what you don't know can hurt you
Showing 1 - 14 of 14 RSS Feed

CVE-2013-2035

Status Candidate

Overview

Race condition in hawtjni-runtime/src/main/java/org/fusesource/hawtjni/runtime/Library.java in HawtJNI before 1.8, when a custom library path is not specified, allows local users to execute arbitrary Java code by overwriting a temporary JAR file with a predictable name in /tmp.

Related Files

Red Hat Security Advisory 2015-0034-01
Posted Jan 12, 2015
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2015-0034-01 - Red Hat JBoss Data Virtualization is a lean data integration solution that provides easy, real-time, and unified data access across disparate sources to multiple applications and users. JBoss Data Virtualization makes data spread across physically distinct systems such as multiple databases, XML files, and even Hadoop systems appear as a set of tables in a local database. This roll up patch serves as a cumulative upgrade for Red Hat JBoss Data Virtualization 6.0.0. It includes various bug fixes, which are listed in the README file included with the patch files.

tags | advisory, local
systems | linux, redhat
advisories | CVE-2013-2035, CVE-2014-0058, CVE-2014-0171
MD5 | 750e53ff1c27692e06dbd0a901c09a28
Red Hat Security Advisory 2014-1995-01
Posted Dec 15, 2014
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2014-1995-01 - Red Hat JBoss Fuse Service Works is the next-generation ESB and business process automation infrastructure. This roll up patch serves as a cumulative upgrade for Red Hat JBoss Fuse Service Works 6.0.0. It includes various bug fixes, which are listed in the README file included with the patch files. It was found that the secure processing feature of Xalan-Java had insufficient restrictions defined for certain properties and features. A remote attacker able to provide Extensible Stylesheet Language Transformations content to be processed by an application using Xalan-Java could use this flaw to bypass the intended constraints of the secure processing feature. Depending on the components available in the classpath, this could lead to arbitrary remote code execution in the context of the application server running the application that uses Xalan-Java.

tags | advisory, java, remote, arbitrary, code execution
systems | linux, redhat
advisories | CVE-2013-2035, CVE-2013-6440, CVE-2014-0018, CVE-2014-0058, CVE-2014-0093, CVE-2014-0107
MD5 | 3b956fbdd4da583032e1319e6e7d5715
Red Hat Security Advisory 2014-1904-01
Posted Nov 26, 2014
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2014-1904-01 - Red Hat JBoss Operations Network is a middleware management solution that provides a single point of control to deploy, manage, and monitor JBoss Enterprise Middleware, applications, and services. This JBoss Operations Network 3.3.0 release serves as a replacement for JBoss Operations Network 3.2.3, and includes several bug fixes.

tags | advisory
systems | linux, redhat
advisories | CVE-2012-6153, CVE-2013-2035, CVE-2014-0059, CVE-2014-3481, CVE-2014-3490, CVE-2014-3577
MD5 | 48133e96975007cd2f25111fd8c8ffe7
Red Hat Security Advisory 2014-1290-01
Posted Sep 24, 2014
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2014-1290-01 - Red Hat JBoss BRMS is a business rules management system for the management, storage, creation, modification, and deployment of JBoss Rules. This release of Red Hat JBoss BRMS 6.0.3 serves as a replacement for Red Hat JBoss BRMS 6.0.2, and includes bug fixes and enhancements.

tags | advisory
systems | linux, redhat
advisories | CVE-2013-2035, CVE-2013-6440, CVE-2014-0018, CVE-2014-0058, CVE-2014-0093, CVE-2014-0107
MD5 | 8ea039b8f112cae0b783178bf5baf501
Red Hat Security Advisory 2014-1291-01
Posted Sep 24, 2014
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2014-1291-01 - Red Hat JBoss BPM Suite is a business rules and processes management system for the management, storage, creation, modification, and deployment of JBoss rules and BPMN2-compliant business processes. This release of Red Hat JBoss BPM Suite 6.0.3 serves as a replacement for Red Hat JBoss BPM Suite 6.0.2, and includes bug fixes and enhancements.

tags | advisory
systems | linux, redhat
advisories | CVE-2013-2035, CVE-2013-6440, CVE-2014-0018, CVE-2014-0058, CVE-2014-0093, CVE-2014-0107
MD5 | 24ca04c53445bff3e736a0fb5458ee3d
Red Hat Security Advisory 2014-0400-03
Posted Apr 14, 2014
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2014-0400-03 - Red Hat JBoss Fuse, based on Apache ServiceMix, provides a small-footprint, flexible, open source enterprise service bus and integration platform. Security fixes: A flaw was found in the way Apache Santuario XML Security for Java validated XML signatures. Santuario allowed a signature to specify an arbitrary canonicalization algorithm, which would be applied to the SignedInfo XML fragment. A remote attacker could exploit this to spoof an XML signature via a specially crafted XML signature block.

