- Home
- CVEs with nessus.description==The version of JBoss Enterprise Application Platform 6.0.1 running on
the remote system is vulnerable to the following issues:
- A man-in-the-middle attack is possible when applications
running on JBoss Web use the COOKIE session tracking
method. The flaw is in the
org.apache.catalina.connector.Response.encodeURL()
method. By making use of this, an attacker could obtain
a user's jsessionid and hijack their session.
(CVE-2012-4529)
- If multiple applications used the same custom
authorization module class name, a local attacker could
deploy a malicious application authorization module that
would permit or deny user access. (CVE-2012-4572)
- XML encryption backwards compatibility attacks could
allow an attacker to force a server to use insecure
legacy cryptosystems. (CVE-2012-5575)
- A NULL pointer dereference flaw could allow a malicious
OCSP to crash applications performing OCSP verification.
(CVE-2013-0166)
- An OpenSSL leaks timing information issue exists that
could allow a remote attacker to retrieve plaintext
from the encrypted packets. (CVE-2013-0169)
- The JBoss Enterprise Application Platform administrator
password and the sucker password are stored in a world-
readable, auto-install XML file created by the GUI
installer. (CVE-2013-0218)
- Tomcat incorrectly handles certain authentication
requests. A remote attacker could use this flaw to
inject a request that would get executed with a victim's
credentials. (CVE-2013-2067)
Max CVSS | 0 |
Min CVSS | 0 |
Total Count | 2 |
| ID | CVSS | Summary | Last (major) update | Published |
Back to Top
Mark selected
Back to Top