Search

Find a vulnerability

Search criteria

    12 vulnerabilities found for jboss_portal by redhat

    CVE-2011-2487 (GCVE-0-2011-2487)

    Vulnerability from nvd – Published: 2020-03-11 15:45 – Updated: 2024-08-06 23:00
    VLAI
    Summary
    The implementations of PKCS#1 v1.5 key transport mechanism for XMLEncryption in JBossWS and Apache WSS4J before 1.6.5 is susceptible to a Bleichenbacher attack.
    Severity
    No CVSS data available.
    CWE
    • Other
    Assigner
    Impacted products
    Date Public
    2013-01-24 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-06T23:00:33.988Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://bugzilla.redhat.com/show_bug.cgi?id=713539"
              },
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://www.nds.ruhr-uni-bochum.de/research/publications/breaking-xml-encryption-pkcs15/"
              },
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "http://cxf.apache.org/note-on-cve-2011-2487.html"
              },
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "http://rhn.redhat.com/errata/RHSA-2013-0191.html"
              },
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "http://rhn.redhat.com/errata/RHSA-2013-0192.html"
              },
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "http://rhn.redhat.com/errata/RHSA-2013-0193.html"
              },
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "http://rhn.redhat.com/errata/RHSA-2013-0194.html"
              },
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "http://rhn.redhat.com/errata/RHSA-2013-0195.html"
              },
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "http://rhn.redhat.com/errata/RHSA-2013-0196.html"
              },
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "http://rhn.redhat.com/errata/RHSA-2013-0198.html"
              },
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "http://rhn.redhat.com/errata/RHSA-2013-0221.html"
              },
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "http://www.securityfocus.com/bid/57549"
              },
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/81737"
              },
              {
                "name": "[cxf-commits] 20200319 svn commit: r1058035 - in /websites/production/cxf/content: cache/main.pageCache security-advisories.data/CVE-2019-17573.txt.asc security-advisories.html",
                "tags": [
                  "mailing-list",
                  "x_refsource_MLIST",
                  "x_transferred"
                ],
                "url": "https://lists.apache.org/thread.html/r36e44ffc1a9b365327df62cdfaabe85b9a5637de102cea07d79b2dbf%40%3Ccommits.cxf.apache.org%3E"
              },
              {
                "name": "[cxf-commits] 20200401 svn commit: r1058573 - in /websites/production/cxf/content: cache/main.pageCache index.html security-advisories.data/CVE-2020-1954.txt.asc security-advisories.html",
                "tags": [
                  "mailing-list",
                  "x_refsource_MLIST",
                  "x_transferred"
                ],
                "url": "https://lists.apache.org/thread.html/rff42cfa5e7d75b7c1af0e37589140a8f1999e578a75738740b244bd4%40%3Ccommits.cxf.apache.org%3E"
              },
              {
                "name": "[cxf-commits] 20201112 svn commit: r1067927 - in /websites/production/cxf/content: cache/main.pageCache security-advisories.data/CVE-2020-13954.txt.asc security-advisories.html",
                "tags": [
                  "mailing-list",
                  "x_refsource_MLIST",
                  "x_transferred"
                ],
                "url": "https://lists.apache.org/thread.html/rd49aabd984ed540c8ff7916d4d79405f3fa311d2fdbcf9ed307839a6%40%3Ccommits.cxf.apache.org%3E"
              },
              {
                "name": "[cxf-commits] 20210402 svn commit: r1073270 - in /websites/production/cxf/content: cache/main.pageCache security-advisories.data/CVE-2021-22696.txt.asc security-advisories.html",
                "tags": [
                  "mailing-list",
                  "x_refsource_MLIST",
                  "x_transferred"
                ],
                "url": "https://lists.apache.org/thread.html/rec7160382badd3ef4ad017a22f64a266c7188b9ba71394f0d321e2d4%40%3Ccommits.cxf.apache.org%3E"
              },
              {
                "name": "[cxf-commits] 20210616 svn commit: r1075801 - in /websites/production/cxf/content: cache/main.pageCache index.html security-advisories.data/CVE-2021-30468.txt.asc security-advisories.html",
                "tags": [
                  "mailing-list",
                  "x_refsource_MLIST",
                  "x_transferred"
                ],
                "url": "https://lists.apache.org/thread.html/rfb87e0bf3995e7d560afeed750fac9329ff5f1ad49da365129b7f89e%40%3Ccommits.cxf.apache.org%3E"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "WSS4J",
              "vendor": "Apache",
              "versions": [
                {
                  "status": "affected",
                  "version": "before 1.6.5"
                }
              ]
            },
            {
              "product": "JBossWS",
              "vendor": "Red Hat",
              "versions": [
                {
                  "status": "affected",
                  "version": "unknown"
                }
              ]
            }
          ],
          "datePublic": "2013-01-24T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "The implementations of PKCS#1 v1.5 key transport mechanism for XMLEncryption in JBossWS and Apache WSS4J before 1.6.5 is susceptible to a Bleichenbacher attack."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "Other",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2021-06-16T11:06:54.000Z",
            "orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
            "shortName": "redhat"
          },
          "references": [
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://bugzilla.redhat.com/show_bug.cgi?id=713539"
            },
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://www.nds.ruhr-uni-bochum.de/research/publications/breaking-xml-encryption-pkcs15/"
            },
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "http://cxf.apache.org/note-on-cve-2011-2487.html"
            },
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "http://rhn.redhat.com/errata/RHSA-2013-0191.html"
            },
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "http://rhn.redhat.com/errata/RHSA-2013-0192.html"
            },
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "http://rhn.redhat.com/errata/RHSA-2013-0193.html"
            },
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "http://rhn.redhat.com/errata/RHSA-2013-0194.html"
            },
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "http://rhn.redhat.com/errata/RHSA-2013-0195.html"
            },
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "http://rhn.redhat.com/errata/RHSA-2013-0196.html"
            },
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "http://rhn.redhat.com/errata/RHSA-2013-0198.html"
            },
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "http://rhn.redhat.com/errata/RHSA-2013-0221.html"
            },
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "http://www.securityfocus.com/bid/57549"
            },
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/81737"
            },
            {
              "name": "[cxf-commits] 20200319 svn commit: r1058035 - in /websites/production/cxf/content: cache/main.pageCache security-advisories.data/CVE-2019-17573.txt.asc security-advisories.html",
              "tags": [
                "mailing-list",
                "x_refsource_MLIST"
              ],
              "url": "https://lists.apache.org/thread.html/r36e44ffc1a9b365327df62cdfaabe85b9a5637de102cea07d79b2dbf%40%3Ccommits.cxf.apache.org%3E"
            },
            {
              "name": "[cxf-commits] 20200401 svn commit: r1058573 - in /websites/production/cxf/content: cache/main.pageCache index.html security-advisories.data/CVE-2020-1954.txt.asc security-advisories.html",
              "tags": [
                "mailing-list",
                "x_refsource_MLIST"
              ],
              "url": "https://lists.apache.org/thread.html/rff42cfa5e7d75b7c1af0e37589140a8f1999e578a75738740b244bd4%40%3Ccommits.cxf.apache.org%3E"
            },
            {
              "name": "[cxf-commits] 20201112 svn commit: r1067927 - in /websites/production/cxf/content: cache/main.pageCache security-advisories.data/CVE-2020-13954.txt.asc security-advisories.html",
              "tags": [
                "mailing-list",
                "x_refsource_MLIST"
              ],
              "url": "https://lists.apache.org/thread.html/rd49aabd984ed540c8ff7916d4d79405f3fa311d2fdbcf9ed307839a6%40%3Ccommits.cxf.apache.org%3E"
            },
            {
              "name": "[cxf-commits] 20210402 svn commit: r1073270 - in /websites/production/cxf/content: cache/main.pageCache security-advisories.data/CVE-2021-22696.txt.asc security-advisories.html",
              "tags": [
                "mailing-list",
                "x_refsource_MLIST"
              ],
              "url": "https://lists.apache.org/thread.html/rec7160382badd3ef4ad017a22f64a266c7188b9ba71394f0d321e2d4%40%3Ccommits.cxf.apache.org%3E"
            },
            {
              "name": "[cxf-commits] 20210616 svn commit: r1075801 - in /websites/production/cxf/content: cache/main.pageCache index.html security-advisories.data/CVE-2021-30468.txt.asc security-advisories.html",
              "tags": [
                "mailing-list",
                "x_refsource_MLIST"
              ],
              "url": "https://lists.apache.org/thread.html/rfb87e0bf3995e7d560afeed750fac9329ff5f1ad49da365129b7f89e%40%3Ccommits.cxf.apache.org%3E"
            }
          ]
        }
      },
      "cveMetadata": {
        "assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
        "assignerShortName": "redhat",
        "cveId": "CVE-2011-2487",
        "datePublished": "2020-03-11T15:45:46.000Z",
        "dateReserved": "2011-06-15T00:00:00.000Z",
        "dateUpdated": "2024-08-06T23:00:33.988Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2012-5626 (GCVE-0-2012-5626)

    Vulnerability from nvd – Published: 2020-01-23 18:10 – Updated: 2024-08-06 21:14
    VLAI
    Summary
    EJB method in Red Hat JBoss BRMS 5; Red Hat JBoss Enterprise Application Platform 5; Red Hat JBoss Operations Network 3.1; Red Hat JBoss Portal 4 and 5; Red Hat JBoss SOA Platform 4.2, 4.3, and 5; in Red Hat JBoss Enterprise Web Server 1 ignores roles specified using the @RunAs annotation.
    Severity
    No CVSS data available.
    CWE
    • Other
    Assigner
    References
    Date Public
    2016-02-05 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-06T21:14:16.255Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2012-5626"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "https://access.redhat.com/security/cve/cve-2012-5626"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "JBoss BRMS",
              "vendor": "Red Hat",
              "versions": [
                {
                  "status": "affected",
                  "version": "5"
                }
              ]
            },
            {
              "product": "JBoss Enterprise Application Platform",
              "vendor": "Red Hat",
              "versions": [
                {
                  "status": "affected",
                  "version": "5"
                }
              ]
            },
            {
              "product": "JBoss Operations Network",
              "vendor": "Red Hat",
              "versions": [
                {
                  "status": "affected",
                  "version": "3.1"
                }
              ]
            },
            {
              "product": "JBoss Portal",
              "vendor": "Red Hat",
              "versions": [
                {
                  "status": "affected",
                  "version": "4"
                },
                {
                  "status": "affected",
                  "version": "5"
                }
              ]
            },
            {
              "product": "JBoss SOA Platform",
              "vendor": "Red Hat",
              "versions": [
                {
                  "status": "affected",
                  "version": "4.2"
                },
                {
                  "status": "affected",
                  "version": "4.3"
                },
                {
                  "status": "affected",
                  "version": "5"
                }
              ]
            },
            {
              "product": "JBoss Enterprise Web Server",
              "vendor": "Red Hat",
              "versions": [
                {
                  "status": "affected",
                  "version": "1"
                }
              ]
            }
          ],
          "datePublic": "2016-02-05T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "EJB method in Red Hat JBoss BRMS 5; Red Hat JBoss Enterprise Application Platform 5; Red Hat JBoss Operations Network 3.1; Red Hat JBoss Portal 4 and 5; Red Hat JBoss SOA Platform 4.2, 4.3, and 5; in Red Hat JBoss Enterprise Web Server 1 ignores roles specified using the @RunAs annotation."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "Other",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2020-01-23T18:10:30.000Z",
            "orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
            "shortName": "redhat"
          },
          "references": [
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2012-5626"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://access.redhat.com/security/cve/cve-2012-5626"
            }
          ]
        }
      },
      "cveMetadata": {
        "assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
        "assignerShortName": "redhat",
        "cveId": "CVE-2012-5626",
        "datePublished": "2020-01-23T18:10:30.000Z",
        "dateReserved": "2012-10-24T00:00:00.000Z",
        "dateUpdated": "2024-08-06T21:14:16.255Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2014-0245 (GCVE-0-2014-0245)

    Vulnerability from nvd – Published: 2020-01-02 19:42 – Updated: 2024-08-06 09:05
    VLAI
    Summary
    It was found that the implementation of the GTNSubjectCreatingInterceptor class in gatein-wsrp was not thread safe. For a specific WSRP endpoint, under high-concurrency scenarios or scenarios where SOAP messages take long to execute, it was possible for an unauthenticated remote attacker to gain privileged information if WS-Security is enabled for the WSRP Consumer, and the endpoint in question is being used by a privileged user. This affects JBoss Portal 6.2.0.
    Severity
    No CVSS data available.
    CWE
    • Information disclosure via unsafe concurrency handling in interceptor
    Assigner
    Impacted products
    Vendor Product Version
    Red Hat JBoss Portal Affected: 6.2.0
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-06T09:05:39.384Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2014-0245"
              },
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://access.redhat.com/security/cve/cve-2014-0245"
              },
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://access.redhat.com/errata/RHSA-2015:1009"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "JBoss Portal",
              "vendor": "Red Hat",
              "versions": [
                {
                  "status": "affected",
                  "version": "6.2.0"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "It was found that the implementation of the GTNSubjectCreatingInterceptor class in gatein-wsrp was not thread safe. For a specific WSRP endpoint, under high-concurrency scenarios or scenarios where SOAP messages take long to execute, it was possible for an unauthenticated remote attacker to gain privileged information if WS-Security is enabled for the WSRP Consumer, and the endpoint in question is being used by a privileged user. This affects JBoss Portal 6.2.0."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "Information disclosure via unsafe concurrency handling in interceptor",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2020-01-02T19:42:50.000Z",
            "orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
            "shortName": "redhat"
          },
          "references": [
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2014-0245"
            },
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://access.redhat.com/security/cve/cve-2014-0245"
            },
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://access.redhat.com/errata/RHSA-2015:1009"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "secalert@redhat.com",
              "ID": "CVE-2014-0245",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "JBoss Portal",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "6.2.0"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "Red Hat"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "It was found that the implementation of the GTNSubjectCreatingInterceptor class in gatein-wsrp was not thread safe. For a specific WSRP endpoint, under high-concurrency scenarios or scenarios where SOAP messages take long to execute, it was possible for an unauthenticated remote attacker to gain privileged information if WS-Security is enabled for the WSRP Consumer, and the endpoint in question is being used by a privileged user. This affects JBoss Portal 6.2.0."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "Information disclosure via unsafe concurrency handling in interceptor"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2014-0245",
                  "refsource": "MISC",
                  "url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2014-0245"
                },
                {
                  "name": "https://access.redhat.com/security/cve/cve-2014-0245",
                  "refsource": "MISC",
                  "url": "https://access.redhat.com/security/cve/cve-2014-0245"
                },
                {
                  "name": "https://access.redhat.com/errata/RHSA-2015:1009",
                  "refsource": "MISC",
                  "url": "https://access.redhat.com/errata/RHSA-2015:1009"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
        "assignerShortName": "redhat",
        "cveId": "CVE-2014-0245",
        "datePublished": "2020-01-02T19:42:50.000Z",
        "dateReserved": "2013-12-03T00:00:00.000Z",
        "dateUpdated": "2024-08-06T09:05:39.384Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2013-6495 (GCVE-0-2013-6495)

    Vulnerability from nvd – Published: 2019-12-11 13:48 – Updated: 2024-08-06 17:46
    VLAI
    Summary
    JBossWeb Bayeux has reflected XSS
    Severity
    No CVSS data available.
    CWE
    • Reflected Cross-Site Scripting (XSS)
    Assigner
    References
    Impacted products
    Vendor Product Version
    JBossWeb Bayeux JBossWeb Bayeux Affected: through 2014-02-19
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-06T17:46:22.199Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2013-6495"
              },
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://access.redhat.com/security/cve/cve-2013-6495"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "JBossWeb Bayeux",
              "vendor": "JBossWeb Bayeux",
              "versions": [
                {
                  "status": "affected",
                  "version": "through 2014-02-19"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "JBossWeb Bayeux has reflected XSS"
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "Reflected Cross-Site Scripting (XSS)",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2019-12-11T13:48:58.000Z",
            "orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
            "shortName": "redhat"
          },
          "references": [
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2013-6495"
            },
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://access.redhat.com/security/cve/cve-2013-6495"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "secalert@redhat.com",
              "ID": "CVE-2013-6495",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "JBossWeb Bayeux",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "through 2014-02-19"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "JBossWeb Bayeux"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "JBossWeb Bayeux has reflected XSS"
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "Reflected Cross-Site Scripting (XSS)"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2013-6495",
                  "refsource": "MISC",
                  "url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2013-6495"
                },
                {
                  "name": "https://access.redhat.com/security/cve/cve-2013-6495",
                  "refsource": "MISC",
                  "url": "https://access.redhat.com/security/cve/cve-2013-6495"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
        "assignerShortName": "redhat",
        "cveId": "CVE-2013-6495",
        "datePublished": "2019-12-11T13:48:58.000Z",
        "dateReserved": "2013-11-04T00:00:00.000Z",
        "dateUpdated": "2024-08-06T17:46:22.199Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2015-7501 (GCVE-0-2015-7501)