tags | advisory, java, remote, arbitrary, spoof
systems | linux, redhat
advisories | CVE-2013-2035, CVE-2013-2172, CVE-2013-2192, CVE-2013-4152, CVE-2013-4517, CVE-2013-6429, CVE-2013-6430, CVE-2014-0050, CVE-2014-0054, CVE-2014-0085, CVE-2014-1904
MD5 | cc88ecdb91a716104a78df1b3dd9c664
Red Hat Security Advisory 2014-0401-02
Posted Apr 14, 2014
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2014-0401-02 - Red Hat JBoss A-MQ, based on Apache ActiveMQ, is a standards-compliant messaging system that is tailored for use in mission critical applications. Red Hat JBoss A-MQ 6.1.0 is a minor product release that updates Red Hat JBoss A-MQ 6.0.0 and includes several bug fixes and enhancements.

tags | advisory
systems | linux, redhat
advisories | CVE-2013-2035, CVE-2013-2192, CVE-2013-4152, CVE-2013-6429, CVE-2013-6430, CVE-2014-0050, CVE-2014-0054, CVE-2014-0085, CVE-2014-1904
MD5 | 4849d75300282602745f7c2369f2e14a
Red Hat Security Advisory 2014-0254-01
Posted Mar 6, 2014
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2014-0254-01 - Apache ActiveMQ provides a SOA infrastructure to connect processes across heterogeneous systems. A flaw was found in Apache Camel's parsing of the FILE_NAME header. A remote attacker able to submit messages to a Camel route, which would write the provided message to a file, could provide expression language expressions in the FILE_NAME header, which would be evaluated on the server. This could lead to arbitrary remote code execution in the context of the Camel server process. It was found that the Apache Camel XSLT component allowed XSL stylesheets to call external Java methods. A remote attacker able to submit messages to a Camel route could use this flaw to perform arbitrary remote code execution in the context of the Camel server process.

tags | advisory, java, remote, arbitrary, code execution
systems | linux, redhat
advisories | CVE-2013-2035, CVE-2013-4152, CVE-2013-4330, CVE-2014-0003
MD5 | b54bdea8db7c12e21553162fa4440a09
Red Hat Security Advisory 2014-0245-01
Posted Mar 3, 2014
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2014-0245-01 - Apache ActiveMQ provides a SOA infrastructure to connect processes across heterogeneous systems. A flaw was found in Apache Camel's parsing of the FILE_NAME header. A remote attacker able to submit messages to a Camel route, which would write the provided message to a file, could provide expression language expressions in the FILE_NAME header, which would be evaluated on the server. This could lead to arbitrary remote code execution in the context of the Camel server process. It was found that the Apache Camel XSLT component allowed XSL stylesheets to call external Java methods. A remote attacker able to submit messages to a Camel route could use this flaw to perform arbitrary remote code execution in the context of the Camel server process.

tags | advisory, java, remote, arbitrary, code execution
systems | linux, redhat
advisories | CVE-2013-2035, CVE-2013-4152, CVE-2013-4330, CVE-2014-0003
MD5 | c53b528c76b33df7b0f9dfaf0f241e4c
Red Hat Security Advisory 2014-0029-01
Posted Jan 15, 2014
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2014-0029-01 - Red Hat JBoss Data Grid is a distributed in-memory data grid, based on Infinispan. This release of Red Hat JBoss Data Grid 6.2.0 serves as a replacement for Red Hat JBoss Data Grid 6.1.0. It includes various bug fixes and enhancements which are detailed in the Red Hat JBoss Data Grid 6.2.0 Release Notes.

tags | advisory
systems | linux, redhat
advisories | CVE-2012-6612, CVE-2013-1921, CVE-2013-2035, CVE-2013-3827, CVE-2013-4112, CVE-2013-6397, CVE-2013-6407, CVE-2013-6408
MD5 | afa08b7e4d2f26d826245d3a1b93e438
Red Hat Security Advisory 2013-1786-01
Posted Dec 5, 2013
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2013-1786-01 - Red Hat JBoss Enterprise Application Platform 6 is a platform for Java applications based on JBoss Application Server 7. The HawtJNI Library class wrote native libraries to a predictable file name in /tmp/ when the native libraries were bundled in a JAR file, and no custom library path was specified. A local attacker could overwrite these native libraries with malicious versions during the window between when HawtJNI writes them and when they are executed. A flaw was found in the way method-level authorization for JAX-WS Service endpoints was performed by the EJB invocation handler implementation. Any restrictions declared on EJB methods were ignored when executing the JAX-WS handlers, and only class-level restrictions were applied. A remote attacker who is authorized to access the EJB class, could invoke a JAX-WS handler which they were not authorized to invoke.

