what you don't know can hurt you
Home Files News &[SERVICES_TAB]About Contact Add New
Showing 1 - 2 of 2 RSS Feed

CVE-2014-0085

Status Candidate

Overview

JBoss Fuse did not enable encrypted passwords by default in its usage of Apache Zookeeper. This permitted sensitive information disclosure via logging to local users. Note: this description has been updated; previous text mistakenly identified the source of the flaw as Zookeeper. Previous text: Apache Zookeeper logs cleartext admin passwords, which allows local users to obtain sensitive information by reading the log.

Related Files

Red Hat Security Advisory 2014-0400-03
Posted Apr 14, 2014
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2014-0400-03 - Red Hat JBoss Fuse, based on Apache ServiceMix, provides a small-footprint, flexible, open source enterprise service bus and integration platform. Security fixes: A flaw was found in the way Apache Santuario XML Security for Java validated XML signatures. Santuario allowed a signature to specify an arbitrary canonicalization algorithm, which would be applied to the SignedInfo XML fragment. A remote attacker could exploit this to spoof an XML signature via a specially crafted XML signature block.

tags | advisory, java, remote, arbitrary, spoof
systems | linux, redhat
advisories | CVE-2013-2035, CVE-2013-2172, CVE-2013-2192, CVE-2013-4152, CVE-2013-4517, CVE-2013-6429, CVE-2013-6430, CVE-2014-0050, CVE-2014-0054, CVE-2014-0085, CVE-2014-1904
SHA-256 | 59fb89a523cbebe70f311b3e2011f6b31d5456d35c7cb4af096d9f8a7b46823e
Red Hat Security Advisory 2014-0401-02
Posted Apr 14, 2014
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2014-0401-02 - Red Hat JBoss A-MQ, based on Apache ActiveMQ, is a standards-compliant messaging system that is tailored for use in mission critical applications. Red Hat JBoss A-MQ 6.1.0 is a minor product release that updates Red Hat JBoss A-MQ 6.0.0 and includes several bug fixes and enhancements.

tags | advisory
systems | linux, redhat
advisories | CVE-2013-2035, CVE-2013-2192, CVE-2013-4152, CVE-2013-6429, CVE-2013-6430, CVE-2014-0050, CVE-2014-0054, CVE-2014-0085, CVE-2014-1904
SHA-256 | 884c2290b52cd9e01634db919d477a8981b15a764efe9bb37401b8a31a1d82ba
Page 1 of 1
Back1Next

File Archive:

February 2023

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Feb 1st
    11 Files
  • 2
    Feb 2nd
    9 Files
  • 3
    Feb 3rd
    5 Files
  • 4
    Feb 4th
    0 Files
  • 5
    Feb 5th
    0 Files
  • 6
    Feb 6th
    9 Files
  • 7
    Feb 7th
    0 Files
  • 8
    Feb 8th
    0 Files
  • 9
    Feb 9th
    0 Files
  • 10
    Feb 10th
    0 Files
  • 11
    Feb 11th
    0 Files
  • 12
    Feb 12th
    0 Files
  • 13
    Feb 13th
    0 Files
  • 14
    Feb 14th
    0 Files
  • 15
    Feb 15th
    0 Files
  • 16
    Feb 16th
    0 Files
  • 17
    Feb 17th
    0 Files
  • 18
    Feb 18th
    0 Files
  • 19
    Feb 19th
    0 Files
  • 20
    Feb 20th
    0 Files
  • 21
    Feb 21st
    0 Files
  • 22
    Feb 22nd
    0 Files
  • 23
    Feb 23rd
    0 Files
  • 24
    Feb 24th
    0 Files
  • 25
    Feb 25th
    0 Files
  • 26
    Feb 26th
    0 Files
  • 27
    Feb 27th
    0 Files
  • 28
    Feb 28th
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2022 Packet Storm. All rights reserved.

Hosting By
Rokasec
close