exploit the possibilities
Home Files News &[SERVICES_TAB]About Contact Add New
Showing 1 - 7 of 7 RSS Feed

CVE-2014-8111

Status Candidate

Overview

Apache Tomcat Connectors (mod_jk) before 1.2.41 ignores JkUnmount rules for subtrees of previous JkMount rules, which allows remote attackers to access otherwise restricted artifacts via unspecified vectors.

Related Files

Red Hat Security Advisory 2015-1641-03
Posted Aug 18, 2015
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2015-1641-03 - Red Hat JBoss Web Server is a fully integrated and certified set of components for hosting Java web applications. It is comprised of the Apache HTTP Server, the Apache Tomcat Servlet container, Apache Tomcat Connector, JBoss HTTP Connector, Hibernate, and the Tomcat Native library. A flaw was found in the way the mod_cluster manager processed certain MCMP messages. An attacker with access to the network from which MCMP messages are allowed to be sent could use this flaw to execute arbitrary JavaScript code in the mod_cluster manager web interface.

tags | advisory, web, arbitrary, javascript
systems | linux, redhat
advisories | CVE-2014-8111, CVE-2015-0298
SHA-256 | 618a04df343a2ac0c65ea8ade3b6b0f3b2e9336d31745962e7bb003463c800b8
Red Hat Security Advisory 2015-1642-03
Posted Aug 18, 2015
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2015-1642-03 - Red Hat JBoss Web Server is a fully integrated and certified set of components for hosting Java web applications. It is comprised of the Apache HTTP Server, the Apache Tomcat Servlet container, Apache Tomcat Connector, JBoss HTTP Connector, Hibernate, and the Tomcat Native library. A flaw was found in the way the mod_cluster manager processed certain MCMP messages. An attacker with access to the network from which MCMP messages are allowed to be sent could use this flaw to execute arbitrary JavaScript code in the mod_cluster manager web interface.

tags | advisory, web, arbitrary, javascript
systems | linux, redhat
advisories | CVE-2014-8111, CVE-2015-0298
SHA-256 | 872fbaba86f701b849f2c8d43b7e548340d2b293c22880fd130ebf10972bd1f4
Debian Security Advisory 3278-1
Posted Jun 5, 2015
Authored by Debian | Site debian.org

Debian Linux Security Advisory 3278-1 - An information disclosure flaw due to incorrect JkMount/JkUnmount directives processing was found in the Apache 2 module mod_jk to forward requests from the Apache web server to Tomcat. A JkUnmount rule for a subtree of a previous JkMount rule could be ignored. This could allow a remote attacker to potentially access a private artifact in a tree that would otherwise not be accessible to them.

tags | advisory, remote, web, info disclosure
systems | linux, debian
advisories | CVE-2014-8111
SHA-256 | 3d81f2f4af8c6a4430f3715b60d3f660036aa2342713122f5488dcb8cbd9a2bd
Red Hat Security Advisory 2015-0849-01
Posted Apr 17, 2015
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2015-0849-01 - Red Hat JBoss Enterprise Application Platform 6 is a platform for Java applications based on JBoss Application Server 7. It was found that a prior countermeasure in Apache WSS4J for Bleichenbacher's attack on XML Encryption threw an exception that permitted an attacker to determine the failure of the attempted attack, thereby leaving WSS4J vulnerable to the attack. The original flaw allowed a remote attacker to recover the entire plain text form of a symmetric key. A flaw was found in the way PicketLink's Service Provider and Identity Provider handled certain requests. A remote attacker could use this flaw to log to a victim's account via PicketLink.

tags | advisory, java, remote
systems | linux, redhat
advisories | CVE-2014-3570, CVE-2014-3586, CVE-2014-8111, CVE-2015-0204, CVE-2015-0226, CVE-2015-0227, CVE-2015-0277
SHA-256 | ba394fc4325fb91428de25b9326aa19d04a780c919afb4991bbaf15e3d05a16c
Red Hat Security Advisory 2015-0846-01
Posted Apr 17, 2015
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2015-0846-01 - Red Hat JBoss Enterprise Application Platform 6 is a platform for Java applications based on JBoss Application Server 7. It was found that a prior countermeasure in Apache WSS4J for Bleichenbacher's attack on XML Encryption threw an exception that permitted an attacker to determine the failure of the attempted attack, thereby leaving WSS4J vulnerable to the attack. The original flaw allowed a remote attacker to recover the entire plain text form of a symmetric key. It was found that Apache WSS4J permitted bypass of the requireSignedEncryptedDataElements configuration property via XML Signature wrapping attacks. A remote attacker could use this flaw to modify the contents of a signed request.

tags | advisory, java, remote
systems | linux, redhat
advisories | CVE-2014-3586, CVE-2014-8111, CVE-2015-0226, CVE-2015-0227, CVE-2015-0277
SHA-256 | 007c30d1032917d88f831b90ee1b776f422fc055a9966bc6afdf4a0f8adb9efc
Red Hat Security Advisory 2015-0848-01
Posted Apr 17, 2015
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2015-0848-01 - Red Hat JBoss Enterprise Application Platform 6 is a platform for Java applications based on JBoss Application Server 7. It was found that a prior countermeasure in Apache WSS4J for Bleichenbacher's attack on XML Encryption threw an exception that permitted an attacker to determine the failure of the attempted attack, thereby leaving WSS4J vulnerable to the attack. The original flaw allowed a remote attacker to recover the entire plain text form of a symmetric key. A flaw was found in the way PicketLink's Service Provider and Identity Provider handled certain requests. A remote attacker could use this flaw to log to a victim's account via PicketLink.

tags | advisory, java, remote
systems | linux, redhat
advisories | CVE-2014-3586, CVE-2014-8111, CVE-2015-0226, CVE-2015-0227, CVE-2015-0277
SHA-256 | d508b12d1e65d1ca12274e01b7846a3fcb61ca9075e2787500de0a34e7a0db5e
Red Hat Security Advisory 2015-0847-01
Posted Apr 17, 2015
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2015-0847-01 - Red Hat JBoss Enterprise Application Platform 6 is a platform for Java applications based on JBoss Application Server 7. It was found that a prior countermeasure in Apache WSS4J for Bleichenbacher's attack on XML Encryption threw an exception that permitted an attacker to determine the failure of the attempted attack, thereby leaving WSS4J vulnerable to the attack. The original flaw allowed a remote attacker to recover the entire plain text form of a symmetric key. It was found that Apache WSS4J permitted bypass of the requireSignedEncryptedDataElements configuration property via XML Signature wrapping attacks. A remote attacker could use this flaw to modify the contents of a signed request.

tags | advisory, java, remote
systems | linux, redhat
advisories | CVE-2014-3586, CVE-2014-8111, CVE-2015-0226, CVE-2015-0227, CVE-2015-0277
SHA-256 | b103d846644536060b8020b4372d90cf6216364da3fcf9087a816626005dbdf4
Page 1 of 1
Back1Next

File Archive:

November 2024

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Nov 1st
    30 Files
  • 2
    Nov 2nd
    0 Files
  • 3
    Nov 3rd
    0 Files
  • 4
    Nov 4th
    12 Files
  • 5
    Nov 5th
    44 Files
  • 6
    Nov 6th
    18 Files
  • 7
    Nov 7th
    9 Files
  • 8
    Nov 8th
    8 Files
  • 9
    Nov 9th
    3 Files
  • 10
    Nov 10th
    0 Files
  • 11
    Nov 11th
    14 Files
  • 12
    Nov 12th
    20 Files
  • 13
    Nov 13th
    63 Files
  • 14
    Nov 14th
    18 Files
  • 15
    Nov 15th
    8 Files
  • 16
    Nov 16th
    0 Files
  • 17
    Nov 17th
    0 Files
  • 18
    Nov 18th
    18 Files
  • 19
    Nov 19th
    7 Files
  • 20
    Nov 20th
    13 Files
  • 21
    Nov 21st
    6 Files
  • 22
    Nov 22nd
    48 Files
  • 23
    Nov 23rd
    0 Files
  • 24
    Nov 24th
    0 Files
  • 25
    Nov 25th
    60 Files
  • 26
    Nov 26th
    0 Files
  • 27
    Nov 27th
    0 Files
  • 28
    Nov 28th
    0 Files
  • 29
    Nov 29th
    0 Files
  • 30
    Nov 30th
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2024 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close