The Vigil@nce team watches public vulnerabilities impacting your computers, and then offers security solutions, a database and tools to fix them.

Computer vulnerabilities of RedHat JBoss EAP

vulnerability alert CVE-2015-0254

Jakarta Tag Library: external XML entity injection

Synthesis of the vulnerability

An attacker can transmit malicious XML data to Jakarta Tag Library, in order to read a file, scan sites, or trigger a denial of service.
Severity: 2/4.
Creation date: 31/08/2015.
Identifiers: 1978495, 1989475, 1995377, 7014463, CVE-2015-0254, openSUSE-SU-2015:1751-1, RHSA-2015:1695-01, RHSA-2016:0121-01, RHSA-2016:0122-01, RHSA-2016:0123-01, RHSA-2016:0124-01, RHSA-2016:0125-01, RHSA-2016:1838-01, RHSA-2016:1839-01, RHSA-2016:1840-01, RHSA-2016:1841-01, SUSE-SU-2017:1568-1, SUSE-SU-2017:1701-1, USN-2551-1, VIGILANCE-VUL-17779.
Full Vigil@nce bulletin... (Free trial)

Description of the vulnerability

XML data can contain external entities (DTD):
  <!ENTITY name SYSTEM "file">
  <!ENTITY name SYSTEM "http://server/file">
A program which reads these XML data can replace these entities by data coming from the indicated file. When the program uses XML data coming from an untrusted source, this behavior leads to:
 - content disclosure from files of the server
 - private web site scan
 - a denial of service by opening a blocking file
This feature must be disabled to process XML data coming from an untrusted source.

However, the Jakarta Tag Library parser allows external entities.

An attacker can therefore transmit malicious XML data to Jakarta Tag Library, in order to read a file, scan sites, or trigger a denial of service.
Full Vigil@nce bulletin... (Free trial)

weakness note CVE-2015-3158

PicketLink IDP: privilege escalation

Synthesis of the vulnerability

An attacker authenticated can use PicketLink IDP, in order to access to resources requiring a special role.
Severity: 2/4.
Creation date: 25/08/2015.
Identifiers: 1216123, CVE-2015-3158, RHSA-2015:1669-01, RHSA-2015:1670-01, RHSA-2015:1671-01, RHSA-2015:1672-01, RHSA-2015:1673-01, VIGILANCE-VUL-17741.
Full Vigil@nce bulletin... (Free trial)

Description of the vulnerability

The PicketLink IDP product offers an Identity Provider service.

It can be configured to require users connecting to a resource to have a special role. However, this role is not checked.

An attacker authenticated can therefore use PicketLink IDP, in order to access to resources requiring a special role.
Full Vigil@nce bulletin... (Free trial)

computer threat bulletin CVE-2014-8111

Apache Tomcat JK Connector: information disclosure via JkUnmount

Synthesis of the vulnerability

An attacker can bypass access restrictions defined by JkUnMount of mod-jk, in order to obtain sensitive information or to access to private spaces.
Severity: 3/4.
Creation date: 04/06/2015.
Revision date: 27/07/2015.
Identifiers: bulletinoct2015, CVE-2014-8111, DSA-3278-1, RHSA-2015:0846-01, RHSA-2015:0847-01, RHSA-2015:0848-01, RHSA-2015:0849-01, RHSA-2015:1641-03, RHSA-2015:1642-03, SUSE-SU-2018:3970-1, VIGILANCE-VUL-17058.
Full Vigil@nce bulletin... (Free trial)

Description of the vulnerability

The JkUnMount directive of Apache Tomcat JK Connector defines a path to exclude. For example:
  JkMount /* worker1
  JkUnMount /admin/* worker1

However, if an attacker uses several consecutive slash characters, the JkUnMount directive is ignored.

An attacker can therefore bypass access restrictions defined by JkUnMount of mod-jk, in order to obtain sensitive information or to access to private spaces.
Full Vigil@nce bulletin... (Free trial)

cybersecurity announce CVE-2015-0253 CVE-2015-3183 CVE-2015-3185

Apache httpd: three vulnerabilities

Synthesis of the vulnerability

An attacker can use several vulnerabilities of Apache httpd.
Severity: 3/4.
Number of vulnerabilities in this bulletin: 3.
Creation date: 15/07/2015.
Identifiers: 1963361, 1965444, 1967197, 1969062, bulletinoct2015, c04832246, c04926789, CVE-2015-0253, CVE-2015-3183, CVE-2015-3185, DSA-2019-131, DSA-3325-1, DSA-3325-2, FEDORA-2015-11689, FEDORA-2015-11792, HPSBUX03435, HPSBUX03512, openSUSE-SU-2015:1684-1, RHSA-2015:1666-01, RHSA-2015:1667-01, RHSA-2015:1668-01, RHSA-2015:2659-01, RHSA-2015:2660-01, RHSA-2015:2661-01, RHSA-2016:0062-01, RHSA-2016:2054-01, RHSA-2016:2055-01, RHSA-2016:2056-01, SOL17251, SSA:2015-198-01, SSRT102254, SSRT102977, USN-2686-1, VIGILANCE-VUL-17378.
Full Vigil@nce bulletin... (Free trial)

Description of the vulnerability

Several vulnerabilities were announced in Apache httpd.

An attacker can generate an error during the analysis of the HTTP Chunk header, in order to trigger a denial of service, and possibly to run code. [severity:3/4; CVE-2015-3183]

The ap_some_auth_required directive is not honored, so an attacker can access to the service with no authentication. [severity:2/4; CVE-2015-3185]

When the configuration of "ErrorDocument 400" points to a local url/file, and when the INCLUDES filter is enabled, an attacker can trigger a denial of service. [severity:2/4; CVE-2015-0253]
Full Vigil@nce bulletin... (Free trial)

security note CVE-2015-4000

TLS: weakening Diffie-Hellman via Logjam

Synthesis of the vulnerability

An attacker, located as a Man-in-the-Middle, can force the TLS client/server to accept a weak export algorithm, in order to more easily capture or alter exchanged data.
Severity: 2/4.
Creation date: 20/05/2015.
Revision date: 20/05/2015.
Identifiers: 1610582, 1647054, 1957980, 1958984, 1959033, 1959539, 1959745, 1960194, 1960418, 1960862, 1962398, 1962694, 1963151, 9010038, 9010039, 9010041, 9010044, BSA-2015-005, bulletinjan2016, bulletinjul2015, c04725401, c04760669, c04767175, c04770140, c04773119, c04773241, c04774058, c04778650, c04832246, c04918839, c04926789, CERTFR-2016-AVI-303, CTX216642, CVE-2015-4000, DLA-507-1, DSA-3287-1, DSA-3300-1, DSA-3688-1, FEDORA-2015-10047, FEDORA-2015-10108, FEDORA-2015-9048, FEDORA-2015-9130, FEDORA-2015-9161, FreeBSD-EN-15:08.sendmail, FreeBSD-SA-15:10.openssl, HPSBGN03399, HPSBGN03407, HPSBGN03411, HPSBGN03417, HPSBHF03433, HPSBMU03345, HPSBMU03401, HPSBUX03363, HPSBUX03388, HPSBUX03435, HPSBUX03512, JSA10681, Logjam, NetBSD-SA2015-008, NTAP-20150616-0001, NTAP-20150715-0001, NTAP-20151028-0001, openSUSE-SU-2015:1139-1, openSUSE-SU-2015:1209-1, openSUSE-SU-2015:1216-1, openSUSE-SU-2015:1277-1, openSUSE-SU-2016:0226-1, openSUSE-SU-2016:0255-1, openSUSE-SU-2016:0261-1, openSUSE-SU-2016:2267-1, PAN-SA-2016-0020, PAN-SA-2016-0028, RHSA-2015:1072-01, RHSA-2015:1185-01, RHSA-2015:1197-01, RHSA-2016:2054-01, RHSA-2016:2055-01, RHSA-2016:2056-01, SA111, SA40002, SA98, SB10122, SSA:2015-219-02, SSRT102180, SSRT102254, SSRT102964, SSRT102977, SUSE-SU-2015:1143-1, SUSE-SU-2015:1150-1, SUSE-SU-2015:1177-1, SUSE-SU-2015:1177-2, SUSE-SU-2015:1181-1, SUSE-SU-2015:1181-2, SUSE-SU-2015:1182-2, SUSE-SU-2015:1183-1, SUSE-SU-2015:1183-2, SUSE-SU-2015:1184-1, SUSE-SU-2015:1184-2, SUSE-SU-2015:1185-1, SUSE-SU-2015:1268-1, SUSE-SU-2015:1268-2, SUSE-SU-2015:1269-1, SUSE-SU-2015:1581-1, SUSE-SU-2016:0224-1, SUSE-SU-2018:1768-1, TSB16728, USN-2624-1, USN-2625-1, USN-2656-1, USN-2656-2, VIGILANCE-VUL-16950, VN-2015-007.
Full Vigil@nce bulletin... (Free trial)

Description of the vulnerability

The Diffie-Hellman algorithm is used to exchange cryptographic keys. The DHE_EXPORT suite uses prime numbers smaller than 512 bits.

The Diffie-Hellman algorithm is used by TLS. However, during the negotiation, an attacker, located as a Man-in-the-Middle, can force TLS to use DHE_EXPORT (event if stronger suites are available).

This vulnerability can then be combined with VIGILANCE-VUL-16951.

An attacker, located as a Man-in-the-Middle, can therefore force the TLS client/server to accept a weak export algorithm, in order to more easily capture or alter exchanged data.
Full Vigil@nce bulletin... (Free trial)

cybersecurity bulletin CVE-2014-8122

JBoss Weld: information disclosure via Stale Thread State

Synthesis of the vulnerability

An attacker can bypass access restrictions to data in Stale Thread State of JBoss Weld, in order to obtain sensitive information.
Severity: 2/4.
Creation date: 04/05/2015.
Identifiers: CVE-2014-8122, RHSA-2015:0215-01, RHSA-2015:0216-01, RHSA-2015:0217-01, RHSA-2015:0218-01, RHSA-2015:0675-01, RHSA-2015:0773-01, RHSA-2015:0850-01, RHSA-2015:0851-01, RHSA-2015:0920-01, VIGILANCE-VUL-16804.
Full Vigil@nce bulletin... (Free trial)

Description of the vulnerability

An attacker can bypass access restrictions to data in Stale Thread State of JBoss Weld, in order to obtain sensitive information.
Full Vigil@nce bulletin... (Free trial)

security bulletin CVE-2014-7853

JBoss AS: information disclosure via JacORB

Synthesis of the vulnerability

An attacker can bypass access restrictions to data in JacORB of JBoss AS, in order to obtain sensitive information.
Severity: 2/4.
Creation date: 04/05/2015.
Identifiers: CVE-2014-7853, RHSA-2015:0215-01, RHSA-2015:0216-01, RHSA-2015:0217-01, RHSA-2015:0218-01, RHSA-2015:0920-01, VIGILANCE-VUL-16803.
Full Vigil@nce bulletin... (Free trial)

Description of the vulnerability

An attacker can bypass access restrictions to data in JacORB of JBoss AS, in order to obtain sensitive information.
Full Vigil@nce bulletin... (Free trial)

computer vulnerability alert CVE-2014-7849

JBoss AS: read-write access via RBAC

Synthesis of the vulnerability

An attacker can bypass access restrictions of RBAC of JBoss AS, in order to read or alter data.
Severity: 2/4.
Creation date: 04/05/2015.
Identifiers: CVE-2014-7849, RHSA-2015:0215-01, RHSA-2015:0216-01, RHSA-2015:0217-01, RHSA-2015:0218-01, RHSA-2015:0920-01, VIGILANCE-VUL-16802.
Full Vigil@nce bulletin... (Free trial)

Description of the vulnerability

An attacker can bypass access restrictions of RBAC of JBoss AS, in order to read or alter data.
Full Vigil@nce bulletin... (Free trial)

computer vulnerability alert CVE-2014-3490

JBoss RESTEasy: external XML entity injection

Synthesis of the vulnerability

An attacker can transmit malicious XML data to JBoss RESTEasy, in order to read a file, scan sites, or trigger a denial of service.
Severity: 2/4.
Creation date: 27/04/2015.
Identifiers: 1107901, cpuoct2018, CVE-2014-3490, FEDORA-2014-16845, RHSA-2014:1011-01, RHSA-2014:1039-01, RHSA-2014:1040-01, RHSA-2014:1298-01, RHSA-2014:1904-01, RHSA-2015:0125-01, RHSA-2015:0234-01, RHSA-2015:0235-01, RHSA-2015:0675-01, RHSA-2015:0720-01, RHSA-2015:0765-01, RHSA-2015:1009, VIGILANCE-VUL-16714.
Full Vigil@nce bulletin... (Free trial)

Description of the vulnerability

XML data can contain external entities (DTD):
  <!ENTITY name SYSTEM "file">
  <!ENTITY name SYSTEM "http://server/file">
A program which reads these XML data can replace these entities by data coming from the indicated file. When the program uses XML data coming from an untrusted source, this behavior leads to:
 - content disclosure from files of the server
 - private web site scan
 - a denial of service by opening a blocking file
This feature must be disabled to process XML data coming from an untrusted source.

However, the JBoss RESTEasy parser allows external entities.

An attacker can therefore transmit malicious XML data to JBoss RESTEasy, in order to read a file, scan sites, or trigger a denial of service.
Full Vigil@nce bulletin... (Free trial)

vulnerability CVE-2014-0230

Apache Tomcat: denial of service via SwallowSize

Synthesis of the vulnerability

An attacker can upload an invalid file on Apache Tomcat, to consume a large amount of memory, in order to trigger a denial of service.
Severity: 2/4.
Creation date: 10/04/2015.
Identifiers: bulletinoct2015, c05054964, CERTFR-2015-AVI-204, cpujul2018, CVE-2014-0230, DSA-3530-1, HPSBUX03561, RHSA-2015:1621-01, RHSA-2015:1622-01, RHSA-2015:2659-01, RHSA-2015:2660-01, RHSA-2015:2661-01, RHSA-2016:0595-01, RHSA-2016:0596-01, RHSA-2016:0597-01, RHSA-2016:0599-01, SOL17123, USN-2654-1, USN-2655-1, VIGILANCE-VUL-16570.
Full Vigil@nce bulletin... (Free trial)

Description of the vulnerability

The Apache Tomcat product offers a web service, which can accept the file upload feature.

However, when the tomcat server expects to refuse an upload, it still accepts to read the received file without a memory limit.

An attacker can therefore upload an invalid file on Apache Tomcat, to consume a large amount of memory, in order to trigger a denial of service.
Full Vigil@nce bulletin... (Free trial)
Our database contains other pages. You can request a free trial to read them.

Display information about RedHat JBoss EAP: