exploit the possibilities
Home Files News &[SERVICES_TAB]About Contact Add New
Showing 1 - 14 of 14 RSS Feed

CVE-2014-3530

Status Candidate

Overview

The org.picketlink.common.util.DocumentUtil.getDocumentBuilderFactory method in PicketLink, as used in Red Hat JBoss Enterprise Application Platform (JBEAP) 5.2.0 and 6.2.4, expands entity references, which allows remote attackers to read arbitrary code and possibly have other unspecified impact via unspecified vectors, related to an XML External Entity (XXE) issue.

Related Files

Red Hat Security Advisory 2015-1888-01
Posted Oct 12, 2015
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2015-1888-01 - Red Hat JBoss SOA Platform is the next-generation ESB and business process automation infrastructure. Red Hat JBoss SOA Platform allows IT to leverage existing, modern, and future integration methodologies to dramatically improve business process execution speed and quality. It was found that the code which checked that the server hostname matches the domain name in a subject's Common Name field in X.509 certificates was flawed. A man-in-the-middle attacker could use this flaw to spoof an SSL server using a specially crafted X.509 certificate.

tags | advisory, spoof
systems | linux, redhat
advisories | CVE-2012-6153, CVE-2013-7285, CVE-2014-0107, CVE-2014-0248, CVE-2014-3530, CVE-2014-3577, CVE-2014-3604
SHA-256 | 137300cf20be6442c17106059dabf78383537b44c8fef262d899c482c94adf70
Red Hat Security Advisory 2015-0765-01
Posted Apr 1, 2015
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2015-0765-01 - Red Hat JBoss Data Virtualization is a lean data integration solution that provides easy, real-time, and unified data access across disparate sources to multiple applications and users. JBoss Data Virtualization makes data spread across physically distinct systems-such as multiple databases, XML files, and even Hadoop systems-appear as a set of tables in a local database. This roll up patch serves as a cumulative upgrade for Red Hat JBoss Data Virtualization 6.0.0. It includes various bug fixes, which are listed in the README file included with the patch files.

tags | advisory, local
systems | linux, redhat
advisories | CVE-2012-6153, CVE-2013-4002, CVE-2013-5855, CVE-2014-0075, CVE-2014-0096, CVE-2014-0099, CVE-2014-0119, CVE-2014-0193, CVE-2014-0227, CVE-2014-3481, CVE-2014-3490, CVE-2014-3530, CVE-2014-3577
SHA-256 | 812ceadc9b7405e1b74c028dd9bff48d69f0ce6f109bef7f38161627f77360fb
Red Hat Security Advisory 2015-0720-01
Posted Mar 25, 2015
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2015-0720-01 - Red Hat JBoss Fuse Service Works is the next-generation ESB and business process automation infrastructure. This roll up patch serves as a cumulative upgrade for Red Hat JBoss Fuse Service Works 6.0.0. It includes various bug fixes, which are listed in the README file included with the patch files.

tags | advisory
systems | linux, redhat
advisories | CVE-2012-6153, CVE-2013-4002, CVE-2013-5855, CVE-2014-0005, CVE-2014-0075, CVE-2014-0096, CVE-2014-0099, CVE-2014-0119, CVE-2014-0193, CVE-2014-0227, CVE-2014-3472, CVE-2014-3481, CVE-2014-3490, CVE-2014-3530, CVE-2014-3558, CVE-2014-3577, CVE-2014-3578, CVE-2014-3625
SHA-256 | 4ce89b92cfd48ba7281a739aa5bd977c0dd79177e1e4b9ae367ed1deba2659c9
Red Hat Security Advisory 2015-0675-01
Posted Mar 12, 2015
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2015-0675-01 - Red Hat JBoss Data Virtualization is a lean data integration solution that provides easy, real-time, and unified data access across disparate sources to multiple applications and users. JBoss Data Virtualization makes data spread across physically distinct systems such as multiple databases, XML files, and even Hadoop systems appear as a set of tables in a local database. The release of Red Hat JBoss Data Virtualization 6.1.0 serves as a replacement for Red Hat JBoss Data Virtualization 6.0.0. It includes various bug fixes, which are listed in the README file included with the patch files.

tags | advisory, local
systems | linux, redhat
advisories | CVE-2012-6153, CVE-2013-4002, CVE-2013-4517, CVE-2013-5855, CVE-2014-0059, CVE-2014-0075, CVE-2014-0096, CVE-2014-0099, CVE-2014-0119, CVE-2014-0193, CVE-2014-0227, CVE-2014-3481, CVE-2014-3490, CVE-2014-3530, CVE-2014-3577, CVE-2014-3623, CVE-2014-7839, CVE-2014-8122
SHA-256 | a75cda8ec63a5e546176c931f472dd7be9d8e3618cc45e5e9dc28e234143ba38
Red Hat Security Advisory 2015-0235-01
Posted Feb 17, 2015
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2015-0235-01 - Red Hat JBoss BRMS is a business rules management system for the management, storage, creation, modification, and deployment of JBoss Rules. This roll up patch serves as a cumulative upgrade for Red Hat JBoss BRMS 6.0.3, and includes bug fixes and enhancements. It includes various bug fixes, which are listed in the README file included with the patch files.

tags | advisory
systems | linux, redhat
advisories | CVE-2012-6153, CVE-2013-4002, CVE-2013-5855, CVE-2014-0005, CVE-2014-0075, CVE-2014-0096, CVE-2014-0099, CVE-2014-0119, CVE-2014-0193, CVE-2014-0227, CVE-2014-3472, CVE-2014-3490, CVE-2014-3530, CVE-2014-3558, CVE-2014-3577, CVE-2014-3578, CVE-2014-3625, CVE-2014-3682, CVE-2014-8114, CVE-2014-8115
SHA-256 | f64f2ca65fbace1e4788ea16f69ecf599345eb34f981247acfbecdcca41d5401
Red Hat Security Advisory 2015-0234-01
Posted Feb 17, 2015
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2015-0234-01 - Red Hat JBoss BPM Suite is a business rules and processes management system for the management, storage, creation, modification, and deployment of JBoss rules and BPMN2-compliant business processes. This roll up patch serves as a cumulative upgrade for Red Hat JBoss BPM Suite 6.0.3, and includes bug fixes and enhancements. It includes various bug fixes, which are listed in the README file included with the patch files.

tags | advisory
systems | linux, redhat
advisories | CVE-2012-6153, CVE-2013-4002, CVE-2013-5855, CVE-2014-0005, CVE-2014-0075, CVE-2014-0096, CVE-2014-0099, CVE-2014-0119, CVE-2014-0193, CVE-2014-0227, CVE-2014-3472, CVE-2014-3490, CVE-2014-3530, CVE-2014-3558, CVE-2014-3577, CVE-2014-3578, CVE-2014-3625, CVE-2014-3682, CVE-2014-8114, CVE-2014-8115
SHA-256 | 89d8125129242bfb26c8918f339b601f902009b742ed74af25c35427a3a89137
Red Hat Security Advisory 2015-0091-01
Posted Jan 27, 2015
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2015-0091-01 - Red Hat JBoss Data Grid is a distributed in-memory data grid, based on Infinispan. This release of Red Hat JBoss Data Grid 6.4.0 serves as a replacement for Red Hat JBoss Data Grid 6.3.1. It includes various bug fixes and enhancements, which are detailed in the Red Hat JBoss Data Grid 6.4.0 Release Notes.

tags | advisory
systems | linux, redhat
advisories | CVE-2014-3530
SHA-256 | bdf037afd49b398166324949f92dc7768a32136e17bc96f57b60fefd223c3a7c
Red Hat Security Advisory 2014-0910-01
Posted Jul 21, 2014
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2014-0910-01 - Red Hat JBoss Operations Network is a middleware management solution that provides a single point of control to deploy, manage, and monitor JBoss Enterprise Middleware, applications, and services. This JBoss Operations Network 3.2.2 release serves as a replacement for JBoss Operations Network 3.2.1, and includes several bug fixes.

tags | advisory
systems | linux, redhat
advisories | CVE-2013-5855, CVE-2014-0058, CVE-2014-0193, CVE-2014-3530
SHA-256 | 7af56d5dc9c292b2a0044d35f62a3d98324ab1a497e7002967f712beb2148fa0
Red Hat Security Advisory 2014-0898-01
Posted Jul 16, 2014
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2014-0898-01 - Red Hat JBoss Enterprise Web Platform is a platform for Java applications, which integrates the JBoss Web Server with JBoss Hibernate and JBoss Seam. It was found that the implementation of the org.picketlink.common.util.DocumentUtil.getDocumentBuilderFactory() method provided a DocumentBuilderFactory that would expand entity references. A remote, unauthenticated attacker could use this flaw to read files accessible to the user running the application server, and potentially perform other more advanced XXE attacks.

tags | advisory, java, remote, web, xxe
systems | linux, redhat
advisories | CVE-2014-3530
SHA-256 | 18741ed083fd88bef12746d5d7cb90c7633e1bbdee424711f7b3da2352532b3c
Red Hat Security Advisory 2014-0897-01
Posted Jul 16, 2014
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2014-0897-01 - Red Hat JBoss Enterprise Web Platform is a platform for Java applications, which integrates the JBoss Web Server with JBoss Hibernate and JBoss Seam. It was found that the implementation of the org.picketlink.common.util.DocumentUtil.getDocumentBuilderFactory() method provided a DocumentBuilderFactory that would expand entity references. A remote, unauthenticated attacker could use this flaw to read files accessible to the user running the application server, and potentially perform other more advanced XXE attacks.

tags | advisory, java, remote, web, xxe
systems | linux, redhat
advisories | CVE-2014-3530
SHA-256 | 80ff770a940677ba6ce6e5fd9f188c8b53262afdde5337e1bd2d8f9c30bc6b65
Red Hat Security Advisory 2014-0886-00
Posted Jul 15, 2014
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2014-0886-00 - Red Hat JBoss Enterprise Application Platform is a platform for Java applications, which integrates the JBoss Application Server with JBoss Hibernate and JBoss Seam. It was found that the implementation of the org.picketlink.common.util.DocumentUtil.getDocumentBuilderFactory() method provided a DocumentBuilderFactory that would expand entity references. A remote, unauthenticated attacker could use this flaw to read files accessible to the user running the application server, and potentially perform other more advanced XXE attacks.

tags | advisory, java, remote, xxe
systems | linux, redhat
advisories | CVE-2014-3530
SHA-256 | d3ca816758feba4cd5d87e779e2f7d1863ed3a7afb7b0768d0234ca5c12c0450
Red Hat Security Advisory 2014-0885-01
Posted Jul 15, 2014
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2014-0885-01 - Red Hat JBoss Enterprise Application Platform is a platform for Java applications, which integrates the JBoss Application Server with JBoss Hibernate and JBoss Seam. It was found that the implementation of the org.picketlink.common.util.DocumentUtil.getDocumentBuilderFactory() method provided a DocumentBuilderFactory that would expand entity references. A remote, unauthenticated attacker could use this flaw to read files accessible to the user running the application server, and potentially perform other more advanced XXE attacks.

tags | advisory, java, remote, xxe
systems | linux, redhat
advisories | CVE-2014-3530
SHA-256 | 51e15bfe75d2d06eb17bd6b555217230ed6465d0220e45b26aff8848ef26cef7
Red Hat Security Advisory 2014-0884-00
Posted Jul 15, 2014
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2014-0884-00 - Red Hat JBoss Enterprise Application Platform 6 is a platform for Java applications based on JBoss Application Server 7. It was found that the implementation of the org.picketlink.common.util.DocumentUtil.getDocumentBuilderFactory() method provided a DocumentBuilderFactory that would expand entity references. A remote, unauthenticated attacker could use this flaw to read files accessible to the user running the application server, and potentially perform other more advanced XXE attacks.

tags | advisory, java, remote, xxe
systems | linux, redhat
advisories | CVE-2014-3530
SHA-256 | 824d19e24f381d4ffe663420e89fb27d7908ea0e5208c070a8564134a5a86b3c
Red Hat Security Advisory 2014-0883-01
Posted Jul 15, 2014
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2014-0883-01 - Red Hat JBoss Enterprise Application Platform 6 is a platform for Java applications based on JBoss Application Server 7. It was found that the implementation of the org.picketlink.common.util.DocumentUtil.getDocumentBuilderFactory() method provided a DocumentBuilderFactory that would expand entity references. A remote, unauthenticated attacker could use this flaw to read files accessible to the user running the application server, and potentially perform other more advanced XXE attacks.

tags | advisory, java, remote, xxe
systems | linux, redhat
advisories | CVE-2014-3530
SHA-256 | 2a52eb55391b6c8b922ce725eb855c7602647d799b5051376c79b0094d829e69
Page 1 of 1
Back1Next

File Archive:

July 2022

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Jul 1st
    52 Files
  • 2
    Jul 2nd
    0 Files
  • 3
    Jul 3rd
    0 Files
  • 4
    Jul 4th
    0 Files
  • 5
    Jul 5th
    0 Files
  • 6
    Jul 6th
    0 Files
  • 7
    Jul 7th
    0 Files
  • 8
    Jul 8th
    0 Files
  • 9
    Jul 9th
    0 Files
  • 10
    Jul 10th
    0 Files
  • 11
    Jul 11th
    0 Files
  • 12
    Jul 12th
    0 Files
  • 13
    Jul 13th
    0 Files
  • 14
    Jul 14th
    0 Files
  • 15
    Jul 15th
    0 Files
  • 16
    Jul 16th
    0 Files
  • 17
    Jul 17th
    0 Files
  • 18
    Jul 18th
    0 Files
  • 19
    Jul 19th
    0 Files
  • 20
    Jul 20th
    0 Files
  • 21
    Jul 21st
    0 Files
  • 22
    Jul 22nd
    0 Files
  • 23
    Jul 23rd
    0 Files
  • 24
    Jul 24th
    0 Files
  • 25
    Jul 25th
    0 Files
  • 26
    Jul 26th
    0 Files
  • 27
    Jul 27th
    0 Files
  • 28
    Jul 28th
    0 Files
  • 29
    Jul 29th
    0 Files
  • 30
    Jul 30th
    0 Files
  • 31
    Jul 31st
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2022 Packet Storm. All rights reserved.

Hosting By
Rokasec
close