Red Hat Security Advisory 2013-0665-01 - JBoss Data Grid is a distributed in-memory data grid, based on Infinispan. This release of JBoss Data Grid 6.1.0 serves as a replacement for JBoss Data Grid 6.0.1. It includes various bug fixes and enhancements which are detailed in the JBoss Data Grid 6.1.0 Release Notes.
86e2f99d5f2e98f7fd162cf083ac17e2a1498532e28600b423b7c876fb02fd90Red Hat Security Advisory 2013-0586-01 - JBoss Enterprise BRMS Platform is a business rules management system for the management, storage, creation, modification, and deployment of JBoss Rules. JBoss Enterprise Portal Platform is the open source implementation of the Java EE suite of services and Portal services running atop JBoss Enterprise Application Platform. JBoss Enterprise SOA Platform is the next-generation ESB and business process automation infrastructure. When using LDAP authentication with the provided LDAP login modules, empty passwords were allowed by default. An attacker could use this flaw to bypass intended authentication by providing an empty password for a valid username, as the LDAP server may recognize this as an 'unauthenticated authentication'. This update sets the allowEmptyPasswords option for the LDAP login modules to false if the option is not already configured.
7e21979349010c735492afb3417266ca14442dd1f1f4f56ac3bae29bda8b9242Red Hat Security Advisory 2013-0248-01 - JBoss Enterprise Application Platform is a platform for Java applications, which integrates the JBoss Application Server with JBoss Hibernate and JBoss Seam. When using LDAP authentication with the provided LDAP login modules, empty passwords were allowed by default. An attacker could use this flaw to bypass intended authentication by providing an empty password for a valid username, as the LDAP server may recognize this as an 'unauthenticated authentication'. This update sets the allowEmptyPasswords option for the LDAP login modules to false if the option is not already configured.
0cd84070a95714e2f26d8a323922ceaf81407a25678b121fd827d82772d04c3fRed Hat Security Advisory 2013-0249-01 - JBoss Enterprise Application Platform is a platform for Java applications, which integrates the JBoss Application Server with JBoss Hibernate and JBoss Seam. When using LDAP authentication with the provided LDAP login modules, empty passwords were allowed by default. An attacker could use this flaw to bypass intended authentication by providing an empty password for a valid username, as the LDAP server may recognize this as an 'unauthenticated authentication'. This update sets the allowEmptyPasswords option for the LDAP login modules to false if the option is not already configured.
6761f84bc127bf9f98c90f2feeea537625896bc2eae21667feec92b4f2469766Red Hat Security Advisory 2013-0232-01 - JBoss Enterprise Application Platform is a platform for Java applications, which integrates the JBoss Application Server with JBoss Hibernate and JBoss Seam. When using LDAP authentication with the provided LDAP login modules, empty passwords were allowed by default. An attacker could use this flaw to bypass intended authentication by providing an empty password for a valid username, as the LDAP server may recognize this as an 'unauthenticated authentication'. This update sets the allowEmptyPasswords option for the LDAP login modules to false if the option is not already configured.
7dbdd0df2b0837fcd242674ab859d51fea5c2572bd356f80af817d0420b5d9a1Red Hat Security Advisory 2013-0234-01 - JBoss Enterprise Application Platform 6 is a platform for Java applications based on JBoss Application Server 7. When using LDAP authentication with either the "ldap" configuration entry or the provided LDAP login modules, empty passwords were allowed by default. An attacker could use this flaw to bypass intended authentication by providing an empty password for a valid username, as the LDAP server may recognize this as an 'unauthenticated authentication'. This update sets the allowEmptyPasswords option for the LDAP login modules to false if the option is not already configured.
05fbf5e9799195b832475b087a021984907d6a24f8e56a2d7fd27ee4ffc94468Red Hat Security Advisory 2013-0233-01 - The Enterprise Web Platform is a slimmed down profile of the JBoss Enterprise Application Platform intended for mid-size workloads with light and rich Java applications. When using LDAP authentication with the provided LDAP login modules, empty passwords were allowed by default. An attacker could use this flaw to bypass intended authentication by providing an empty password for a valid username, as the LDAP server may recognize this as an 'unauthenticated authentication'. This update sets the allowEmptyPasswords option for the LDAP login modules to false if the option is not already configured.
b7d3b8a02a1f8c6ab35c7602e38206465252b8d0ab40fb14d583816dea8566fbRed Hat Security Advisory 2013-0230-01 - The Enterprise Web Platform is a slimmed down profile of the JBoss Enterprise Application Platform intended for mid-size workloads with light and rich Java applications. When using LDAP authentication with the provided LDAP login modules, empty passwords were allowed by default. An attacker could use this flaw to bypass intended authentication by providing an empty password for a valid username, as the LDAP server may recognize this as an 'unauthenticated authentication'. This update sets the allowEmptyPasswords option for the LDAP login modules to false if the option is not already configured.
ff9fa7c329f6c313132637d412894d99d04fb2baac3a3ff226b3a010b5844f84Red Hat Security Advisory 2013-0231-01 - JBoss Enterprise Application Platform 6 is a platform for Java applications based on JBoss Application Server 7. When using LDAP authentication with either the "ldap" configuration entry or the provided LDAP login modules, empty passwords were allowed by default. An attacker could use this flaw to bypass intended authentication by providing an empty password for a valid username, as the LDAP server may recognize this as an 'unauthenticated authentication'. This update sets the allowEmptyPasswords option for the LDAP login modules to false if the option is not already configured.
7a55e18c14409d7e71117993e7cc7187493ae79ffaf0c9fba0d158410ce27ce5Red Hat Security Advisory 2013-0229-01 - JBoss Enterprise Application Platform is a platform for Java applications, which integrates the JBoss Application Server with JBoss Hibernate and JBoss Seam. When using LDAP authentication with the provided LDAP login modules, empty passwords were allowed by default. An attacker could use this flaw to bypass intended authentication by providing an empty password for a valid username, as the LDAP server may recognize this as an 'unauthenticated authentication'. This update sets the allowEmptyPasswords option for the LDAP login modules to false if the option is not already configured.
4180426ee867b8104f2a973dd460f060bc79620a74ec1194e3d3c0e8951dda09
© 2022 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed