what you don't know can hurt you
Showing 1 - 10 of 10 RSS Feed

CVE-2018-8039

Status Candidate

Overview

It is possible to configure Apache CXF to use the com.sun.net.ssl implementation via 'System.setProperty("java.protocol.handler.pkgs", "com.sun.net.ssl.internal.www.protocol");'. When this system property is set, CXF uses some reflection to try to make the HostnameVerifier work with the old com.sun.net.ssl.HostnameVerifier interface. However, the default HostnameVerifier implementation in CXF does not implement the method in this interface, and an exception is thrown. However, in Apache CXF prior to 3.2.5 and 3.1.16 the exception is caught in the reflection code and not properly propagated. What this means is that if you are using the com.sun.net.ssl stack with CXF, an error with TLS hostname verification will not be thrown, leaving a CXF client subject to man-in-the-middle attacks.

Related Files

Red Hat Security Advisory 2018-3817-01
Posted Dec 11, 2018
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2018-3817-01 - Red Hat Fuse provides a small-footprint, flexible, open source enterprise service bus and integration platform. Red Hat A-MQ is a standards compliant messaging system that is tailored for use in mission critical applications. This patch is an update to Red Hat Fuse 6.3 and Red Hat A-MQ 6.3. It includes bug fixes, which are documented in the patch notes accompanying the package on the download page. See the download link given in the references section below. Security fix: Issues addressed include a cross site scripting vulnerability.

tags | advisory, xss
systems | linux, redhat
advisories | CVE-2017-7536, CVE-2018-1000129, CVE-2018-8039
MD5 | a4cfe4fb2fdbceb6a68eb760d5506e91
Red Hat Security Advisory 2018-3768-01
Posted Dec 6, 2018
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2018-3768-01 - Red Hat Fuse enables integration experts, application developers, and business users to collaborate and independently develop connected solutions. Fuse is part of an agile integration solution. Its distributed approach allows teams to deploy integrated services where required. The API-centric, container-based architecture decouples services so they can be created, extended, and deployed independently. This release of Red Hat Fuse 7.2 serves as a replacement for Red Hat Fuse 7.1, and includes bug fixes and enhancements, which are documented in the Release Notes document linked to in the References. Issues addressed include code execution, denial of service, deserialization, and traversal vulnerabilities.

tags | advisory, denial of service, vulnerability, code execution
systems | linux, redhat
advisories | CVE-2016-5002, CVE-2016-5003, CVE-2017-12196, CVE-2018-12537, CVE-2018-1257, CVE-2018-1259, CVE-2018-1288, CVE-2018-1336, CVE-2018-8014, CVE-2018-8018, CVE-2018-8039, CVE-2018-8041
MD5 | 6379aa8994b8c9b0a411a17b70ade8a9
Red Hat Security Advisory 2018-2643-01
Posted Sep 4, 2018
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2018-2643-01 - The RHV-M Virtual Appliance automates the process of installing and configuring the Red Hat Virtualization Manager. The appliance is available to download as an OVA file from the Customer Portal. Issues addressed include denial of service and traversal vulnerabilities.

tags | advisory, denial of service, vulnerability
systems | linux, redhat
advisories | CVE-2018-1000180, CVE-2018-10237, CVE-2018-1067, CVE-2018-10862, CVE-2018-10915, CVE-2018-1114, CVE-2018-8039
MD5 | 0af466be7b8ece10badd17353a6cd6d5
Red Hat Security Advisory 2018-2423-01
Posted Aug 15, 2018
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2018-2423-01 - Red Hat JBoss Enterprise Application Platform is a platform for Java applications based on the JBoss Application Server. This release of Red Hat JBoss Enterprise Application Platform 7.1.4 serves as a replacement for Red Hat JBoss Enterprise Application Platform 7.1.3, and includes bug fixes and enhancements, which are documented in the Release Notes document linked to in the References. Issues addressed include denial of service and traversal vulnerabilities.

tags | advisory, java, denial of service, vulnerability
systems | linux, redhat
advisories | CVE-2017-12624, CVE-2018-1000180, CVE-2018-10237, CVE-2018-10862, CVE-2018-8039
MD5 | 9843df3e66ede978c76604198232e007
Red Hat Security Advisory 2018-2424-01
Posted Aug 15, 2018
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2018-2424-01 - Red Hat JBoss Enterprise Application Platform is a platform for Java applications based on the JBoss Application Server. This release of Red Hat JBoss Enterprise Application Platform 7.1.4 serves as a replacement for Red Hat JBoss Enterprise Application Platform 7.1.3, and includes bug fixes and enhancements, which are documented in the Release Notes document linked to in the References. Issues addressed include denial of service and traversal vulnerabilities.