    Vulnerability from nvd – Published: 2017-11-09 00:00 – Updated: 2024-08-06 07:51
    VLAI ENISA
    Summary
    Red Hat JBoss A-MQ 6.x; BPM Suite (BPMS) 6.x; BRMS 6.x and 5.x; Data Grid (JDG) 6.x; Data Virtualization (JDV) 6.x and 5.x; Enterprise Application Platform 6.x, 5.x, and 4.3.x; Fuse 6.x; Fuse Service Works (FSW) 6.x; Operations Network (JBoss ON) 3.x; Portal 6.x; SOA Platform (SOA-P) 5.x; Web Server (JWS) 3.x; Red Hat OpenShift/xPAAS 3.x; and Red Hat Subscription Asset Manager 1.3 allow remote attackers to execute arbitrary commands via a crafted serialized Java object, related to the Apache Commons Collections (ACC) library.
    Severity
    No CVSS data available.
    CWE
    • n/a
    Assigner
    References
    URL Tags
    http://rhn.redhat.com/errata/RHSA-2016-0040.html vendor-advisory
    http://rhn.redhat.com/errata/RHSA-2015-2670.html vendor-advisory
    http://rhn.redhat.com/errata/RHSA-2015-2501.html vendor-advisory
    http://rhn.redhat.com/errata/RHSA-2015-2517.html vendor-advisory
    http://www.securityfocus.com/bid/78215 vdb-entry
    http://www.securitytracker.com/id/1034097 vdb-entry
    http://rhn.redhat.com/errata/RHSA-2015-2671.html vendor-advisory
    http://www.securitytracker.com/id/1037052 vdb-entry
    http://www.securitytracker.com/id/1037640 vdb-entry
    http://rhn.redhat.com/errata/RHSA-2015-2522.html vendor-advisory
    http://rhn.redhat.com/errata/RHSA-2015-2521.html vendor-advisory
    http://rhn.redhat.com/errata/RHSA-2015-2516.html vendor-advisory
    http://rhn.redhat.com/errata/RHSA-2015-2500.html vendor-advisory
    http://rhn.redhat.com/errata/RHSA-2015-2514.html vendor-advisory
    http://rhn.redhat.com/errata/RHSA-2015-2502.html vendor-advisory
    https://rhn.redhat.com/errata/RHSA-2015-2536.html vendor-advisory
    http://rhn.redhat.com/errata/RHSA-2016-1773.html vendor-advisory
    http://rhn.redhat.com/errata/RHSA-2015-2524.html vendor-advisory
    http://www.securitytracker.com/id/1037053 vdb-entry
    https://bugzilla.redhat.com/show_bug.cgi?id=1279330
    https://access.redhat.com/solutions/2045023
    http://www.oracle.com/technetwork/security-adviso…
    http://www.oracle.com/technetwork/security-adviso…
    http://www.oracle.com/technetwork/security-adviso…
    https://access.redhat.com/security/vulnerabilitie…
    http://www.oracle.com/technetwork/security-adviso…
    https://www.oracle.com/security-alerts/cpujul2020.html
    https://security.netapp.com/advisory/ntap-2024021…
    Date Public
    2015-11-06 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-06T07:51:28.224Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "name": "RHSA-2016:0040",
                "tags": [
                  "vendor-advisory",
                  "x_transferred"
                ],
                "url": "http://rhn.redhat.com/errata/RHSA-2016-0040.html"
              },
              {
                "name": "RHSA-2015:2670",
                "tags": [
                  "vendor-advisory",
                  "x_transferred"
                ],
                "url": "http://rhn.redhat.com/errata/RHSA-2015-2670.html"
              },
              {
                "name": "RHSA-2015:2501",
                "tags": [
                  "vendor-advisory",
                  "x_transferred"
                ],
                "url": "http://rhn.redhat.com/errata/RHSA-2015-2501.html"
              },
              {
                "name": "RHSA-2015:2517",
                "tags": [
                  "vendor-advisory",
                  "x_transferred"
                ],
                "url": "http://rhn.redhat.com/errata/RHSA-2015-2517.html"
              },
              {
                "name": "78215",
                "tags": [
                  "vdb-entry",
                  "x_transferred"
                ],
                "url": "http://www.securityfocus.com/bid/78215"
              },
              {
                "name": "1034097",
                "tags": [
                  "vdb-entry",
                  "x_transferred"
                ],
                "url": "http://www.securitytracker.com/id/1034097"
              },
              {
                "name": "RHSA-2015:2671",
                "tags": [
                  "vendor-advisory",
                  "x_transferred"
                ],
                "url": "http://rhn.redhat.com/errata/RHSA-2015-2671.html"
              },
              {
                "name": "1037052",
                "tags": [
                  "vdb-entry",
                  "x_transferred"
                ],
                "url": "http://www.securitytracker.com/id/1037052"
              },
              {
                "name": "1037640",
                "tags": [
                  "vdb-entry",
                  "x_transferred"
                ],
                "url": "http://www.securitytracker.com/id/1037640"
              },
              {
                "name": "RHSA-2015:2522",
                "tags": [
                  "vendor-advisory",
                  "x_transferred"
                ],
                "url": "http://rhn.redhat.com/errata/RHSA-2015-2522.html"
              },
              {
                "name": "RHSA-2015:2521",
                "tags": [
                  "vendor-advisory",
                  "x_transferred"
                ],
                "url": "http://rhn.redhat.com/errata/RHSA-2015-2521.html"
              },
              {
                "name": "RHSA-2015:2516",
                "tags": [
                  "vendor-advisory",
                  "x_transferred"
                ],
                "url": "http://rhn.redhat.com/errata/RHSA-2015-2516.html"
              },
              {
                "name": "RHSA-2015:2500",
                "tags": [
                  "vendor-advisory",
                  "x_transferred"
                ],
                "url": "http://rhn.redhat.com/errata/RHSA-2015-2500.html"
              },
              {
                "name": "RHSA-2015:2514",
                "tags": [
                  "vendor-advisory",
                  "x_transferred"
                ],
                "url": "http://rhn.redhat.com/errata/RHSA-2015-2514.html"
              },
              {
                "name": "RHSA-2015:2502",
                "tags": [
                  "vendor-advisory",
                  "x_transferred"
                ],
                "url": "http://rhn.redhat.com/errata/RHSA-2015-2502.html"
              },
              {
                "name": "RHSA-2015:2536",
                "tags": [
                  "vendor-advisory",
                  "x_transferred"
                ],
                "url": "https://rhn.redhat.com/errata/RHSA-2015-2536.html"
              },
              {
                "name": "RHSA-2016:1773",
                "tags": [
                  "vendor-advisory",
                  "x_transferred"
                ],
                "url": "http://rhn.redhat.com/errata/RHSA-2016-1773.html"
              },
              {
                "name": "RHSA-2015:2524",
                "tags": [
                  "vendor-advisory",
                  "x_transferred"
                ],
                "url": "http://rhn.redhat.com/errata/RHSA-2015-2524.html"
              },
              {
                "name": "1037053",
                "tags": [
                  "vdb-entry",
                  "x_transferred"
                ],
                "url": "http://www.securitytracker.com/id/1037053"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1279330"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://access.redhat.com/solutions/2045023"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "http://www.oracle.com/technetwork/security-advisory/cpujul2018-4258247.html"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "http://www.oracle.com/technetwork/security-advisory/cpujan2018-3236628.html"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "http://www.oracle.com/technetwork/security-advisory/cpuapr2018-3678067.html"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://access.redhat.com/security/vulnerabilities/2059393"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "http://www.oracle.com/technetwork/security-advisory/cpuoct2018-4428296.html"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://www.oracle.com/security-alerts/cpujul2020.html"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://security.netapp.com/advisory/ntap-20240216-0010/"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "n/a",
              "vendor": "n/a",
              "versions": [
                {
                  "status": "affected",
                  "version": "n/a"
                }
              ]
            }
          ],
          "datePublic": "2015-11-06T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "Red Hat JBoss A-MQ 6.x; BPM Suite (BPMS) 6.x; BRMS 6.x and 5.x; Data Grid (JDG) 6.x; Data Virtualization (JDV) 6.x and 5.x; Enterprise Application Platform 6.x, 5.x, and 4.3.x; Fuse 6.x; Fuse Service Works (FSW) 6.x; Operations Network (JBoss ON) 3.x; Portal 6.x; SOA Platform (SOA-P) 5.x; Web Server (JWS) 3.x; Red Hat OpenShift/xPAAS 3.x; and Red Hat Subscription Asset Manager 1.3 allow remote attackers to execute arbitrary commands via a crafted serialized Java object, related to the Apache Commons Collections (ACC) library."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "n/a",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2024-02-16T13:06:08.221Z",
            "orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
            "shortName": "redhat"
          },
          "references": [
            {
              "name": "RHSA-2016:0040",
              "tags": [
                "vendor-advisory"
              ],
              "url": "http://rhn.redhat.com/errata/RHSA-2016-0040.html"
            },
            {
              "name": "RHSA-2015:2670",
              "tags": [
                "vendor-advisory"
              ],
              "url": "http://rhn.redhat.com/errata/RHSA-2015-2670.html"
            },
            {
              "name": "RHSA-2015:2501",
              "tags": [
                "vendor-advisory"
              ],
              "url": "http://rhn.redhat.com/errata/RHSA-2015-2501.html"
            },
            {
              "name": "RHSA-2015:2517",
              "tags": [
                "vendor-advisory"
              ],
              "url": "http://rhn.redhat.com/errata/RHSA-2015-2517.html"
            },
            {
              "name": "78215",
              "tags": [
                "vdb-entry"
              ],
              "url": "http://www.securityfocus.com/bid/78215"
            },
            {
              "name": "1034097",
              "tags": [
                "vdb-entry"
              ],
              "url": "http://www.securitytracker.com/id/1034097"
            },
            {
              "name": "RHSA-2015:2671",
              "tags": [
                "vendor-advisory"
              ],
              "url": "http://rhn.redhat.com/errata/RHSA-2015-2671.html"
            },
            {
              "name": "1037052",
              "tags": [
                "vdb-entry"
              ],
              "url": "http://www.securitytracker.com/id/1037052"
            },
            {
              "name": "1037640",
              "tags": [
                "vdb-entry"
              ],
              "url": "http://www.securitytracker.com/id/1037640"
            },
            {
              "name": "RHSA-2015:2522",
              "tags": [
                "vendor-advisory"
              ],
              "url": "http://rhn.redhat.com/errata/RHSA-2015-2522.html"
            },
            {
              "name": "RHSA-2015:2521",
              "tags": [
                "vendor-advisory"
              ],
              "url": "http://rhn.redhat.com/errata/RHSA-2015-2521.html"
            },
            {
              "name": "RHSA-2015:2516",
              "tags": [
                "vendor-advisory"
              ],
              "url": "http://rhn.redhat.com/errata/RHSA-2015-2516.html"
            },
            {
              "name": "RHSA-2015:2500",
              "tags": [
                "vendor-advisory"
              ],
              "url": "http://rhn.redhat.com/errata/RHSA-2015-2500.html"
            },
            {
              "name": "RHSA-2015:2514",
              "tags": [
                "vendor-advisory"
              ],
              "url": "http://rhn.redhat.com/errata/RHSA-2015-2514.html"
            },
            {
              "name": "RHSA-2015:2502",
              "tags": [
                "vendor-advisory"
              ],
              "url": "http://rhn.redhat.com/errata/RHSA-2015-2502.html"
            },
            {
              "name": "RHSA-2015:2536",
              "tags": [
                "vendor-advisory"
              ],
              "url": "https://rhn.redhat.com/errata/RHSA-2015-2536.html"
            },
            {
              "name": "RHSA-2016:1773",
              "tags": [
                "vendor-advisory"
              ],
              "url": "http://rhn.redhat.com/errata/RHSA-2016-1773.html"
            },
            {
              "name": "RHSA-2015:2524",
              "tags": [
                "vendor-advisory"
              ],
              "url": "http://rhn.redhat.com/errata/RHSA-2015-2524.html"
            },
            {
              "name": "1037053",
              "tags": [
                "vdb-entry"
              ],
              "url": "http://www.securitytracker.com/id/1037053"
            },
            {
              "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1279330"
            },
            {
              "url": "https://access.redhat.com/solutions/2045023"
            },
            {
              "url": "http://www.oracle.com/technetwork/security-advisory/cpujul2018-4258247.html"
            },
            {
              "url": "http://www.oracle.com/technetwork/security-advisory/cpujan2018-3236628.html"
            },
            {
              "url": "http://www.oracle.com/technetwork/security-advisory/cpuapr2018-3678067.html"
            },
            {
              "url": "https://access.redhat.com/security/vulnerabilities/2059393"
            },
            {
              "url": "http://www.oracle.com/technetwork/security-advisory/cpuoct2018-4428296.html"
            },
            {
              "url": "https://www.oracle.com/security-alerts/cpujul2020.html"
            },
            {
              "url": "https://security.netapp.com/advisory/ntap-20240216-0010/"
            }
          ]
        }
      },
      "cveMetadata": {
        "assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
        "assignerShortName": "redhat",
        "cveId": "CVE-2015-7501",
        "datePublished": "2017-11-09T00:00:00.000Z",
        "dateReserved": "2015-09-29T00:00:00.000Z",
        "dateUpdated": "2024-08-06T07:51:28.224Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2015-5176 (GCVE-0-2015-5176)

    Vulnerability from nvd – Published: 2015-08-11 14:00 – Updated: 2024-08-06 06:41
    VLAI
    Summary
    The PortletRequestDispatcher in PortletBridge, as used in Red Hat JBoss Portal 6.2.0, does not properly enforce the security constraints of servlets, which allows remote attackers to gain access to resources via a request that asks to render a non-JSF resource.
    Severity
    No CVSS data available.
    CWE
    • n/a
    Assigner
    References
    URL Tags
    http://rhn.redhat.com/errata/RHSA-2015-1543.html vendor-advisoryx_refsource_REDHAT
    Date Public
    2015-08-04 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-06T06:41:07.566Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "name": "RHSA-2015:1543",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_REDHAT",
                  "x_transferred"
                ],
                "url": "http://rhn.redhat.com/errata/RHSA-2015-1543.html"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "n/a",
              "vendor": "n/a",
              "versions": [
                {
                  "status": "affected",
                  "version": "n/a"
                }
              ]
            }
          ],
          "datePublic": "2015-08-04T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "The PortletRequestDispatcher in PortletBridge, as used in Red Hat JBoss Portal 6.2.0, does not properly enforce the security constraints of servlets, which allows remote attackers to gain access to resources via a request that asks to render a non-JSF resource."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "n/a",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2015-08-11T13:57:04.000Z",
            "orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
            "shortName": "redhat"
          },
          "references": [
            {
              "name": "RHSA-2015:1543",
              "tags": [
                "vendor-advisory",
                "x_refsource_REDHAT"
              ],
              "url": "http://rhn.redhat.com/errata/RHSA-2015-1543.html"
            }
          ]
        }
      },
      "cveMetadata": {
        "assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
        "assignerShortName": "redhat",
        "cveId": "CVE-2015-5176",
        "datePublished": "2015-08-11T14:00:00.000Z",
        "dateReserved": "2015-07-01T00:00:00.000Z",
        "dateUpdated": "2024-08-06T06:41:07.566Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2011-2487 (GCVE-0-2011-2487)

    Vulnerability from cvelistv5 – Published: 2020-03-11 15:45 – Updated: 2024-08-06 23:00
    VLAI
    Summary
    The implementations of PKCS#1 v1.5 key transport mechanism for XMLEncryption in JBossWS and Apache WSS4J before 1.6.5 is susceptible to a Bleichenbacher attack.
    Severity
    No CVSS data available.
    CWE
    • Other
    Assigner
    Impacted products
    Date Public
    2013-01-24 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-06T23:00:33.988Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://bugzilla.redhat.com/show_bug.cgi?id=713539"
              },
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://www.nds.ruhr-uni-bochum.de/research/publications/breaking-xml-encryption-pkcs15/"
              },
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "http://cxf.apache.org/note-on-cve-2011-2487.html"
              },
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "http://rhn.redhat.com/errata/RHSA-2013-0191.html"
              },
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "http://rhn.redhat.com/errata/RHSA-2013-0192.html"
              },
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "http://rhn.redhat.com/errata/RHSA-2013-0193.html"
              },
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "http://rhn.redhat.com/errata/RHSA-2013-0194.html"
              },
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "http://rhn.redhat.com/errata/RHSA-2013-0195.html"
              },
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "http://rhn.redhat.com/errata/RHSA-2013-0196.html"
              },
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "http://rhn.redhat.com/errata/RHSA-2013-0198.html"
              },
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "http://rhn.redhat.com/errata/RHSA-2013-0221.html"
              },
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "http://www.securityfocus.com/bid/57549"
              },
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/81737"
              },
              {
                "name": "[cxf-commits] 20200319 svn commit: r1058035 - in /websites/production/cxf/content: cache/main.pageCache security-advisories.data/CVE-2019-17573.txt.asc security-advisories.html",
                "tags": [
                  "mailing-list",
                  "x_refsource_MLIST",
                  "x_transferred"
                ],
                "url": "https://lists.apache.org/thread.html/r36e44ffc1a9b365327df62cdfaabe85b9a5637de102cea07d79b2dbf%40%3Ccommits.cxf.apache.org%3E"
              },
              {
                "name": "[cxf-commits] 20200401 svn commit: r1058573 - in /websites/production/cxf/content: cache/main.pageCache index.html security-advisories.data/CVE-2020-1954.txt.asc security-advisories.html",
                "tags": [
                  "mailing-list",
                  "x_refsource_MLIST",
                  "x_transferred"
                ],
                "url": "https://lists.apache.org/thread.html/rff42cfa5e7d75b7c1af0e37589140a8f1999e578a75738740b244bd4%40%3Ccommits.cxf.apache.org%3E"
              },
              {
                "name": "[cxf-commits] 20201112 svn commit: r1067927 - in /websites/production/cxf/content: cache/main.pageCache security-advisories.data/CVE-2020-13954.txt.asc security-advisories.html",
                "tags": [
                  "mailing-list",
                  "x_refsource_MLIST",
                  "x_transferred"
                ],
                "url": "https://lists.apache.org/thread.html/rd49aabd984ed540c8ff7916d4d79405f3fa311d2fdbcf9ed307839a6%40%3Ccommits.cxf.apache.org%3E"
              },
              {
                "name": "[cxf-commits] 20210402 svn commit: r1073270 - in /websites/production/cxf/content: cache/main.pageCache security-advisories.data/CVE-2021-22696.txt.asc security-advisories.html",
                "tags": [
                  "mailing-list",
                  "x_refsource_MLIST",
                  "x_transferred"
                ],
                "url": "https://lists.apache.org/thread.html/rec7160382badd3ef4ad017a22f64a266c7188b9ba71394f0d321e2d4%40%3Ccommits.cxf.apache.org%3E"
              },
              {
                "name": "[cxf-commits] 20210616 svn commit: r1075801 - in /websites/production/cxf/content: cache/main.pageCache index.html security-advisories.data/CVE-2021-30468.txt.asc security-advisories.html",
                "tags": [
                  "mailing-list",
                  "x_refsource_MLIST",
                  "x_transferred"
                ],
                "url": "https://lists.apache.org/thread.html/rfb87e0bf3995e7d560afeed750fac9329ff5f1ad49da365129b7f89e%40%3Ccommits.cxf.apache.org%3E"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "WSS4J",
              "vendor": "Apache",
              "versions": [
                {
                  "status": "affected",
                  "version": "before 1.6.5"
                }
              ]
            },
            {
              "product": "JBossWS",
              "vendor": "Red Hat",
              "versions": [
                {
                  "status": "affected",
                  "version": "unknown"
                }
              ]
            }
          ],
          "datePublic": "2013-01-24T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "The implementations of PKCS#1 v1.5 key transport mechanism for XMLEncryption in JBossWS and Apache WSS4J before 1.6.5 is susceptible to a Bleichenbacher attack."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "Other",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2021-06-16T11:06:54.000Z",
            "orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
            "shortName": "redhat"
          },
          "references": [
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://bugzilla.redhat.com/show_bug.cgi?id=713539"
            },
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://www.nds.ruhr-uni-bochum.de/research/publications/breaking-xml-encryption-pkcs15/"
            },
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "http://cxf.apache.org/note-on-cve-2011-2487.html"
            },
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "http://rhn.redhat.com/errata/RHSA-2013-0191.html"
            },
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "http://rhn.redhat.com/errata/RHSA-2013-0192.html"
            },
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "http://rhn.redhat.com/errata/RHSA-2013-0193.html"
            },
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "http://rhn.redhat.com/errata/RHSA-2013-0194.html"
            },
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "http://rhn.redhat.com/errata/RHSA-2013-0195.html"
            },
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "http://rhn.redhat.com/errata/RHSA-2013-0196.html"
            },
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "http://rhn.redhat.com/errata/RHSA-2013-0198.html"
            },
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "http://rhn.redhat.com/errata/RHSA-2013-0221.html"
            },
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "http://www.securityfocus.com/bid/57549"
            },
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/81737"
            },
            {
              "name": "[cxf-commits] 20200319 svn commit: r1058035 - in /websites/production/cxf/content: cache/main.pageCache security-advisories.data/CVE-2019-17573.txt.asc security-advisories.html",
              "tags": [
                "mailing-list",
                "x_refsource_MLIST"
              ],
              "url": "https://lists.apache.org/thread.html/r36e44ffc1a9b365327df62cdfaabe85b9a5637de102cea07d79b2dbf%40%3Ccommits.cxf.apache.org%3E"
            },
            {
              "name": "[cxf-commits] 20200401 svn commit: r1058573 - in /websites/production/cxf/content: cache/main.pageCache index.html security-advisories.data/CVE-2020-1954.txt.asc security-advisories.html",
              "tags": [
                "mailing-list",
                "x_refsource_MLIST"
              ],
              "url": "https://lists.apache.org/thread.html/rff42cfa5e7d75b7c1af0e37589140a8f1999e578a75738740b244bd4%40%3Ccommits.cxf.apache.org%3E"
            },
            {
              "name": "[cxf-commits] 20201112 svn commit: r1067927 - in /websites/production/cxf/content: cache/main.pageCache security-advisories.data/CVE-2020-13954.txt.asc security-advisories.html",
              "tags": [
                "mailing-list",
                "x_refsource_MLIST"
              ],
              "url": "https://lists.apache.org/thread.html/rd49aabd984ed540c8ff7916d4d79405f3fa311d2fdbcf9ed307839a6%40%3Ccommits.cxf.apache.org%3E"
            },
            {
              "name": "[cxf-commits] 20210402 svn commit: r1073270 - in /websites/production/cxf/content: cache/main.pageCache security-advisories.data/CVE-2021-22696.txt.asc security-advisories.html",
              "tags": [
                "mailing-list",
                "x_refsource_MLIST"
              ],
              "url": "https://lists.apache.org/thread.html/rec7160382badd3ef4ad017a22f64a266c7188b9ba71394f0d321e2d4%40%3Ccommits.cxf.apache.org%3E"
            },
            {
              "name": "[cxf-commits] 20210616 svn commit: r1075801 - in /websites/production/cxf/content: cache/main.pageCache index.html security-advisories.data/CVE-2021-30468.txt.asc security-advisories.html",
              "tags": [
                "mailing-list",
                "x_refsource_MLIST"
              ],
              "url": "https://lists.apache.org/thread.html/rfb87e0bf3995e7d560afeed750fac9329ff5f1ad49da365129b7f89e%40%3Ccommits.cxf.apache.org%3E"
            }
          ]
        }
      },
      "cveMetadata": {
        "assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
        "assignerShortName": "redhat",
        "cveId": "CVE-2011-2487",
        "datePublished": "2020-03-11T15:45:46.000Z",
        "dateReserved": "2011-06-15T00:00:00.000Z",
        "dateUpdated": "2024-08-06T23:00:33.988Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2012-5626 (GCVE-0-2012-5626)

    Vulnerability from cvelistv5 – Published: 2020-01-23 18:10 – Updated: 2024-08-06 21:14
    VLAI
    Summary
    EJB method in Red Hat JBoss BRMS 5; Red Hat JBoss Enterprise Application Platform 5; Red Hat JBoss Operations Network 3.1; Red Hat JBoss Portal 4 and 5; Red Hat JBoss SOA Platform 4.2, 4.3, and 5; in Red Hat JBoss Enterprise Web Server 1 ignores roles specified using the @RunAs annotation.
    Severity
    No CVSS data available.
    CWE
    • Other
    Assigner
    References
    Date Public
    2016-02-05 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-06T21:14:16.255Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2012-5626"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "https://access.redhat.com/security/cve/cve-2012-5626"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "JBoss BRMS",
              "vendor": "Red Hat",
              "versions": [
                {
                  "status": "affected",
                  "version": "5"
                }
              ]
            },
            {
              "product": "JBoss Enterprise Application Platform",
              "vendor": "Red Hat",
              "versions": [
                {
                  "status": "affected",
                  "version": "5"
                }
              ]
            },
            {
              "product": "JBoss Operations Network",
              "vendor": "Red Hat",
              "versions": [
                {
                  "status": "affected",
                  "version": "3.1"
                }
              ]
            },
            {
              "product": "JBoss Portal",
              "vendor": "Red Hat",
              "versions": [
                {
                  "status": "affected",
                  "version": "4"
                },
                {
                  "status": "affected",
                  "version": "5"
                }
              ]
            },
            {
              "product": "JBoss SOA Platform",
              "vendor": "Red Hat",
              "versions": [
                {
                  "status": "affected",
                  "version": "4.2"
                },
                {
                  "status": "affected",
                  "version": "4.3"
                },
                {
                  "status": "affected",
                  "version": "5"
                }
              ]
            },
            {
              "product": "JBoss Enterprise Web Server",
              "vendor": "Red Hat",
              "versions": [
                {
                  "status": "affected",
                  "version": "1"
                }
              ]
            }
          ],
          "datePublic": "2016-02-05T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "EJB method in Red Hat JBoss BRMS 5; Red Hat JBoss Enterprise Application Platform 5; Red Hat JBoss Operations Network 3.1; Red Hat JBoss Portal 4 and 5; Red Hat JBoss SOA Platform 4.2, 4.3, and 5; in Red Hat JBoss Enterprise Web Server 1 ignores roles specified using the @RunAs annotation."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "Other",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2020-01-23T18:10:30.000Z",
            "orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
            "shortName": "redhat"
          },
          "references": [
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2012-5626"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://access.redhat.com/security/cve/cve-2012-5626"
            }
          ]
        }
      },
      "cveMetadata": {
        "assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
        "assignerShortName": "redhat",
        "cveId": "CVE-2012-5626",
        "datePublished": "2020-01-23T18:10:30.000Z",
        "dateReserved": "2012-10-24T00:00:00.000Z",
        "dateUpdated": "2024-08-06T21:14:16.255Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2014-0245 (GCVE-0-2014-0245)

    Vulnerability from cvelistv5 – Published: 2020-01-02 19:42 – Updated: 2024-08-06 09:05
    VLAI
    Summary
    It was found that the implementation of the GTNSubjectCreatingInterceptor class in gatein-wsrp was not thread safe. For a specific WSRP endpoint, under high-concurrency scenarios or scenarios where SOAP messages take long to execute, it was possible for an unauthenticated remote attacker to gain privileged information if WS-Security is enabled for the WSRP Consumer, and the endpoint in question is being used by a privileged user. This affects JBoss Portal 6.2.0.
    Severity
    No CVSS data available.
    CWE
    • Information disclosure via unsafe concurrency handling in interceptor
    Assigner
    Impacted products
    Vendor Product Version
    Red Hat JBoss Portal Affected: 6.2.0
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-06T09:05:39.384Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2014-0245"
              },
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://access.redhat.com/security/cve/cve-2014-0245"
              },
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://access.redhat.com/errata/RHSA-2015:1009"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "JBoss Portal",
              "vendor": "Red Hat",
              "versions": [
                {
                  "status": "affected",
                  "version": "6.2.0"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "It was found that the implementation of the GTNSubjectCreatingInterceptor class in gatein-wsrp was not thread safe. For a specific WSRP endpoint, under high-concurrency scenarios or scenarios where SOAP messages take long to execute, it was possible for an unauthenticated remote attacker to gain privileged information if WS-Security is enabled for the WSRP Consumer, and the endpoint in question is being used by a privileged user. This affects JBoss Portal 6.2.0."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "Information disclosure via unsafe concurrency handling in interceptor",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2020-01-02T19:42:50.000Z",
            "orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
            "shortName": "redhat"
          },
          "references": [
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2014-0245"
            },
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://access.redhat.com/security/cve/cve-2014-0245"
            },
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://access.redhat.com/errata/RHSA-2015:1009"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "secalert@redhat.com",
              "ID": "CVE-2014-0245",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "JBoss Portal",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "6.2.0"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "Red Hat"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "It was found that the implementation of the GTNSubjectCreatingInterceptor class in gatein-wsrp was not thread safe. For a specific WSRP endpoint, under high-concurrency scenarios or scenarios where SOAP messages take long to execute, it was possible for an unauthenticated remote attacker to gain privileged information if WS-Security is enabled for the WSRP Consumer, and the endpoint in question is being used by a privileged user. This affects JBoss Portal 6.2.0."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "Information disclosure via unsafe concurrency handling in interceptor"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2014-0245",
                  "refsource": "MISC",
                  "url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2014-0245"
                },
                {
                  "name": "https://access.redhat.com/security/cve/cve-2014-0245",
                  "refsource": "MISC",
                  "url": "https://access.redhat.com/security/cve/cve-2014-0245"
                },
                {
                  "name": "https://access.redhat.com/errata/RHSA-2015:1009",
                  "refsource": "MISC",
                  "url": "https://access.redhat.com/errata/RHSA-2015:1009"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
        "assignerShortName": "redhat",
        "cveId": "CVE-2014-0245",
        "datePublished": "2020-01-02T19:42:50.000Z",
        "dateReserved": "2013-12-03T00:00:00.000Z",
        "dateUpdated": "2024-08-06T09:05:39.384Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2013-6495 (GCVE-0-2013-6495)

    Vulnerability from cvelistv5 – Published: 2019-12-11 13:48 – Updated: 2024-08-06 17:46
    VLAI
    Summary
    JBossWeb Bayeux has reflected XSS
    Severity
    No CVSS data available.
    CWE
    • Reflected Cross-Site Scripting (XSS)
    Assigner
    References
    Impacted products
    Vendor Product Version
    JBossWeb Bayeux JBossWeb Bayeux Affected: through 2014-02-19
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-06T17:46:22.199Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2013-6495"
              },
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://access.redhat.com/security/cve/cve-2013-6495"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "JBossWeb Bayeux",
              "vendor": "JBossWeb Bayeux",
              "versions": [
                {
                  "status": "affected",
                  "version": "through 2014-02-19"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "JBossWeb Bayeux has reflected XSS"
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "Reflected Cross-Site Scripting (XSS)",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2019-12-11T13:48:58.000Z",
            "orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
            "shortName": "redhat"
          },
          "references": [
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2013-6495"
            },
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://access.redhat.com/security/cve/cve-2013-6495"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "secalert@redhat.com",
              "ID": "CVE-2013-6495",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "JBossWeb Bayeux",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "through 2014-02-19"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "JBossWeb Bayeux"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "JBossWeb Bayeux has reflected XSS"
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "Reflected Cross-Site Scripting (XSS)"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2013-6495",
                  "refsource": "MISC",
                  "url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2013-6495"
                },
                {
                  "name": "https://access.redhat.com/security/cve/cve-2013-6495",
                  "refsource": "MISC",
                  "url": "https://access.redhat.com/security/cve/cve-2013-6495"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
        "assignerShortName": "redhat",
        "cveId": "CVE-2013-6495",
        "datePublished": "2019-12-11T13:48:58.000Z",
        "dateReserved": "2013-11-04T00:00:00.000Z",
        "dateUpdated": "2024-08-06T17:46:22.199Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2015-7501 (GCVE-0-2015-7501)

    Vulnerability from cvelistv5 – Published: 2017-11-09 00:00 – Updated: 2024-08-06 07:51
    VLAI ENISA
    Summary
    Red Hat JBoss A-MQ 6.x; BPM Suite (BPMS) 6.x; BRMS 6.x and 5.x; Data Grid (JDG) 6.x; Data Virtualization (JDV) 6.x and 5.x; Enterprise Application Platform 6.x, 5.x, and 4.3.x; Fuse 6.x; Fuse Service Works (FSW) 6.x; Operations Network (JBoss ON) 3.x; Portal 6.x; SOA Platform (SOA-P) 5.x; Web Server (JWS) 3.x; Red Hat OpenShift/xPAAS 3.x; and Red Hat Subscription Asset Manager 1.3 allow remote attackers to execute arbitrary commands via a crafted serialized Java object, related to the Apache Commons Collections (ACC) library.
    Severity
    No CVSS data available.
    CWE
    • n/a
    Assigner
    References
    URL Tags
    http://rhn.redhat.com/errata/RHSA-2016-0040.html vendor-advisory
    http://rhn.redhat.com/errata/RHSA-2015-2670.html vendor-advisory
    http://rhn.redhat.com/errata/RHSA-2015-2501.html vendor-advisory
    http://rhn.redhat.com/errata/RHSA-2015-2517.html vendor-advisory
    http://www.securityfocus.com/bid/78215 vdb-entry
    http://www.securitytracker.com/id/1034097 vdb-entry
    http://rhn.redhat.com/errata/RHSA-2015-2671.html vendor-advisory
    http://www.securitytracker.com/id/1037052 vdb-entry
    http://www.securitytracker.com/id/1037640 vdb-entry
    http://rhn.redhat.com/errata/RHSA-2015-2522.html vendor-advisory
    http://rhn.redhat.com/errata/RHSA-2015-2521.html vendor-advisory
    http://rhn.redhat.com/errata/RHSA-2015-2516.html vendor-advisory
    http://rhn.redhat.com/errata/RHSA-2015-2500.html vendor-advisory
    http://rhn.redhat.com/errata/RHSA-2015-2514.html vendor-advisory
    http://rhn.redhat.com/errata/RHSA-2015-2502.html vendor-advisory
    https://rhn.redhat.com/errata/RHSA-2015-2536.html vendor-advisory
    http://rhn.redhat.com/errata/RHSA-2016-1773.html vendor-advisory
    http://rhn.redhat.com/errata/RHSA-2015-2524.html vendor-advisory
    http://www.securitytracker.com/id/1037053 vdb-entry
    https://bugzilla.redhat.com/show_bug.cgi?id=1279330
    https://access.redhat.com/solutions/2045023
    http://www.oracle.com/technetwork/security-adviso…
    http://www.oracle.com/technetwork/security-adviso…
    http://www.oracle.com/technetwork/security-adviso…
    https://access.redhat.com/security/vulnerabilitie…
    http://www.oracle.com/technetwork/security-adviso…
    https://www.oracle.com/security-alerts/cpujul2020.html
    https://security.netapp.com/advisory/ntap-2024021…
    Date Public
    2015-11-06 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-06T07:51:28.224Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "name": "RHSA-2016:0040",
                "tags": [
                  "vendor-advisory",
                  "x_transferred"
                ],
                "url": "http://rhn.redhat.com/errata/RHSA-2016-0040.html"
              },
              {
                "name": "RHSA-2015:2670",
                "tags": [
                  "vendor-advisory",
                  "x_transferred"
                ],
                "url": "http://rhn.redhat.com/errata/RHSA-2015-2670.html"
              },
              {
                "name": "RHSA-2015:2501",
                "tags": [
                  "vendor-advisory",
                  "x_transferred"
                ],
                "url": "http://rhn.redhat.com/errata/RHSA-2015-2501.html"
              },
              {
                "name": "RHSA-2015:2517",
                "tags": [
                  "vendor-advisory",
                  "x_transferred"
                ],
                "url": "http://rhn.redhat.com/errata/RHSA-2015-2517.html"
              },
              {
                "name": "78215",
                "tags": [
                  "vdb-entry",
                  "x_transferred"
                ],
                "url": "http://www.securityfocus.com/bid/78215"
              },
              {
                "name": "1034097",
                "tags": [
                  "vdb-entry",
                  "x_transferred"
                ],
                "url": "http://www.securitytracker.com/id/1034097"
              },
              {
                "name": "RHSA-2015:2671",
                "tags": [
                  "vendor-advisory",
                  "x_transferred"
                ],
                "url": "http://rhn.redhat.com/errata/RHSA-2015-2671.html"
              },
              {
                "name": "1037052",
                "tags": [
                  "vdb-entry",
                  "x_transferred"
                ],
                "url": "http://www.securitytracker.com/id/1037052"
              },
              {
                "name": "1037640",
                "tags": [
                  "vdb-entry",
                  "x_transferred"
                ],
                "url": "http://www.securitytracker.com/id/1037640"
              },
              {
                "name": "RHSA-2015:2522",
                "tags": [
                  "vendor-advisory",
                  "x_transferred"
                ],
                "url": "http://rhn.redhat.com/errata/RHSA-2015-2522.html"
              },
              {
                "name": "RHSA-2015:2521",
                "tags": [
                  "vendor-advisory",
                  "x_transferred"
                ],
                "url": "http://rhn.redhat.com/errata/RHSA-2015-2521.html"
              },
              {
                "name": "RHSA-2015:2516",
                "tags": [
                  "vendor-advisory",
                  "x_transferred"
                ],
                "url": "http://rhn.redhat.com/errata/RHSA-2015-2516.html"
              },
              {
                "name": "RHSA-2015:2500",
                "tags": [
                  "vendor-advisory",
                  "x_transferred"
                ],
                "url": "http://rhn.redhat.com/errata/RHSA-2015-2500.html"
              },
              {
                "name": "RHSA-2015:2514",
                "tags": [
                  "vendor-advisory",
                  "x_transferred"
                ],
                "url": "http://rhn.redhat.com/errata/RHSA-2015-2514.html"
              },
              {
                "name": "RHSA-2015:2502",
                "tags": [
                  "vendor-advisory",
                  "x_transferred"
                ],
                "url": "http://rhn.redhat.com/errata/RHSA-2015-2502.html"
              },
              {
                "name": "RHSA-2015:2536",
                "tags": [
                  "vendor-advisory",
                  "x_transferred"
                ],
                "url": "https://rhn.redhat.com/errata/RHSA-2015-2536.html"
              },
              {
                "name": "RHSA-2016:1773",
                "tags": [
                  "vendor-advisory",
                  "x_transferred"
                ],
                "url": "http://rhn.redhat.com/errata/RHSA-2016-1773.html"
              },
              {
                "name": "RHSA-2015:2524",
                "tags": [
                  "vendor-advisory",
                  "x_transferred"
                ],
                "url": "http://rhn.redhat.com/errata/RHSA-2015-2524.html"
              },
              {
                "name": "1037053",
                "tags": [
                  "vdb-entry",
                  "x_transferred"
                ],
                "url": "http://www.securitytracker.com/id/1037053"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1279330"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://access.redhat.com/solutions/2045023"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "http://www.oracle.com/technetwork/security-advisory/cpujul2018-4258247.html"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "http://www.oracle.com/technetwork/security-advisory/cpujan2018-3236628.html"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "http://www.oracle.com/technetwork/security-advisory/cpuapr2018-3678067.html"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://access.redhat.com/security/vulnerabilities/2059393"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "http://www.oracle.com/technetwork/security-advisory/cpuoct2018-4428296.html"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://www.oracle.com/security-alerts/cpujul2020.html"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://security.netapp.com/advisory/ntap-20240216-0010/"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "n/a",
              "vendor": "n/a",
              "versions": [
                {
                  "status": "affected",
                  "version": "n/a"
                }
              ]
            }
          ],
          "datePublic": "2015-11-06T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "Red Hat JBoss A-MQ 6.x; BPM Suite (BPMS) 6.x; BRMS 6.x and 5.x; Data Grid (JDG) 6.x; Data Virtualization (JDV) 6.x and 5.x; Enterprise Application Platform 6.x, 5.x, and 4.3.x; Fuse 6.x; Fuse Service Works (FSW) 6.x; Operations Network (JBoss ON) 3.x; Portal 6.x; SOA Platform (SOA-P) 5.x; Web Server (JWS) 3.x; Red Hat OpenShift/xPAAS 3.x; and Red Hat Subscription Asset Manager 1.3 allow remote attackers to execute arbitrary commands via a crafted serialized Java object, related to the Apache Commons Collections (ACC) library."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "n/a",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2024-02-16T13:06:08.221Z",
            "orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
            "shortName": "redhat"
          },
          "references": [
            {
              "name": "RHSA-2016:0040",
              "tags": [
                "vendor-advisory"
              ],
              "url": "http://rhn.redhat.com/errata/RHSA-2016-0040.html"
            },
            {
              "name": "RHSA-2015:2670",
              "tags": [
                "vendor-advisory"
              ],
              "url": "http://rhn.redhat.com/errata/RHSA-2015-2670.html"
            },
            {
              "name": "RHSA-2015:2501",
              "tags": [
                "vendor-advisory"
              ],
              "url": "http://rhn.redhat.com/errata/RHSA-2015-2501.html"
            },
            {
              "name": "RHSA-2015:2517",
              "tags": [
                "vendor-advisory"
              ],
              "url": "http://rhn.redhat.com/errata/RHSA-2015-2517.html"
            },
            {
              "name": "78215",
              "tags": [
                "vdb-entry"
              ],
              "url": "http://www.securityfocus.com/bid/78215"
            },
            {
              "name": "1034097",
              "tags": [
                "vdb-entry"
              ],
              "url": "http://www.securitytracker.com/id/1034097"
            },
            {
              "name": "RHSA-2015:2671",
              "tags": [
                "vendor-advisory"
              ],
              "url": "http://rhn.redhat.com/errata/RHSA-2015-2671.html"
            },
            {
              "name": "1037052",
              "tags": [
                "vdb-entry"
              ],
              "url": "http://www.securitytracker.com/id/1037052"
            },
            {
              "name": "1037640",
              "tags": [
                "vdb-entry"
              ],
              "url": "http://www.securitytracker.com/id/1037640"
            },
            {
              "name": "RHSA-2015:2522",
              "tags": [
                "vendor-advisory"
              ],
              "url": "http://rhn.redhat.com/errata/RHSA-2015-2522.html"
            },
            {
              "name": "RHSA-2015:2521",
              "tags": [
                "vendor-advisory"
              ],
              "url": "http://rhn.redhat.com/errata/RHSA-2015-2521.html"
            },
            {
              "name": "RHSA-2015:2516",
              "tags": [
                "vendor-advisory"
              ],
              "url": "http://rhn.redhat.com/errata/RHSA-2015-2516.html"
            },
            {
              "name": "RHSA-2015:2500",
              "tags": [
                "vendor-advisory"
              ],
              "url": "http://rhn.redhat.com/errata/RHSA-2015-2500.html"
            },
            {
              "name": "RHSA-2015:2514",
              "tags": [
                "vendor-advisory"
              ],
              "url": "http://rhn.redhat.com/errata/RHSA-2015-2514.html"
            },
            {
              "name": "RHSA-2015:2502",
              "tags": [
                "vendor-advisory"
              ],
              "url": "http://rhn.redhat.com/errata/RHSA-2015-2502.html"
            },
            {
              "name": "RHSA-2015:2536",
              "tags": [
                "vendor-advisory"
              ],
              "url": "https://rhn.redhat.com/errata/RHSA-2015-2536.html"
            },
            {
              "name": "RHSA-2016:1773",
              "tags": [
                "vendor-advisory"
              ],
              "url": "http://rhn.redhat.com/errata/RHSA-2016-1773.html"
            },
            {
              "name": "RHSA-2015:2524",
              "tags": [
                "vendor-advisory"
              ],
              "url": "http://rhn.redhat.com/errata/RHSA-2015-2524.html"
            },
            {
              "name": "1037053",
              "tags": [
                "vdb-entry"
              ],
              "url": "http://www.securitytracker.com/id/1037053"
            },
            {
              "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1279330"
            },
            {
              "url": "https://access.redhat.com/solutions/2045023"
            },
            {
              "url": "http://www.oracle.com/technetwork/security-advisory/cpujul2018-4258247.html"
            },
            {
              "url": "http://www.oracle.com/technetwork/security-advisory/cpujan2018-3236628.html"
            },
            {
              "url": "http://www.oracle.com/technetwork/security-advisory/cpuapr2018-3678067.html"
            },
            {
              "url": "https://access.redhat.com/security/vulnerabilities/2059393"
            },
            {
              "url": "http://www.oracle.com/technetwork/security-advisory/cpuoct2018-4428296.html"
            },
            {
              "url": "https://www.oracle.com/security-alerts/cpujul2020.html"
            },
            {
              "url": "https://security.netapp.com/advisory/ntap-20240216-0010/"
            }
          ]
        }
      },
      "cveMetadata": {
        "assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
        "assignerShortName": "redhat",
        "cveId": "CVE-2015-7501",
        "datePublished": "2017-11-09T00:00:00.000Z",
        "dateReserved": "2015-09-29T00:00:00.000Z",
        "dateUpdated": "2024-08-06T07:51:28.224Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2015-5176 (GCVE-0-2015-5176)

    Vulnerability from cvelistv5 – Published: 2015-08-11 14:00 – Updated: 2024-08-06 06:41
    VLAI
    Summary
    The PortletRequestDispatcher in PortletBridge, as used in Red Hat JBoss Portal 6.2.0, does not properly enforce the security constraints of servlets, which allows remote attackers to gain access to resources via a request that asks to render a non-JSF resource.
    Severity
    No CVSS data available.
    CWE
    • n/a
    Assigner
    References
    URL Tags
    http://rhn.redhat.com/errata/RHSA-2015-1543.html vendor-advisoryx_refsource_REDHAT
    Date Public
    2015-08-04 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-06T06:41:07.566Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "name": "RHSA-2015:1543",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_REDHAT",
                  "x_transferred"
                ],
                "url": "http://rhn.redhat.com/errata/RHSA-2015-1543.html"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "n/a",
              "vendor": "n/a",
              "versions": [
                {
                  "status": "affected",
                  "version": "n/a"
                }
              ]
            }
          ],
          "datePublic": "2015-08-04T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "The PortletRequestDispatcher in PortletBridge, as used in Red Hat JBoss Portal 6.2.0, does not properly enforce the security constraints of servlets, which allows remote attackers to gain access to resources via a request that asks to render a non-JSF resource."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "n/a",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2015-08-11T13:57:04.000Z",
            "orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
            "shortName": "redhat"
          },
          "references": [
            {
              "name": "RHSA-2015:1543",
              "tags": [
                "vendor-advisory",
                "x_refsource_REDHAT"
              ],
              "url": "http://rhn.redhat.com/errata/RHSA-2015-1543.html"
            }
          ]
        }
      },
      "cveMetadata": {
        "assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
        "assignerShortName": "redhat",
        "cveId": "CVE-2015-5176",
        "datePublished": "2015-08-11T14:00:00.000Z",
        "dateReserved": "2015-07-01T00:00:00.000Z",
        "dateUpdated": "2024-08-06T06:41:07.566Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }