Search criteria
6 vulnerabilities found for jboss_aerogear by redhat
CVE-2014-3650 (GCVE-0-2014-3650)
Vulnerability from nvd – Published: 2022-07-01 13:17 – Updated: 2024-08-06 10:50
VLAI?
Summary
Multiple persistent cross-site scripting (XSS) flaws were found in the way Aerogear handled certain user-supplied content. A remote attacker could use these flaws to compromise the application with specially crafted input.
Severity ?
No CVSS data available.
CWE
Assigner
References
| URL | Tags | |||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| n/a | Jboss Aerogear |
Affected:
Jboss Aerogear 1.0.0.final
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T10:50:18.238Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1144212"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://issues.redhat.com/browse/AEROGEAR-5978"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Jboss Aerogear",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "Jboss Aerogear 1.0.0.final"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Multiple persistent cross-site scripting (XSS) flaws were found in the way Aerogear handled certain user-supplied content. A remote attacker could use these flaws to compromise the application with specially crafted input."
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-79",
"description": "CWE-79",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-07-01T13:17:25",
"orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"shortName": "redhat"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1144212"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://issues.redhat.com/browse/AEROGEAR-5978"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"assignerShortName": "redhat",
"cveId": "CVE-2014-3650",
"datePublished": "2022-07-01T13:17:25",
"dateReserved": "2014-05-14T00:00:00",
"dateUpdated": "2024-08-06T10:50:18.238Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2014-3648 (GCVE-0-2014-3648)
Vulnerability from nvd – Published: 2022-07-01 13:16 – Updated: 2024-08-06 10:50
VLAI?
Summary
The simplepush server iterates through the application installations and pushes a notification to the server provided by deviceToken. But this is user controlled. If a bogus applications is registered with bad deviceTokens, one can generate endless exceptions when those endpoints can't be reached or can slow the server down by purposefully wasting it's time with slow endpoints. Similarly, one can provide whatever HTTP end point they want. This turns the server into a DDOS vector or an anonymizer for the posting of malware and so on.
Severity ?
No CVSS data available.
CWE
Assigner
References
| URL | Tags | ||||
|---|---|---|---|---|---|
|
|||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| n/a | Jboss Aerogear |
Affected:
Jboss Aerogear 1.0.0.final
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T10:50:18.312Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://issues.redhat.com/browse/AEROGEAR-6091"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Jboss Aerogear",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "Jboss Aerogear 1.0.0.final"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "The simplepush server iterates through the application installations and pushes a notification to the server provided by deviceToken. But this is user controlled. If a bogus applications is registered with bad deviceTokens, one can generate endless exceptions when those endpoints can\u0027t be reached or can slow the server down by purposefully wasting it\u0027s time with slow endpoints. Similarly, one can provide whatever HTTP end point they want. This turns the server into a DDOS vector or an anonymizer for the posting of malware and so on."
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-400",
"description": "CWE-400",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-07-01T13:16:16",
"orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"shortName": "redhat"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://issues.redhat.com/browse/AEROGEAR-6091"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"assignerShortName": "redhat",
"cveId": "CVE-2014-3648",
"datePublished": "2022-07-01T13:16:16",
"dateReserved": "2014-05-14T00:00:00",
"dateUpdated": "2024-08-06T10:50:18.312Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2014-3649 (GCVE-0-2014-3649)
Vulnerability from nvd – Published: 2019-11-04 14:02 – Updated: 2024-08-06 10:50
VLAI?
Summary
JBoss AeroGear has reflected XSS via the password field
Severity ?
No CVSS data available.
CWE
- reflected XSS via password field of the login page
Assigner
References
| URL | Tags | |||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T10:50:17.942Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2014-3649"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://access.redhat.com/security/cve/cve-2014-3649"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "AeroGear",
"vendor": "JBoss",
"versions": [
{
"status": "affected",
"version": "through 2014-09-19"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "JBoss AeroGear has reflected XSS via the password field"
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "reflected XSS via password field of the login page",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2019-11-04T14:02:24",
"orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"shortName": "redhat"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2014-3649"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://access.redhat.com/security/cve/cve-2014-3649"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"assignerShortName": "redhat",
"cveId": "CVE-2014-3649",
"datePublished": "2019-11-04T14:02:24",
"dateReserved": "2014-05-14T00:00:00",
"dateUpdated": "2024-08-06T10:50:17.942Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2014-3650 (GCVE-0-2014-3650)
Vulnerability from cvelistv5 – Published: 2022-07-01 13:17 – Updated: 2024-08-06 10:50
VLAI?
