when distributing symmetric keys, allowing a remote attacker to recover the entire plain text form of a symmetric key. Spring framework could possibly evaluate Expression Language expressions twice, allowing a remote attacker to execute arbitrary code in the context of the application server, or to obtain sensitive information from the server. Manual action is required to apply this fix.

tags | advisory, remote, web, arbitrary
systems | linux, redhat
advisories | CVE-2009-5066, CVE-2011-1096, CVE-2011-2487, CVE-2011-2730, CVE-2011-2908, CVE-2011-4575, CVE-2012-0034, CVE-2012-0874, CVE-2012-2377, CVE-2012-2379, CVE-2012-3369, CVE-2012-3370, CVE-2012-3546, CVE-2012-5478
MD5 | 9bc277cad34311b9ed1145cfe72e9ce3
Red Hat Security Advisory 2013-0198-01
Posted Jan 25, 2013
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2013-0198-01 - An attack technique against the W3C XML Encryption Standard when block ciphers were used in CBC mode could allow a remote attacker to conduct chosen-ciphertext attacks, leading to the recovery of the entire plain text of a particular cryptogram. JBoss Web Services leaked side-channel data when distributing symmetric keys, allowing a remote attacker to recover the entire plain text form of a symmetric key. Spring framework could possibly evaluate Expression Language expressions twice, allowing a remote attacker to execute arbitrary code in the context of the application server, or to obtain sensitive information from the server. Manual action is required to apply this fix.

tags | advisory, remote, web, arbitrary
systems | linux, redhat
advisories | CVE-2009-5066, CVE-2011-1096, CVE-2011-2487, CVE-2011-2730, CVE-2011-2908, CVE-2011-4575, CVE-2012-0874, CVE-2012-2377, CVE-2012-2379, CVE-2012-3369, CVE-2012-3370, CVE-2012-3546, CVE-2012-5478
MD5 | b1595bd4d15992a5c521afe0ea3ce556
Red Hat Security Advisory 2013-0193-01
Posted Jan 25, 2013
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2013-0193-01 - An attack technique against the W3C XML Encryption Standard when block ciphers were used in CBC mode could allow a remote attacker to conduct chosen-ciphertext attacks, leading to the recovery of the entire plain text of a particular cryptogram. JBoss Web Services leaked side-channel data when distributing symmetric keys, allowing a remote attacker to recover the entire plain text form of a symmetric key. Spring framework could possibly evaluate Expression Language expressions twice, allowing a remote attacker to execute arbitrary code in the context of the application server, or to obtain sensitive information from the server. Manual action is required to apply this fix.

tags | advisory, remote, web, arbitrary
systems | linux, redhat
advisories | CVE-2009-5066, CVE-2011-1096, CVE-2011-2487, CVE-2011-2730, CVE-2011-2908, CVE-2011-4575, CVE-2012-0034, CVE-2012-0874, CVE-2012-2377, CVE-2012-2379, CVE-2012-3369, CVE-2012-3370, CVE-2012-3546, CVE-2012-5478
MD5 | db35990392efe4e65efd108e8a373277
Red Hat Security Advisory 2013-0197-01
Posted Jan 25, 2013
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2013-0197-01 - An attack technique against the W3C XML Encryption Standard when block ciphers were used in CBC mode could allow a remote attacker to conduct chosen-ciphertext attacks, leading to the recovery of the entire plain text of a particular cryptogram. JBoss Web Services leaked side-channel data when distributing symmetric keys, allowing a remote attacker to recover the entire plain text form of a symmetric key. Spring framework could possibly evaluate Expression Language expressions twice, allowing a remote attacker to execute arbitrary code in the context of the application server, or to obtain sensitive information from the server. Manual action is required to apply this fix.

tags | advisory, remote, web, arbitrary
systems | linux, redhat
advisories | CVE-2009-5066, CVE-2011-1096, CVE-2011-2487, CVE-2011-2730, CVE-2011-2908, CVE-2011-4575, CVE-2012-0034, CVE-2012-0874, CVE-2012-2377, CVE-2012-2379, CVE-2012-3369, CVE-2012-3370, CVE-2012-3546, CVE-2012-5478
MD5 | 56de6e2db763f251603aa3b7c3645d72
Red Hat Security Advisory 2013-0194-01
Posted Jan 25, 2013
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2013-0194-01 - An attack technique against the W3C XML Encryption Standard when block ciphers were used in CBC mode could allow a remote attacker to conduct chosen-ciphertext attacks, leading to the recovery of the entire plain text of a particular cryptogram. JBoss Web Services leaked side-channel data when distributing symmetric keys, allowing a remote attacker to recover the entire plain text form of a symmetric key. Spring framework could possibly evaluate Expression Language expressions twice, allowing a remote attacker to execute arbitrary code in the context of the application server, or to obtain sensitive information from the server. Manual action is required to apply this fix.

