Red Hat Security Advisory 2014-0400-03 - Red Hat JBoss Fuse, based on Apache ServiceMix, provides a small-footprint, flexible, open source enterprise service bus and integration platform. Security fixes: A flaw was found in the way Apache Santuario XML Security for Java validated XML signatures. Santuario allowed a signature to specify an arbitrary canonicalization algorithm, which would be applied to the SignedInfo XML fragment. A remote attacker could exploit this to spoof an XML signature via a specially crafted XML signature block.
59fb89a523cbebe70f311b3e2011f6b31d5456d35c7cb4af096d9f8a7b46823eRed Hat Security Advisory 2014-0401-02 - Red Hat JBoss A-MQ, based on Apache ActiveMQ, is a standards-compliant messaging system that is tailored for use in mission critical applications. Red Hat JBoss A-MQ 6.1.0 is a minor product release that updates Red Hat JBoss A-MQ 6.0.0 and includes several bug fixes and enhancements.
884c2290b52cd9e01634db919d477a8981b15a764efe9bb37401b8a31a1d82baDebian Linux Security Advisory 2890-1 - Two vulnerabilities were discovered in libspring-java, the Debian package for the Java Spring framework.
27f9ee57599c732f28379d5fd74abab6f97c737a3bcf24f10c2f7392d21aa918Spring MVC suffers from a cross site scripting vulnerability. When a programmer does not specify the action on the Spring form, Spring automatically populates the action field with the requested uri. An attacker can use this to inject malicious content into the form. Versions 3.0.0 through 3.2.8 and 4.0.0 through 4.0.1 are affected.
5eb5caff637b21acb3508f02276c5259beb463317ea4a478aa07494344d9cac9
© 2022 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed