what you don't know can hurt you
Showing 1 - 8 of 8 RSS Feed

CVE-2014-0058

Status Candidate

Overview

The security audit functionality in Red Hat JBoss Enterprise Application Platform (EAP) 6.x before 6.2.1 logs request parameters in plaintext, which might allow local users to obtain passwords by reading the log files.

Related Files

Red Hat Security Advisory 2015-0034-01
Posted Jan 12, 2015
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2015-0034-01 - Red Hat JBoss Data Virtualization is a lean data integration solution that provides easy, real-time, and unified data access across disparate sources to multiple applications and users. JBoss Data Virtualization makes data spread across physically distinct systems such as multiple databases, XML files, and even Hadoop systems appear as a set of tables in a local database. This roll up patch serves as a cumulative upgrade for Red Hat JBoss Data Virtualization 6.0.0. It includes various bug fixes, which are listed in the README file included with the patch files.

tags | advisory, local
systems | linux, redhat
advisories | CVE-2013-2035, CVE-2014-0058, CVE-2014-0171
MD5 | 750e53ff1c27692e06dbd0a901c09a28
Red Hat Security Advisory 2014-1995-01
Posted Dec 15, 2014
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2014-1995-01 - Red Hat JBoss Fuse Service Works is the next-generation ESB and business process automation infrastructure. This roll up patch serves as a cumulative upgrade for Red Hat JBoss Fuse Service Works 6.0.0. It includes various bug fixes, which are listed in the README file included with the patch files. It was found that the secure processing feature of Xalan-Java had insufficient restrictions defined for certain properties and features. A remote attacker able to provide Extensible Stylesheet Language Transformations content to be processed by an application using Xalan-Java could use this flaw to bypass the intended constraints of the secure processing feature. Depending on the components available in the classpath, this could lead to arbitrary remote code execution in the context of the application server running the application that uses Xalan-Java.

tags | advisory, java, remote, arbitrary, code execution
systems | linux, redhat
advisories | CVE-2013-2035, CVE-2013-6440, CVE-2014-0018, CVE-2014-0058, CVE-2014-0093, CVE-2014-0107
MD5 | 3b956fbdd4da583032e1319e6e7d5715
Red Hat Security Advisory 2014-1290-01
Posted Sep 24, 2014
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2014-1290-01 - Red Hat JBoss BRMS is a business rules management system for the management, storage, creation, modification, and deployment of JBoss Rules. This release of Red Hat JBoss BRMS 6.0.3 serves as a replacement for Red Hat JBoss BRMS 6.0.2, and includes bug fixes and enhancements.

tags | advisory
systems | linux, redhat
advisories | CVE-2013-2035, CVE-2013-6440, CVE-2014-0018, CVE-2014-0058, CVE-2014-0093, CVE-2014-0107
MD5 | 8ea039b8f112cae0b783178bf5baf501
Red Hat Security Advisory 2014-1291-01
Posted Sep 24, 2014
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2014-1291-01 - Red Hat JBoss BPM Suite is a business rules and processes management system for the management, storage, creation, modification, and deployment of JBoss rules and BPMN2-compliant business processes. This release of Red Hat JBoss BPM Suite 6.0.3 serves as a replacement for Red Hat JBoss BPM Suite 6.0.2, and includes bug fixes and enhancements.

tags | advisory
systems | linux, redhat
advisories | CVE-2013-2035, CVE-2013-6440, CVE-2014-0018, CVE-2014-0058, CVE-2014-0093, CVE-2014-0107
MD5 | 24ca04c53445bff3e736a0fb5458ee3d
Red Hat Security Advisory 2014-0910-01
Posted Jul 21, 2014
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2014-0910-01 - Red Hat JBoss Operations Network is a middleware management solution that provides a single point of control to deploy, manage, and monitor JBoss Enterprise Middleware, applications, and services. This JBoss Operations Network 3.2.2 release serves as a replacement for JBoss Operations Network 3.2.1, and includes several bug fixes.

tags | advisory
systems | linux, redhat
advisories | CVE-2013-5855, CVE-2014-0058, CVE-2014-0193, CVE-2014-3530
MD5 | 62091fc0a99df4b44f0ec91aae223025
Red Hat Security Advisory 2014-0895-01
Posted Jul 16, 2014
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2014-0895-01 - Red Hat JBoss Data Grid is a distributed in-memory data grid, based on Infinispan. This release of Red Hat JBoss Data Grid 6.3.0 serves as a replacement for Red Hat JBoss Data Grid 6.2.1. It includes various bug fixes and enhancements which are detailed in the Red Hat JBoss Data Grid 6.3.0 Release Notes.

tags | advisory
systems | linux, redhat
advisories | CVE-2014-0058, CVE-2014-0059, CVE-2014-0075, CVE-2014-0096, CVE-2014-0099, CVE-2014-0119
MD5 | 3eed68323d6dd51883718454856ccc7f
Red Hat Security Advisory 2014-0205-01
Posted Feb 25, 2014
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2014-0205-01 - Red Hat JBoss Enterprise Application Platform 6 is a platform for Java applications based on JBoss Application Server 7. It was found that the security audit functionality, as provided by Red Hat JBoss Enterprise Application Platform 6, logged request parameters in plain text. This may have caused passwords to be included in the audit log files when using BASIC or FORM-based authentication. A local attacker with access to audit log files could possibly use this flaw to obtain application or server authentication credentials.

tags | advisory, java, local
systems | linux, redhat
advisories | CVE-2014-0058
MD5 | a0793b6d7aa8c6f0df3d463c2c90e485
Red Hat Security Advisory 2014-0204-01
Posted Feb 24, 2014
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2014-0204-01 - Red Hat JBoss Enterprise Application Platform 6 is a platform for Java applications based on JBoss Application Server 7. It was found that the security audit functionality, as provided by Red Hat JBoss Enterprise Application Platform 6, logged request parameters in plain text. This may have caused passwords to be included in the audit log files when using BASIC or FORM-based authentication. A local attacker with access to audit log files could possibly use this flaw to obtain application or server authentication credentials.

tags | advisory, java, local
systems | linux, redhat
advisories | CVE-2014-0058
MD5 | 5d3cf4f86953b7fb5305e6b61a95ee98
Page 1 of 1
Back1Next

File Archive:

July 2019

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Jul 1st
    34 Files
  • 2
    Jul 2nd
    15 Files
  • 3
    Jul 3rd
    9 Files
  • 4
    Jul 4th
    8 Files
  • 5
    Jul 5th
    2 Files
  • 6
    Jul 6th
    3 Files
  • 7
    Jul 7th
    1 Files
  • 8
    Jul 8th
    15 Files
  • 9
    Jul 9th
    15 Files
  • 10
    Jul 10th
    20 Files
  • 11
    Jul 11th
    17 Files
  • 12
    Jul 12th
    16 Files
  • 13
    Jul 13th
    2 Files
  • 14
    Jul 14th
    1 Files
  • 15
    Jul 15th
    20 Files
  • 16
    Jul 16th
    27 Files
  • 17
    Jul 17th
    7 Files
  • 18
    Jul 18th
    5 Files
  • 19
    Jul 19th
    12 Files
  • 20
    Jul 20th
    0 Files
  • 21
    Jul 21st
    0 Files
  • 22
    Jul 22nd
    0 Files
  • 23
    Jul 23rd
    0 Files
  • 24
    Jul 24th
    0 Files
  • 25
    Jul 25th
    0 Files
  • 26
    Jul 26th
    0 Files
  • 27
    Jul 27th
    0 Files
  • 28
    Jul 28th
    0 Files
  • 29
    Jul 29th
    0 Files
  • 30
    Jul 30th
    0 Files
  • 31
    Jul 31st
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2019 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close