tags | advisory, remote, web, arbitrary
systems | linux, redhat
advisories | CVE-2009-5066, CVE-2011-1096, CVE-2011-2487, CVE-2011-2730, CVE-2011-2908, CVE-2011-4575, CVE-2012-0874, CVE-2012-2377, CVE-2012-2379, CVE-2012-3369, CVE-2012-3370, CVE-2012-3546, CVE-2012-5478
MD5 | 8e4016181cce8bc4cffc90db102a96d6
Red Hat Security Advisory 2013-0195-01
Posted Jan 25, 2013
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2013-0195-01 - An attack technique against the W3C XML Encryption Standard when block ciphers were used in CBC mode could allow a remote attacker to conduct chosen-ciphertext attacks, leading to the recovery of the entire plain text of a particular cryptogram. JBoss Web Services leaked side-channel data when distributing symmetric keys, allowing a remote attacker to recover the entire plain text form of a symmetric key. Spring framework could possibly evaluate Expression Language expressions twice, allowing a remote attacker to execute arbitrary code in the context of the application server, or to obtain sensitive information from the server. Manual action is required to apply this fix.

tags | advisory, remote, web, arbitrary
systems | linux, redhat
advisories | CVE-2009-5066, CVE-2011-1096, CVE-2011-2487, CVE-2011-2730, CVE-2011-2908, CVE-2011-4575, CVE-2012-0034, CVE-2012-0874, CVE-2012-2377, CVE-2012-2379, CVE-2012-3369, CVE-2012-3370, CVE-2012-3546, CVE-2012-5478
MD5 | d4f97125223219f34f31c65e909d63db
Red Hat Security Advisory 2013-0192-01
Posted Jan 25, 2013
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2013-0192-01 - An attack technique against the W3C XML Encryption Standard when block ciphers were used in CBC mode could allow a remote attacker to conduct chosen-ciphertext attacks, leading to the recovery of the entire plain text of a particular cryptogram. JBoss Web Services leaked side-channel data when distributing symmetric keys, allowing a remote attacker to recover the entire plain text form of a symmetric key. Spring framework could possibly evaluate Expression Language expressions twice, allowing a remote attacker to execute arbitrary code in the context of the application server, or to obtain sensitive information from the server. Manual action is required to apply this fix.

tags | advisory, remote, web, arbitrary
systems | linux, redhat
advisories | CVE-2009-5066, CVE-2011-1096, CVE-2011-2487, CVE-2011-2730, CVE-2011-2908, CVE-2011-4575, CVE-2012-0034, CVE-2012-0874, CVE-2012-2377, CVE-2012-2379, CVE-2012-3369, CVE-2012-3370, CVE-2012-3546, CVE-2012-5478
MD5 | a1dc620065305fff455d9c61c8a3e197
Red Hat Security Advisory 2013-0191-01
Posted Jan 25, 2013
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2013-0191-01 - An attack technique against the W3C XML Encryption Standard when block ciphers were used in CBC mode could allow a remote attacker to conduct chosen-ciphertext attacks, leading to the recovery of the entire plain text of a particular cryptogram. JBoss Web Services leaked side-channel data when distributing symmetric keys, allowing a remote attacker to recover the entire plain text form of a symmetric key. Spring framework could possibly evaluate Expression Language expressions twice, allowing a remote attacker to execute arbitrary code in the context of the application server, or to obtain sensitive information from the server. Manual action is required to apply this fix.

tags | advisory, remote, web, arbitrary
systems | linux, redhat
advisories | CVE-2009-5066, CVE-2011-1096, CVE-2011-2487, CVE-2011-2730, CVE-2011-2908, CVE-2011-4575, CVE-2012-0034, CVE-2012-0874, CVE-2012-2377, CVE-2012-2379, CVE-2012-3369, CVE-2012-3370, CVE-2012-3546, CVE-2012-5478
MD5 | d9a177ae77d5a5d614afb6b19fecda3c
Page 1 of 1
Back1Next

File Archive:

July 2017

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Jul 1st
    2 Files
  • 2
    Jul 2nd
    3 Files
  • 3
    Jul 3rd
    15 Files
  • 4
    Jul 4th
    4 Files
  • 5
    Jul 5th
    15 Files
  • 6
    Jul 6th
    15 Files
  • 7
    Jul 7th
    10 Files
  • 8
    Jul 8th
    2 Files
  • 9
    Jul 9th
    10 Files
  • 10
    Jul 10th
    15 Files
  • 11
    Jul 11th
    15 Files
  • 12
    Jul 12th
    19 Files
  • 13
    Jul 13th
    16 Files
  • 14
    Jul 14th
    15 Files
  • 15
    Jul 15th
    3 Files
  • 16
    Jul 16th
    2 Files
  • 17
    Jul 17th
    8 Files
  • 18
    Jul 18th
    11 Files
  • 19
    Jul 19th
    15 Files
  • 20
    Jul 20th
    15 Files
  • 21
    Jul 21st
    15 Files
  • 22
    Jul 22nd
    7 Files
  • 23
    Jul 23rd
    2 Files
  • 24
    Jul 24th
    19 Files
  • 25
    Jul 25th
    28 Files
  • 26
    Jul 26th
    2 Files
  • 27
    Jul 27th
    0 Files
  • 28
    Jul 28th
    0 Files
  • 29
    Jul 29th
    0 Files
  • 30
    Jul 30th
    0 Files
  • 31
    Jul 31st
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2016 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close