tags | advisory, java, denial of service, vulnerability
systems | linux, redhat
advisories | CVE-2017-12624, CVE-2018-1000180, CVE-2018-10237, CVE-2018-10862, CVE-2018-8039
MD5 | e475746c5e8e9707f900b45689524423
Red Hat Security Advisory 2018-2428-01
Posted Aug 15, 2018
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2018-2428-01 - Red Hat Single Sign-On 7.2 is a standalone server, based on the Keycloak project, that provides authentication and standards-based single sign-on capabilities for web and mobile applications. This release of Red Hat Single Sign-On 7.2.4 serves as a replacement for Red Hat Single Sign-On 7.2.3, and includes bug fixes and enhancements, which are documented in the Release Notes document linked to in the References. Issues addressed include denial of service and traversal vulnerabilities.

tags | advisory, web, denial of service, vulnerability
systems | linux, redhat
advisories | CVE-2017-12624, CVE-2018-1000180, CVE-2018-10237, CVE-2018-10862, CVE-2018-10912, CVE-2018-8039
MD5 | b7f5e94b3fe341dd249dd5e53290aa95
Red Hat Security Advisory 2018-2425-01
Posted Aug 15, 2018
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2018-2425-01 - Red Hat JBoss Enterprise Application Platform 7 is a platform for Java applications based on Wildfly. This release of Red Hat JBoss Enterprise Application Platform 7.1.4 serves as a replacement for Red Hat JBoss Enterprise Application Platform 7.1.3, and includes bug fixes and enhancements, which are documented in the Release Notes document linked to in the References. Issues addressed include denial of service and traversal vulnerabilities.

tags | advisory, java, denial of service, vulnerability
systems | linux, redhat
advisories | CVE-2017-12624, CVE-2018-1000180, CVE-2018-10237, CVE-2018-10862, CVE-2018-8039
MD5 | be58e752dc451b593fcfa44af7aa47b1
Red Hat Security Advisory 2018-2276-01
Posted Jul 26, 2018
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2018-2276-01 - Red Hat JBoss Enterprise Application Platform 7 is a platform for Java applications based on Wildfly. This asynchronous patch is a security update for wildfly-core and apache-cxf packages in Red Hat JBoss Enterprise Application Platform 7.1 Issues addressed include a traversal vulnerability.

tags | advisory, java
systems | linux, redhat
advisories | CVE-2018-10862, CVE-2018-8039
MD5 | 3d011e4a8c8678999e32ecbfe9137a59
Red Hat Security Advisory 2018-2277-01
Posted Jul 26, 2018
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2018-2277-01 - Red Hat JBoss Enterprise Application Platform 7 is a platform for Java applications based on Wildfly. This asynchronous patch is a security update for apache-cxf package in Red Hat JBoss Enterprise Application Platform 7.1 Issues addressed include a traversal vulnerability.

tags | advisory, java
systems | linux, redhat
advisories | CVE-2018-10862, CVE-2018-8039
MD5 | 151c018f8ec415c63608910036d3f84a
Red Hat Security Advisory 2018-2279-01
Posted Jul 26, 2018
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2018-2279-01 - Red Hat Single Sign-On 7.2 is a standalone server, based on the Keycloak project, that provides authentication and standards-based single sign-on capabilities for web and mobile applications. This asynchronous patch is a security update for wildfly-core and apache-cxf packages in Red Hat Single Sign-On 7.2. Issues addressed include a traversal vulnerability.

tags | advisory, web
systems | linux, redhat
advisories | CVE-2018-10862, CVE-2018-8039
MD5 | c3d63485b88e30d23ace68663b9b57fc
Page 1 of 1
Back1Next

File Archive:

January 2019

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Jan 1st
    15 Files
  • 2
    Jan 2nd
    15 Files
  • 3
    Jan 3rd
    11 Files
  • 4
    Jan 4th
    1 Files
  • 5
    Jan 5th
    2 Files
  • 6
    Jan 6th
    5 Files
  • 7
    Jan 7th
    24 Files
  • 8
    Jan 8th
    15 Files
  • 9
    Jan 9th
    16 Files
  • 10
    Jan 10th
    23 Files
  • 11
    Jan 11th
    17 Files
  • 12
    Jan 12th
    3 Files
  • 13
    Jan 13th
    2 Files
  • 14
    Jan 14th
    18 Files
  • 15
    Jan 15th
    33 Files
  • 16
    Jan 16th
    23 Files
  • 17
    Jan 17th
    29 Files
  • 18
    Jan 18th
    15 Files
  • 19
    Jan 19th
    0 Files
  • 20
    Jan 20th
    0 Files
  • 21
    Jan 21st
    0 Files
  • 22
    Jan 22nd
    0 Files
  • 23
    Jan 23rd
    0 Files
  • 24
    Jan 24th
    0 Files
  • 25
    Jan 25th
    0 Files
  • 26
    Jan 26th
    0 Files
  • 27
    Jan 27th
    0 Files
  • 28
    Jan 28th
    0 Files
  • 29
    Jan 29th
    0 Files
  • 30
    Jan 30th
    0 Files
  • 31
    Jan 31st
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2019 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close