Arun Babu Neelicattu

**Name of the Vulnerable Software and Affected Versions** JBoss AS 7 Community Release (affected versions not specified) **Description** The issue is related to the improper implementation of security context propagation in JBoss AS 7 Community Release. This allows a local user to obtain elevated privileges by reusing a thread from the thread pool that still retains the security context from the last process used. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** JBoxx AS version 7.1.1 **Description** An issue exists in the property replacements feature in any descriptor, where JBoxx AS ignores Java security policies. **Recommendations** For JBoxx AS version 7.1.1, at the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Apache Struts versions prior to 2.3.1.2 **Description** The issue allows remote attackers to bypass security protections in the ParameterInterceptor class and execute arbitrary commands. This is due to a regular expression in ParametersInterceptor that incorrectly matches certain expressions, such as `top['foo'](0)`, as valid. The OGNL library treats this as `(top['foo'])(0)` and evaluates the value of the 'foo' action parameter as an OGNL expression. This enables malicious users to put arbitrary OGNL statements into any String variable exposed by an action, having it evaluated as an OGNL expression. Since the OGNL statement is in the HTTP parameter value, attackers can use blacklisted characters to disable method execution and execute arbitrary methods, bypassing the ParametersInterceptor and OGNL library protections. **Recommendations** For Apache Struts versions prior to 2.3.1.2, update to version 2.3.1.2 or later to resolve the issue. As a temporary workaround, consider restricting the use of the ParametersInterceptor class and limiting the evaluation of OGNL expressions in action parameters until a patch is applied. Avoid using blacklisted characters in HTTP parameter values to minimize the risk of exploitation.

Name of the Vulnerable Software and Affected Versions: OpenJDK and Oracle Java SE versions prior to 7u51 Description: The issue allows remote attackers to bypass a code-signing protection mechanism and inject unsigned bytecode into a signed JAR file by leveraging improper file validation. Recommendations: For versions prior to 7u51, update to version 7u51 or later to resolve the issue.

**Name of the Vulnerable Software and Affected Versions** Red Hat JBoss Operations Network (JON) version 3.1.2 **Description** The issue allows local users to obtain sensitive information by reading the log files, as the server logs passwords in plaintext. **Recommendations** For Red Hat JBoss Operations Network (JON) version 3.1.2, consider restricting access to the log files to minimize the risk of exploitation. As a temporary workaround, review and modify the logging configuration to avoid storing sensitive information, such as passwords, in plaintext.

**Name of the Vulnerable Software and Affected Versions** JGroup versions 3.0.x through 3.2.8 JGroup versions 3.3.x before 3.3.3 **Description** The issue allows remote attackers to obtain sensitive information, such as diagnostic information, and execute arbitrary code by reusing valid credentials. This is due to a problem in the DiagnosticsHandler. **Recommendations** For JGroup versions 3.0.x through 3.2.8, update to version 3.2.9 or later. For JGroup versions 3.3.x before 3.3.3, update to version 3.3.3 or later.

**Name of the Vulnerable Software and Affected Versions** Red Hat JBoss Enterprise Application Platform versions prior to 6.1.1 **Description** The issue allows local users to obtain the admin encryption key by reading the Vault data file. **Recommendations** For versions prior to 6.1.1, update to version 6.1.1 or later to resolve the issue.

**Name of the Vulnerable Software and Affected Versions** Red Hat JBoss Enterprise Application Platform (EAP) version 6.1.0 **Description** The issue is related to improper caching of EJB invocations by remote-naming, allowing remote attackers to hijack sessions using a remoting client. **Recommendations** For Red Hat JBoss Enterprise Application Platform (EAP) version 6.1.0, consider restricting access to the remote-naming service to minimize the risk of session hijacking until a patch is available.

**Name of the Vulnerable Software and Affected Versions** JBoss Enterprise Application Platform versions 5.1.x through 5.1.1 JBoss Enterprise Application Platform versions 5.2.x through 5.2.1 Web Platform versions 5.1.x through 5.1.1 BRMS Platform versions prior to 5.3.0 SOA Platform versions prior to 5.3.0 **Description** The issue arises when the JBoss Server is configured to use the JaccAuthorizationRealm and the `ignoreBaseDecision` property is set to true on the JBossWebRealm. This configuration leads to improper checking of permissions created by the WebPermissionMapping class. As a result, remote authenticated users can access arbitrary applications. **Recommendations** For JBoss Enterprise Application Platform versions 5.1.x through 5.1.1, update to version 5.1.2 or later. For JBoss Enterprise Application Platform versions 5.2.x through 5.2.1, update to version 5.2.2 or later. For Web Platform versions 5.1.x through 5.1.1, update to version 5.1.2 or later. For BRMS Platform versions prior to 5.3.0, update to version 5.3.0 or later. For SOA Platform versions prior to 5.3.0, update to version 5.3.0 or later.