tags | advisory, java, remote, local
systems | linux, redhat
advisories | CVE-2013-2035, CVE-2013-2133
MD5 | 6994dd0c13f1548bef2f8ca0f3eb8d0c
Red Hat Security Advisory 2013-1785-01
Posted Dec 5, 2013
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2013-1785-01 - Red Hat JBoss Enterprise Application Platform 6 is a platform for Java applications based on JBoss Application Server 7. The HawtJNI Library class wrote native libraries to a predictable file name in /tmp/ when the native libraries were bundled in a JAR file, and no custom library path was specified. A local attacker could overwrite these native libraries with malicious versions during the window between when HawtJNI writes them and when they are executed. A flaw was found in the way method-level authorization for JAX-WS Service endpoints was performed by the EJB invocation handler implementation. Any restrictions declared on EJB methods were ignored when executing the JAX-WS handlers, and only class-level restrictions were applied. A remote attacker who is authorized to access the EJB class, could invoke a JAX-WS handler which they were not authorized to invoke.

tags | advisory, java, remote, local
systems | linux, redhat
advisories | CVE-2013-2035, CVE-2013-2133
MD5 | 8721cfc3af1c96be0682f313c4b7fe1d
Red Hat Security Advisory 2013-1784-01
Posted Dec 5, 2013
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2013-1784-01 - Red Hat JBoss Enterprise Application Platform 6 is a platform for Java applications based on JBoss Application Server 7. The HawtJNI Library class wrote native libraries to a predictable file name in /tmp/ when the native libraries were bundled in a JAR file, and no custom library path was specified. A local attacker could overwrite these native libraries with malicious versions during the window between when HawtJNI writes them and when they are executed. A flaw was found in the way method-level authorization for JAX-WS Service endpoints was performed by the EJB invocation handler implementation. Any restrictions declared on EJB methods were ignored when executing the JAX-WS handlers, and only class-level restrictions were applied. A remote attacker who is authorized to access the EJB class, could invoke a JAX-WS handler which they were not authorized to invoke.

tags | advisory, java, remote, local
systems | linux, redhat
advisories | CVE-2013-2035, CVE-2013-2133
MD5 | 56405179f4d4c5df7c81cc4abec4c91e
Red Hat Security Advisory 2013-1029-01
Posted Jul 10, 2013
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2013-1029-01 - Fuse MQ Enterprise, based on Apache ActiveMQ, is a standards compliant messaging system that is tailored for use in mission critical applications. This release of Fuse MQ Enterprise 7.1.0 roll up patch 1 is an update to Fuse MQ Enterprise 7.1.0 and includes bug fixes.

tags | advisory
systems | linux, redhat
advisories | CVE-2012-6092, CVE-2012-6551, CVE-2013-1879, CVE-2013-1880, CVE-2013-2035, CVE-2013-3060
MD5 | 245cc28c094a2b2a85ab2e6ec34c4f97
Page 1 of 1
Back1Next

File Archive:

April 2019

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Apr 1st
    21 Files
  • 2
    Apr 2nd
    35 Files
  • 3
    Apr 3rd
    21 Files
  • 4
    Apr 4th
    16 Files
  • 5
    Apr 5th
    15 Files
  • 6
    Apr 6th
    1 Files
  • 7
    Apr 7th
    2 Files
  • 8
    Apr 8th
    23 Files
  • 9
    Apr 9th
    19 Files
  • 10
    Apr 10th
    15 Files
  • 11
    Apr 11th
    14 Files
  • 12
    Apr 12th
    11 Files
  • 13
    Apr 13th
    2 Files
  • 14
    Apr 14th
    5 Files
  • 15
    Apr 15th
    14 Files
  • 16
    Apr 16th
    19 Files
  • 17
    Apr 17th
    19 Files
  • 18
    Apr 18th
    8 Files
  • 19
    Apr 19th
    4 Files
  • 20
    Apr 20th
    5 Files
  • 21
    Apr 21st
    1 Files
  • 22
    Apr 22nd
    4 Files
  • 23
    Apr 23rd
    0 Files
  • 24
    Apr 24th
    0 Files
  • 25
    Apr 25th
    0 Files
  • 26
    Apr 26th
    0 Files
  • 27
    Apr 27th
    0 Files
  • 28
    Apr 28th
    0 Files
  • 29
    Apr 29th
    0 Files
  • 30
    Apr 30th
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2019 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close