Summary
Multiple persistent cross-site scripting (XSS) flaws were found in the way Aerogear handled certain user-supplied content. A remote attacker could use these flaws to compromise the application with specially crafted input.
Severity ?
No CVSS data available.
CWE
Assigner
References
| URL | Tags | |||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| n/a | Jboss Aerogear |
Affected:
Jboss Aerogear 1.0.0.final
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T10:50:18.238Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1144212"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://issues.redhat.com/browse/AEROGEAR-5978"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Jboss Aerogear",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "Jboss Aerogear 1.0.0.final"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Multiple persistent cross-site scripting (XSS) flaws were found in the way Aerogear handled certain user-supplied content. A remote attacker could use these flaws to compromise the application with specially crafted input."
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-79",
"description": "CWE-79",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-07-01T13:17:25",
"orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"shortName": "redhat"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1144212"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://issues.redhat.com/browse/AEROGEAR-5978"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"assignerShortName": "redhat",
"cveId": "CVE-2014-3650",
"datePublished": "2022-07-01T13:17:25",
"dateReserved": "2014-05-14T00:00:00",
"dateUpdated": "2024-08-06T10:50:18.238Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2014-3648 (GCVE-0-2014-3648)
Vulnerability from cvelistv5 – Published: 2022-07-01 13:16 – Updated: 2024-08-06 10:50
VLAI?
Summary
The simplepush server iterates through the application installations and pushes a notification to the server provided by deviceToken. But this is user controlled. If a bogus applications is registered with bad deviceTokens, one can generate endless exceptions when those endpoints can't be reached or can slow the server down by purposefully wasting it's time with slow endpoints. Similarly, one can provide whatever HTTP end point they want. This turns the server into a DDOS vector or an anonymizer for the posting of malware and so on.
Severity ?
No CVSS data available.
CWE
Assigner
References
| URL | Tags | ||||
|---|---|---|---|---|---|
|
|||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| n/a | Jboss Aerogear |
Affected:
Jboss Aerogear 1.0.0.final
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T10:50:18.312Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://issues.redhat.com/browse/AEROGEAR-6091"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Jboss Aerogear",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "Jboss Aerogear 1.0.0.final"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "The simplepush server iterates through the application installations and pushes a notification to the server provided by deviceToken. But this is user controlled. If a bogus applications is registered with bad deviceTokens, one can generate endless exceptions when those endpoints can\u0027t be reached or can slow the server down by purposefully wasting it\u0027s time with slow endpoints. Similarly, one can provide whatever HTTP end point they want. This turns the server into a DDOS vector or an anonymizer for the posting of malware and so on."
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-400",
"description": "CWE-400",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-07-01T13:16:16",
"orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"shortName": "redhat"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://issues.redhat.com/browse/AEROGEAR-6091"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"assignerShortName": "redhat",
"cveId": "CVE-2014-3648",
"datePublished": "2022-07-01T13:16:16",
"dateReserved": "2014-05-14T00:00:00",
"dateUpdated": "2024-08-06T10:50:18.312Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2014-3649 (GCVE-0-2014-3649)
Vulnerability from cvelistv5 – Published: 2019-11-04 14:02 – Updated: 2024-08-06 10:50
VLAI?
Summary
JBoss AeroGear has reflected XSS via the password field
Severity ?
No CVSS data available.
CWE
- reflected XSS via password field of the login page
Assigner
References
| URL | Tags | |||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T10:50:17.942Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2014-3649"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://access.redhat.com/security/cve/cve-2014-3649"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "AeroGear",
"vendor": "JBoss",
"versions": [
{
"status": "affected",
"version": "through 2014-09-19"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "JBoss AeroGear has reflected XSS via the password field"
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "reflected XSS via password field of the login page",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2019-11-04T14:02:24",
"orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"shortName": "redhat"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2014-3649"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://access.redhat.com/security/cve/cve-2014-3649"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"assignerShortName": "redhat",
"cveId": "CVE-2014-3649",
"datePublished": "2019-11-04T14:02:24",
"dateReserved": "2014-05-14T00:00:00",
"dateUpdated": "2024-08-06T10:50:17.942Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}