ID

VAR-201801-0036


CVE

CVE-2015-9251


TITLE

Red Hat Security Advisory 2020-0729-01

Trust: 0.1

sources: PACKETSTORM: 156630

DESCRIPTION

jQuery before 3.0.0 is vulnerable to Cross-site Scripting (XSS) attacks when a cross-domain Ajax request is performed without the dataType option, causing text/javascript responses to be executed. jQuery is an open source, cross-browser JavaScript library developed by American John Resig programmers. The library simplifies the operation between HTML and JavaScript, and has the characteristics of modularization and plug-in extension. A cross-site scripting vulnerability exists in jQuery versions prior to 3.0.0. The vulnerability stems from the lack of correct validation of client data in WEB applications. An attacker could exploit this vulnerability to execute client code. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 ==================================================================== Red Hat Security Advisory Synopsis: Important: Red Hat Data Grid 7.3.5 security update Advisory ID: RHSA-2020:0729-01 Product: Red Hat JBoss Data Grid Advisory URL: https://access.redhat.com/errata/RHSA-2020:0729 Issue date: 2020-03-05 CVE Names: CVE-2015-9251 CVE-2019-14888 CVE-2019-14892 CVE-2019-14893 CVE-2019-16335 ==================================================================== 1. Summary: An update for Red Hat Data Grid is now available. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. 2. Description: Red Hat Data Grid is a distributed, in-memory, NoSQL datastore based on the Infinispan project. This release of Red Hat Data Grid 7.3.5 serves as a replacement for Red Hat Data Grid 7.3.4 and includes bug fixes and enhancements, which are described in the Release Notes, linked to in the References section of this erratum. Security Fix(es): * undertow: possible Denial Of Service (DOS) in Undertow HTTP server listening on HTTPS (CVE-2019-14888) * js-jquery: Cross-site scripting via cross-domain ajax requests (CVE-2015-9251) * jackson-databind: Serialization gadgets in classes of the commons-configuration package (CVE-2019-14892) * jackson-databind: Serialization gadgets in classes of the xalan package (CVE-2019-14893) * jackson-databind: polymorphic typing issue related to com.zaxxer.hikari.HikariDataSource (CVE-2019-16335) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. 3. Solution: To install this update, do the following: 1. Download the Data Grid 7.3.5 server patch from the customer portal. 2. Back up your existing Data Grid installation. You should back up databases, configuration files, and so on. 3. Install the Data Grid 7.3.5 server patch. Refer to the 7.3 Release Notes for patching instructions. 4. Restart Data Grid to ensure the changes take effect. 4. Bugs fixed (https://bugzilla.redhat.com/): 1399546 - CVE-2015-9251 js-jquery: Cross-site scripting via cross-domain ajax requests 1755831 - CVE-2019-16335 jackson-databind: polymorphic typing issue related to com.zaxxer.hikari.HikariDataSource 1758171 - CVE-2019-14892 jackson-databind: Serialization gadgets in classes of the commons-configuration package 1758182 - CVE-2019-14893 jackson-databind: Serialization gadgets in classes of the xalan package 1772464 - CVE-2019-14888 undertow: possible Denial Of Service (DOS) in Undertow HTTP server listening on HTTPS 5. References: https://access.redhat.com/security/cve/CVE-2015-9251 https://access.redhat.com/security/cve/CVE-2019-14888 https://access.redhat.com/security/cve/CVE-2019-14892 https://access.redhat.com/security/cve/CVE-2019-14893 https://access.redhat.com/security/cve/CVE-2019-16335 https://access.redhat.com/security/updates/classification/#important https://access.redhat.com/jbossnetwork/restricted/softwareDetail.html?softwareIdp381&product\xdata.grid&version=7.3&downloadType=patches https://access.redhat.com/documentation/en-us/red_hat_data_grid/7.3/html-single/red_hat_data_grid_7.3_release_notes/index 6. Contact: The Red Hat security contact is <secalert@redhat.com>. More contact details at https://access.redhat.com/security/team/contact/ Copyright 2020 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1 iQIVAwUBXmD64dzjgjWX9erEAQhVEw//YhsuCp6jWyCTmV4ityeuQbAfugDZbDil UgLHKB9LytAPXZunO8F+JpvNUAjTuPuJCXoTLY75Qz50v1Tdi1sCFr4oeQcpwkTZ L3+x5F4p8B+xAWTtmP+dM/36OClSLDvKcT+wLcwIZs9uUhXt5a/eMcbGkEvDRqeS 56WULWu2uHYhOPr3l7SaL3V0+7GTH3QsaeqNTohn8wsSjsdVWJwh4L8St1MVdPiI qraV1nN5DY0uqHfkIdZJY5dnhJ43PVvSgf9TS+0GFYZN78F9FMQQi94MRHQbNOuc LJrbiVXWgyDBIPJCA0Nu5TYutIdRcD6agHXeFay2SRCEMxfXdtFVEstInAOMy7g8 daH7DGPvNG9tyC32uKJpq11/3qCulfJ2WzIocuLUnBTg13pjhpOGTSG5h+kxTybR IU83IP24lVZOdkbXv/9GBWPwyOPpZO1IO7zUTaGPoRbGW+167pRoMp8LG28NCth3 mENbW2oBk/sAQbiUQ6oQntKmLBOC4yQDAskvWTf82csrcve0kAcOCFU5ivnRt4Mf mePrVsHc1O/WHFyoZP9TPX99h0jYKHKxP8VE81RT2MkQmnPkL1UQcnFmtutcVqEd LNNW7Y8V6thdeZRspwAR575lqYzq59dNkGeINHuWTv4DWHQTneVcJB7a1fAvcFB6 6hUzIjSDmgY=NGTq -----END PGP SIGNATURE----- -- RHSA-announce mailing list RHSA-announce@redhat.com https://www.redhat.com/mailman/listinfo/rhsa-announce . Relevant releases/architectures: Red Hat Enterprise Linux AppStream (v. 8) - aarch64, noarch, ppc64le, s390x, x86_64 3. Description: Red Hat Identity Management (IdM) is a centralized authentication, identity management, and authorization solution for both traditional and cloud-based enterprise environments. The following packages have been upgraded to a later upstream version: ipa (4.8.7), softhsm (2.6.0), opendnssec (2.1.6). Solution: For details on how to apply this update, which includes the changes described in this advisory, refer to: https://access.redhat.com/articles/11258 5. Bugs fixed (https://bugzilla.redhat.com/): 1399546 - CVE-2015-9251 jquery: Cross-site scripting via cross-domain ajax requests 1430365 - [RFE] Host-group names command rename 1488732 - fake_mname in named.conf is no longer effective 1585020 - Enable compat tree to provide information about AD users and groups on trust agents 1601614 - CVE-2018-14040 bootstrap: Cross-site Scripting (XSS) in the collapse data-parent attribute 1601617 - CVE-2018-14042 bootstrap: Cross-site Scripting (XSS) in the data-container property of tooltip 1651577 - [WebUI] IPA Error 3007: RequirmentError" while adding members in "User ID overrides" tab 1668082 - CVE-2018-20676 bootstrap: XSS in the tooltip data-viewport attribute 1668089 - CVE-2018-20677 bootstrap: XSS in the affix configuration target property 1668097 - CVE-2016-10735 bootstrap: XSS in the data-target attribute 1686454 - CVE-2019-8331 bootstrap: XSS in the tooltip or popover data-template attribute 1701233 - [RFE] support setting supported signature methods on the token 1701972 - CVE-2019-11358 jquery: Prototype pollution in object's prototype leading to denial of service, remote code execution, or property injection 1746830 - Memory leak during search of idview overrides 1750893 - Memory leak when slapi-nis return entries retrieved from nsswitch 1751295 - When sync-repl is enabled, slapi-nis can deadlock during retrochanglog trimming 1757045 - IDM Web GUI / IPA web UI: the ID override operation doesn't work in GUI (it works only from CLI) 1759888 - Rebase OpenDNSSEC to 2.1 1768156 - ERR - schemacompat - map rdlock: old way MAP_MONITOR_DISABLED 1777806 - When Service weight is set as 0 for server in IPA location "IPA Error 903: InternalError" is displayed 1793071 - CVE-2020-1722 ipa: No password length restriction leads to denial of service 1801698 - [RFE] Changing default hostgroup is too easy 1802471 - SELinux policy for ipa-custodia 1809835 - RFE: ipa group-add-member: number of failed should also be emphasized 1810154 - RFE: ipa-backup should compare locally and globally installed server roles 1810179 - ipa-client-install should name authselect backups and restore to that at uninstall time 1813330 - ipa-restore does not restart httpd 1816784 - KRA install fails if all KRA members are Hidden Replicas 1818765 - [Rebase] Rebase ipa to 4.8.6+ 1818877 - [Rebase] Rebase to softhsm 2.6.0+ 1828406 - CVE-2020-11022 jquery: Cross-site scripting due to improper injQuery.htmlPrefilter method 1831732 - AVC avc: denied { dac_override } for comm="ods-enforcerd 1831935 - AD authentication with IdM against SQL Server 1832331 - [abrt] [faf] 389-ds-base: unknown function(): /usr/sbin/ns-slapd killed by 11 1833266 - [dirsrv] set 'nsslapd-enable-upgrade-hash: off' as this raises warnings 1834264 - BIND rebase: rebuild against new so version 1834909 - softhsm use-after-free on process exit 1845211 - Rebase bind-dyndb-ldap to 11.3 1845537 - IPA bind configuration issue 1845596 - ipa trust-add fails with 'Fetching domains from trusted forest failed' 1846352 - cannot issue certs with multiple IP addresses corresponding to different hosts 1846434 - Remove ipa-idoverride-memberof as superceded by ipa-server 4.8.7 1847999 - EPN does not ship its default configuration ( /etc/ipa/epn.conf ) in freeipa-client-epn 1849914 - FreeIPA - Utilize 256-bit AJP connector passwords 1851411 - ipa: typo issue in ipanthomedirectoryrive deffinition 1852244 - ipa-healthcheck inadvertently obsoleted in RHEL 8.2 1853263 - ipa-selinux package missing 1857157 - replica install failing with avc denial for custodia component 1858318 - AttributeError: module 'ssl' has no attribute 'SSLCertVerificationError' when upgrading ca-less ipa master 1859213 - AVC denial during ipa-adtrust-install --add-agents 1863079 - ipa-epn command displays 'exception: ConnectionRefusedError: [Errno 111] Connection refused' 1863616 - CA-less install does not set required permissions on KDC certificate 1866291 - EPN: enhance input validation 1866938 - ipa-epn fails to retrieve user data if some user attributes are not present 1868432 - Unhandled Python exception in '/usr/libexec/ipa/ipa-pki-retrieve-key' 1869311 - ipa trust-add fails with 'Fetching domains from trusted forest failed' 1870202 - File permissions of /etc/ipa/ca.crt differ between CA-ful and CA-less 1874015 - ipa hbacrule-add-service --hbacsvcs=sshd is not applied successfully for subdomain 1875348 - Valgrind reports a memory leak in the Schema Compatibility plugin. Package List: Red Hat Enterprise Linux AppStream (v. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/ 7. http://secureli.com/retirejs-vulnerabilities-identified-with-retirejs/ I decided to scan RetireJS using its own codebase, and discovered the following issues in RetireJS: /home/omi/clients/retire/firefox/test/web/dojo.js ↳ dojo 1.4.2 has known vulnerabilities: severity: medium; PR: 307; https://github.com/dojo/dojo/pull/307 https://dojotoolkit.org/blog/dojo-1-14-released /home/omi/clients/retire/firefox/test/web/retire-example-0.0.1.js ↳ retire-example 0.0.1 has known vulnerabilities: severity: low; CVE: CVE-XXXX-XXXX, bug: 1234, summary: bug summary; http://github.com/eoftedal/retire.js/ /home/omi/clients/retire/firefox/test/web/retire-example.js ↳ retire-example 0.0.1 has known vulnerabilities: severity: low; CVE: CVE-XXXX-XXXX, bug: 1234, summary: bug summary; http://github.com/eoftedal/retire.js/ /home/omi/clients/retire/node/spec/tests/contentscan.spec.js ↳ jquery 1.8.1 has known vulnerabilities: severity: medium; CVE: CVE-2012-6708, bug: 11290, summary: Selector interpreted as HTML; http://bugs.jquery.com/ticket/11290 https://nvd.nist.gov/vuln/detail/CVE-2012-6708 http://research.insecurelabs.org/jquery/test/ severity: medium; issue: 2432, summary: 3rd party CORS request may execute, CVE: CVE-2015-9251; https://github.com/jquery/jquery/issues/2432 http://blog.jquery.com/2016/01/08/jquery-2-2-and-1-12-released/ https://nvd.nist.gov/vuln/detail/CVE-2015-9251 http://research.insecurelabs.org/jquery/test/ severity: medium; CVE: CVE-2015-9251, issue: 11974, summary: parseHTML() executes scripts in event handlers; https://bugs.jquery.com/ticket/11974 https://nvd.nist.gov/vuln/detail/CVE-2015-9251 http://research.insecurelabs.org/jquery/test/ severity: low; CVE: CVE-2019-11358, summary: jQuery before 3.4.0, as used in Drupal, Backdrop CMS, and other products, mishandles jQuery.extend(true, {}, …) because of Object.prototype pollution; https://blog.jquery.com/2019/04/10/jquery-3-4-0-released/ https://nvd.nist.gov/vuln/detail/CVE-2019-11358 https://github.com/jquery/jquery/commit/753d591aea698e57d6db58c9f722cd0808619b1b . Solution: Before applying this update, make sure all previously released errata relevant to your system have been applied. JIRA issues fixed (https://issues.jboss.org/): JBEAP-23864 - (7.4.z) Upgrade xmlsec from 2.1.7.redhat-00001 to 2.2.3.redhat-00001 JBEAP-23865 - [GSS](7.4.z) Upgrade Apache CXF from 3.3.13.redhat-00001 to 3.4.10.redhat-00001 JBEAP-23866 - (7.4.z) Upgrade wss4j from 2.2.7.redhat-00001 to 2.3.3.redhat-00001 JBEAP-23928 - Tracker bug for the EAP 7.4.9 release for RHEL-9 JBEAP-24055 - (7.4.z) Upgrade HAL from 3.3.15.Final-redhat-00001 to 3.3.16.Final-redhat-00001 JBEAP-24081 - (7.4.z) Upgrade Elytron from 1.15.14.Final-redhat-00001 to 1.15.15.Final-redhat-00001 JBEAP-24095 - (7.4.z) Upgrade elytron-web from 1.9.2.Final-redhat-00001 to 1.9.3.Final-redhat-00001 JBEAP-24100 - [GSS](7.4.z) Upgrade Undertow from 2.2.20.SP1-redhat-00001 to 2.2.22.SP3-redhat-00001 JBEAP-24127 - (7.4.z) UNDERTOW-2123 - Update AsyncContextImpl.dispatch to use proper value JBEAP-24128 - (7.4.z) Upgrade Hibernate Search from 5.10.7.Final-redhat-00001 to 5.10.13.Final-redhat-00001 JBEAP-24132 - [GSS](7.4.z) Upgrade Ironjacamar from 1.5.3.SP2-redhat-00001 to 1.5.10.Final-redhat-00001 JBEAP-24147 - (7.4.z) Upgrade jboss-ejb-client from 4.0.45.Final-redhat-00001 to 4.0.49.Final-redhat-00001 JBEAP-24167 - (7.4.z) Upgrade WildFly Core from 15.0.19.Final-redhat-00001 to 15.0.21.Final-redhat-00002 JBEAP-24191 - [GSS](7.4.z) Upgrade remoting from 5.0.26.SP1-redhat-00001 to 5.0.27.Final-redhat-00001 JBEAP-24195 - [GSS](7.4.z) Upgrade JSF API from 3.0.0.SP06-redhat-00001 to 3.0.0.SP07-redhat-00001 JBEAP-24207 - (7.4.z) Upgrade Soteria from 1.0.1.redhat-00002 to 1.0.1.redhat-00003 JBEAP-24248 - (7.4.z) ELY-2492 - Upgrade sshd-common in Elytron from 2.7.0 to 2.9.2 JBEAP-24426 - (7.4.z) Upgrade Elytron from 1.15.15.Final-redhat-00001 to 1.15.16.Final-redhat-00001 JBEAP-24427 - (7.4.z) Upgrade WildFly Core from 15.0.21.Final-redhat-00002 to 15.0.22.Final-redhat-00001 7

Trust: 1.44

sources: NVD: CVE-2015-9251 // VULHUB: VHN-87212 // VULMON: CVE-2015-9251 // PACKETSTORM: 156630 // PACKETSTORM: 159876 // PACKETSTORM: 153237 // PACKETSTORM: 170819

AFFECTED PRODUCTS

vendor:jquerymodel:jqueryscope:ltversion:3.0.0

Trust: 1.0

vendor:oraclemodel:financial services analytical applications infrastructurescope:gteversion:8.0.0

Trust: 1.0

vendor:oraclemodel:financial services liquidity risk managementscope:lteversion:8.0.6

Trust: 1.0

vendor:oraclemodel:financial services loan loss forecasting and provisioningscope:gteversion:8.0.2

Trust: 1.0

vendor:oraclemodel:retail workforce management softwarescope:eqversion:1.60.9

Trust: 1.0

vendor:oraclemodel:utilities frameworkscope:lteversion:4.3.0.4

Trust: 1.0

vendor:oraclemodel:primavera unifierscope:lteversion:17.12

Trust: 1.0

vendor:oraclemodel:jd edwards enterpriseone toolsscope:eqversion:9.2

Trust: 1.0

vendor:oraclemodel:financial services data integration hubscope:gteversion:8.0.5

Trust: 1.0

vendor:oraclemodel:peoplesoft enterprise peopletoolsscope:eqversion:8.55

Trust: 1.0

vendor:oraclemodel:jdeveloperscope:eqversion:12.2.1.3.0

Trust: 1.0

vendor:oraclemodel:primavera unifierscope:eqversion:16.2

Trust: 1.0

vendor:oraclemodel:oss support toolsscope:eqversion:19.1

Trust: 1.0

vendor:oraclemodel:retail allocationscope:eqversion:15.0.2

Trust: 1.0

vendor:oraclemodel:healthcare foundationscope:eqversion:7.1

Trust: 1.0

vendor:oraclemodel:service busscope:eqversion:12.1.3.0.0

Trust: 1.0

vendor:oraclemodel:primavera unifierscope:gteversion:17.1

Trust: 1.0

vendor:oraclemodel:siebel ui frameworkscope:eqversion:18.11

Trust: 1.0

vendor:oraclemodel:communications converged application serverscope:ltversion:7.0.0.1

Trust: 1.0

vendor:oraclemodel:hospitality guest accessscope:eqversion:4.2.0

Trust: 1.0

vendor:oraclemodel:financial services market risk measurement and managementscope:eqversion:8.0.6

Trust: 1.0

vendor:oraclemodel:enterprise manager ops centerscope:eqversion:12.3.3

Trust: 1.0

vendor:oraclemodel:financial services data integration hubscope:lteversion:8.0.7

Trust: 1.0

vendor:oraclemodel:peoplesoft enterprise peopletoolsscope:eqversion:8.56

Trust: 1.0

vendor:oraclemodel:communications interactive session recorderscope:eqversion:6.0

Trust: 1.0

vendor:oraclemodel:agile product lifecycle management for processscope:eqversion:6.2.3.0

Trust: 1.0

vendor:oraclemodel:insurance insbridge rating and underwritingscope:eqversion:5.4

Trust: 1.0

vendor:oraclemodel:agile product lifecycle management for processscope:eqversion:6.2.1.0

Trust: 1.0

vendor:oraclemodel:banking platformscope:eqversion:2.6.1

Trust: 1.0

vendor:oraclemodel:banking platformscope:eqversion:2.6.2

Trust: 1.0

vendor:oraclemodel:enterprise operations monitorscope:eqversion:3.4

Trust: 1.0

vendor:oraclemodel:jdeveloperscope:eqversion:12.1.3.0.0

Trust: 1.0

vendor:oraclemodel:weblogic serverscope:eqversion:12.2.1.3

Trust: 1.0

vendor:oraclemodel:jdeveloperscope:eqversion:11.1.1.9.0

Trust: 1.0

vendor:oraclemodel:insurance insbridge rating and underwritingscope:eqversion:5.5

Trust: 1.0

vendor:oraclemodel:financial services funds transfer pricingscope:lteversion:8.0.7

Trust: 1.0

vendor:oraclemodel:hospitality guest accessscope:eqversion:4.2.1

Trust: 1.0

vendor:oraclemodel:financial services asset liability managementscope:gteversion:8.0.4

Trust: 1.0

vendor:oraclemodel:primavera gatewayscope:eqversion:15.2

Trust: 1.0

vendor:oraclemodel:financial services hedge management and ifrs valuationsscope:gteversion:8.0.4

Trust: 1.0

vendor:oraclemodel:real-time schedulerscope:eqversion:2.3.0

Trust: 1.0

vendor:oraclemodel:financial services hedge management and ifrs valuationsscope:lteversion:8.0.7

Trust: 1.0

vendor:oraclemodel:financial services liquidity risk managementscope:gteversion:8.0.2

Trust: 1.0

vendor:oraclemodel:enterprise manager ops centerscope:eqversion:12.2.2

Trust: 1.0

vendor:oraclemodel:hospitality cruise fleet managementscope:eqversion:9.0.11

Trust: 1.0

vendor:oraclemodel:financial services reconciliation frameworkscope:eqversion:8.0.6

Trust: 1.0

vendor:oraclemodel:insurance insbridge rating and underwritingscope:eqversion:5.2

Trust: 1.0

vendor:oraclemodel:communications interactive session recorderscope:eqversion:6.2

Trust: 1.0

vendor:oraclemodel:enterprise operations monitorscope:eqversion:4.0

Trust: 1.0

vendor:oraclemodel:financial services analytical applications infrastructurescope:lteversion:8.0.7

Trust: 1.0

vendor:oraclemodel:financial services analytical applications infrastructurescope:gteversion:7.3.3

Trust: 1.0

vendor:oraclemodel:healthcare translational researchscope:eqversion:3.1.0

Trust: 1.0

vendor:oraclemodel:banking platformscope:eqversion:2.6.0

Trust: 1.0

vendor:oraclemodel:agile product lifecycle management for processscope:eqversion:6.2.3.1

Trust: 1.0

vendor:oraclemodel:weblogic serverscope:eqversion:12.1.3.0

Trust: 1.0

vendor:oraclemodel:communications interactive session recorderscope:eqversion:6.1

Trust: 1.0

vendor:oraclemodel:primavera gatewayscope:eqversion:16.2

Trust: 1.0

vendor:oraclemodel:healthcare foundationscope:eqversion:7.2

Trust: 1.0

vendor:oraclemodel:financial services market risk measurement and managementscope:eqversion:8.0.5

Trust: 1.0

vendor:oraclemodel:siebel ui frameworkscope:eqversion:18.10

Trust: 1.0

vendor:oraclemodel:retail workforce management softwarescope:eqversion:1.64.0

Trust: 1.0

vendor:oraclemodel:hospitality reporting and analyticsscope:eqversion:9.1.0

Trust: 1.0

vendor:oraclemodel:financial services profitability managementscope:gteversion:8.0.4

Trust: 1.0

vendor:oraclemodel:fusion middleware mapviewerscope:eqversion:12.2.1.3.0

Trust: 1.0

vendor:oraclemodel:agile product lifecycle management for processscope:eqversion:6.2.2.0

Trust: 1.0

vendor:oraclemodel:communications webrtc session controllerscope:ltversion:7.2

Trust: 1.0

vendor:oraclemodel:retail invoice matchingscope:eqversion:15.0

Trust: 1.0

vendor:oraclemodel:primavera unifierscope:eqversion:16.1

Trust: 1.0

vendor:oraclemodel:business process management suitescope:eqversion:12.2.1.3.0

Trust: 1.0

vendor:oraclemodel:retail customer insightsscope:eqversion:15.0

Trust: 1.0

vendor:oraclemodel:agile product lifecycle management for processscope:eqversion:6.2.0.0

Trust: 1.0

vendor:oraclemodel:peoplesoft enterprise peopletoolsscope:eqversion:8.57

Trust: 1.0

vendor:oraclemodel:primavera gatewayscope:eqversion:17.12

Trust: 1.0

vendor:oraclemodel:financial services loan loss forecasting and provisioningscope:lteversion:8.0.7

Trust: 1.0

vendor:oraclemodel:utilities mobile workforce managementscope:eqversion:2.3.0

Trust: 1.0

vendor:oraclemodel:utilities frameworkscope:gteversion:4.3.0.1

Trust: 1.0

vendor:oraclemodel:endeca information discovery studioscope:eqversion:3.2.0

Trust: 1.0

vendor:oraclemodel:financial services funds transfer pricingscope:gteversion:8.0.4

Trust: 1.0

vendor:oraclemodel:financial services reconciliation frameworkscope:eqversion:8.0.5

Trust: 1.0

vendor:oraclemodel:retail customer insightsscope:eqversion:16.0

Trust: 1.0

vendor:oraclemodel:service busscope:eqversion:12.2.1.3.0

Trust: 1.0

vendor:oraclemodel:webcenter sitesscope:eqversion:11.1.1.8.0

Trust: 1.0

vendor:oraclemodel:financial services asset liability managementscope:lteversion:8.0.7

Trust: 1.0

vendor:oraclemodel:financial services profitability managementscope:lteversion:8.0.6

Trust: 1.0

vendor:oraclemodel:retail sales auditscope:eqversion:15.0

Trust: 1.0

vendor:oraclemodel:primavera unifierscope:eqversion:18.8

Trust: 1.0

vendor:oraclemodel:financial services analytical applications infrastructurescope:lteversion:7.3.5

Trust: 1.0

vendor:oraclemodel:business process management suitescope:eqversion:12.1.3.0.0

Trust: 1.0

vendor:oraclemodel:hospitality materials controlscope:eqversion:18.1

Trust: 1.0

vendor:oraclemodel:communications services gatekeeperscope:ltversion:6.1.0.4.0

Trust: 1.0

vendor:oraclemodel:endeca information discovery studioscope:eqversion:3.1.0

Trust: 1.0

vendor:oraclemodel:business process management suitescope:eqversion:11.1.1.9.0

Trust: 1.0

sources: NVD: CVE-2015-9251

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2015-9251
value: MEDIUM

Trust: 1.0

VULHUB: VHN-87212
value: MEDIUM

Trust: 0.1

VULMON: CVE-2015-9251
value: MEDIUM

Trust: 0.1

nvd@nist.gov: CVE-2015-9251
severity: MEDIUM
baseScore: 4.3
vectorString: AV:N/AC:M/AU:N/C:N/I:P/A:N
accessVector: NETWORK
accessComplexity: MEDIUM
authentication: NONE
confidentialityImpact: NONE
integrityImpact: PARTIAL
availabilityImpact: NONE
exploitabilityScore: 8.6
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.1

VULHUB: VHN-87212
severity: MEDIUM
baseScore: 4.3
vectorString: AV:N/AC:M/AU:N/C:N/I:P/A:N
accessVector: NETWORK
accessComplexity: MEDIUM
authentication: NONE
confidentialityImpact: NONE
integrityImpact: PARTIAL
availabilityImpact: NONE
exploitabilityScore: 8.6
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

nvd@nist.gov: CVE-2015-9251
baseSeverity: MEDIUM
baseScore: 6.1
vectorString: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: REQUIRED
scope: CHANGED
confidentialityImpact: LOW
integrityImpact: LOW
availabilityImpact: NONE
exploitabilityScore: 2.8
impactScore: 2.7
version: 3.0

Trust: 1.0

sources: VULHUB: VHN-87212 // VULMON: CVE-2015-9251 // NVD: CVE-2015-9251

PROBLEMTYPE DATA

problemtype:CWE-79

Trust: 1.1

sources: VULHUB: VHN-87212 // NVD: CVE-2015-9251

TYPE

code execution, xss, memory leak

Trust: 0.1

sources: PACKETSTORM: 159876

PATCH

title:Red Hat: Important: Red Hat JBoss Fuse/A-MQ 6.3 R15 security and bug fix updateurl:https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories&qid=RHSA-20200481 - Security Advisory

Trust: 0.1

title:Red Hat: Important: Red Hat Data Grid 7.3.5 security updateurl:https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories&qid=RHSA-20200729 - Security Advisory

Trust: 0.1

title:Arch Linux Issues: url:https://vulmon.com/vendoradvisory?qidtp=arch_linux_issues&qid=CVE-2015-9251 log

Trust: 0.1

title:Arch Linux Advisories: [ASA-201910-4] ruby-rdoc: cross-site scriptingurl:https://vulmon.com/vendoradvisory?qidtp=arch_linux_advisories&qid=ASA-201910-4

Trust: 0.1

title:Red Hat: CVE-2015-9251url:https://vulmon.com/vendoradvisory?qidtp=red_hat_cve_database&qid=CVE-2015-9251

Trust: 0.1

title:Red Hat: Moderate: idm:DL1 and idm:client security, bug fix, and enhancement updateurl:https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories&qid=RHSA-20204670 - Security Advisory

Trust: 0.1

title:Red Hat: Moderate: ipa security, bug fix, and enhancement updateurl:https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories&qid=RHSA-20203936 - Security Advisory

Trust: 0.1

title:Red Hat: Moderate: pki-core:10.6 and pki-deps:10.6 security, bug fix, and enhancement updateurl:https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories&qid=RHSA-20204847 - Security Advisory

Trust: 0.1

title:IBM: IBM Security Bulletin: BigFix Platform 9.2.x affected by multiple vulnerabilities (CVE-2017-1231, CVE-2018-5407, CVE-2012-5883, CVE-2012-6708, CVE-2015-9251)url:https://vulmon.com/vendoradvisory?qidtp=ibm_psirt_blog&qid=3101664cb57ad9d937108c187df59ecf

Trust: 0.1

title:IBM: IBM Security Bulletin: BigFix Platform 9.5.x affected by multiple vulnerabilities (CVE-2019-4013, CVE-2018-5407, CVE-2012-5883, CVE-2012-6708, CVE-2015-9251)url:https://vulmon.com/vendoradvisory?qidtp=ibm_psirt_blog&qid=7dde8d528837d3c0eae28428fd6e703d

Trust: 0.1

title:Red Hat: Important: Red Hat JBoss Enterprise Application Platform 7.4.9 Security updateurl:https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories&qid=RHSA-20230556 - Security Advisory

Trust: 0.1

title:Red Hat: Important: Red Hat JBoss Enterprise Application Platform 7.4.9 Security updateurl:https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories&qid=RHSA-20230554 - Security Advisory

Trust: 0.1

title:Red Hat: Important: Red Hat Fuse 7.6.0 security updateurl:https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories&qid=RHSA-20200983 - Security Advisory

Trust: 0.1

title:Amazon Linux 2: ALASRUBY2.6-2023-007url:https://vulmon.com/vendoradvisory?qidtp=amazon_linux2&qid=ALASRUBY2.6-2023-007

Trust: 0.1

title:Amazon Linux AMI: ALAS-2020-1422url:https://vulmon.com/vendoradvisory?qidtp=amazon_linux_ami&qid=ALAS-2020-1422

Trust: 0.1

title:Arch Linux Advisories: [ASA-201910-5] ruby2.5: multiple issuesurl:https://vulmon.com/vendoradvisory?qidtp=arch_linux_advisories&qid=ASA-201910-5

Trust: 0.1

title:IBM: Security Bulletin: IBM QRadar SIEM is vulnerable to using components with known vulnerabilitiesurl:https://vulmon.com/vendoradvisory?qidtp=ibm_psirt_blog&qid=22fc4d0a2671b6a2b6b740928ccb3e85

Trust: 0.1

title:Amazon Linux 2: ALAS2-2020-1519url:https://vulmon.com/vendoradvisory?qidtp=amazon_linux2&qid=ALAS2-2020-1519

Trust: 0.1

title:Tenable Security Advisories: [R1] Nessus Network Monitor 5.11.0 Fixes Multiple Third-party Vulnerabilitiesurl:https://vulmon.com/vendoradvisory?qidtp=tenable_security_advisories&qid=TNS-2019-08

Trust: 0.1

title:Fortinet Security Advisories: FortiSwitch multiple XSS vulnerabilities in the jQuery libraryurl:https://vulmon.com/vendoradvisory?qidtp=fortinet_security_advisories&qid=FG-IR-18-013

Trust: 0.1

title:IBM: Security Bulletin: Multiple vulnerabilities in Spark affecting IBM QRadar User Behavior Analyticsurl:https://vulmon.com/vendoradvisory?qidtp=ibm_psirt_blog&qid=3823f1edcf270e724f22c0ef0da4007f

Trust: 0.1

title:IBM: Security Bulletin: Multiple vulnerability issues affect IBM Spectrum Conductor 2.5.0url:https://vulmon.com/vendoradvisory?qidtp=ibm_psirt_blog&qid=0bf006d622ea4a9435b282864e760566

Trust: 0.1

title:IBM: Security Bulletin: Multiple vulnerability issues affect IBM Spectrum Symphony 7.3.1url:https://vulmon.com/vendoradvisory?qidtp=ibm_psirt_blog&qid=c47c09015d1429df4a71453000607351

Trust: 0.1

title:IBM: IBM Security Bulletin: IBM Security Privileged Identity Manager is affected by multiple security vulnerabilitiesurl:https://vulmon.com/vendoradvisory?qidtp=ibm_psirt_blog&qid=8580d3cd770371e2ef0f68ca624b80b0

Trust: 0.1

title:Oracle: Oracle Critical Patch Update Advisory - January 2019url:https://vulmon.com/vendoradvisory?qidtp=oracle_advisories&qid=f655264a6935505d167bbf45f409a57b

Trust: 0.1

title:Oracle: Oracle Critical Patch Update Advisory - October 2018url:https://vulmon.com/vendoradvisory?qidtp=oracle_advisories&qid=81c63752a6f26433af2128b2e8c02385

Trust: 0.1

title:Oracle Solaris Third Party Bulletins: Oracle Solaris Third Party Bulletin - July 2018url:https://vulmon.com/vendoradvisory?qidtp=oracle_solaris_third_party_bulletins&qid=586e6062440cdd312211d748e028164e

Trust: 0.1

title: - url:https://github.com/astyn9/Vulnerable-jQuery-v1.12.2-library

Trust: 0.1

title:custom-okta-signin-widgeturl:https://github.com/cniesen/custom-okta-signin-widget

Trust: 0.1

title: - url:https://github.com/andrew-healey/canvas-lms-vuln

Trust: 0.1

title:sheepurl:https://github.com/flyher/sheep

Trust: 0.1

title:watchdogurl:https://github.com/flipkart-incubator/watchdog

Trust: 0.1

title:watchdogurl:https://github.com/rohankumardubey/watchdog

Trust: 0.1

title:oracle-vuln-crawlerurl:https://github.com/zema1/oracle-vuln-crawler

Trust: 0.1

sources: VULMON: CVE-2015-9251

EXTERNAL IDS

db:NVDid:CVE-2015-9251

Trust: 1.6

db:PACKETSTORMid:153237

Trust: 1.2

db:PACKETSTORMid:156743

Trust: 1.1

db:PACKETSTORMid:152787

Trust: 1.1

db:TENABLEid:TNS-2019-08

Trust: 1.1

db:ICS CERTid:ICSA-18-212-04

Trust: 1.1

db:PULSESECUREid:SA44601

Trust: 1.1

db:BIDid:105658

Trust: 1.1

db:PACKETSTORMid:170819

Trust: 0.2

db:PACKETSTORMid:159876

Trust: 0.2

db:PACKETSTORMid:156630

Trust: 0.2

db:PACKETSTORMid:156315

Trust: 0.1

db:PACKETSTORMid:159353

Trust: 0.1

db:PACKETSTORMid:170817

Trust: 0.1

db:PACKETSTORMid:170823

Trust: 0.1

db:PACKETSTORMid:159852

Trust: 0.1

db:PACKETSTORMid:170821

Trust: 0.1

db:PACKETSTORMid:156941

Trust: 0.1

db:CNNVDid:CNNVD-201801-798

Trust: 0.1

db:SEEBUGid:SSVID-98926

Trust: 0.1

db:VULHUBid:VHN-87212

Trust: 0.1

db:VULMONid:CVE-2015-9251

Trust: 0.1

sources: VULHUB: VHN-87212 // VULMON: CVE-2015-9251 // PACKETSTORM: 156630 // PACKETSTORM: 159876 // PACKETSTORM: 153237 // PACKETSTORM: 170819 // NVD: CVE-2015-9251

REFERENCES

url:https://github.com/jquery/jquery/issues/2432

Trust: 1.2

url:https://access.redhat.com/errata/rhsa-2020:0729

Trust: 1.2

url:http://www.securityfocus.com/bid/105658

Trust: 1.1

url:https://seclists.org/bugtraq/2019/may/18

Trust: 1.1

url:https://kb.pulsesecure.net/articles/pulse_security_advisories/sa44601

Trust: 1.1

url:https://security.netapp.com/advisory/ntap-20210108-0004/

Trust: 1.1

url:http://www.oracle.com/technetwork/security-advisory/cpuoct2018-4428296.html

Trust: 1.1

url:https://www.oracle.com/technetwork/security-advisory/cpujan2019-5072801.html

Trust: 1.1

url:https://www.tenable.com/security/tns-2019-08

Trust: 1.1

url:http://seclists.org/fulldisclosure/2019/may/13

Trust: 1.1

url:http://seclists.org/fulldisclosure/2019/may/11

Trust: 1.1

url:http://seclists.org/fulldisclosure/2019/may/10

Trust: 1.1

url:http://packetstormsecurity.com/files/152787/dotcms-5.1.1-vulnerable-dependencies.html

Trust: 1.1

url:http://packetstormsecurity.com/files/153237/retirejs-cors-issue-script-execution.html

Trust: 1.1

url:http://packetstormsecurity.com/files/156743/octobercms-insecure-dependencies.html

Trust: 1.1

url:https://github.com/jquery/jquery/commit/f60729f3903d17917dc351f3ac87794de379b0cc

Trust: 1.1

url:https://github.com/jquery/jquery/pull/2588

Trust: 1.1

url:https://github.com/jquery/jquery/pull/2588/commits/c254d308a7d3f1eac4d0b42837804cfffcba4bb2

Trust: 1.1

url:https://ics-cert.us-cert.gov/advisories/icsa-18-212-04

Trust: 1.1

url:https://snyk.io/vuln/npm:jquery:20150627

Trust: 1.1

url:https://sw.aveva.com/hubfs/assets-2018/pdf/security-bulletin/securitybulletin_lfsec126.pdf

Trust: 1.1

url:https://www.oracle.com/security-alerts/cpuapr2020.html

Trust: 1.1

url:https://www.oracle.com/security-alerts/cpujan2020.html

Trust: 1.1

url:https://www.oracle.com/security-alerts/cpujul2020.html

Trust: 1.1

url:https://www.oracle.com/security-alerts/cpuoct2020.html

Trust: 1.1

url:https://www.oracle.com/technetwork/security-advisory/cpuapr2019-5072813.html

Trust: 1.1

url:https://www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.html

Trust: 1.1

url:https://www.oracle.com/technetwork/security-advisory/cpuoct2019-5072832.html

Trust: 1.1

url:https://access.redhat.com/errata/rhsa-2020:0481

Trust: 1.1

url:http://lists.opensuse.org/opensuse-security-announce/2020-03/msg00041.html

Trust: 1.1

url:https://lists.apache.org/thread.html/10f0f3aefd51444d1198c65f44ffdf2d78ca3359423dbc1c168c9731%40%3cdev.flink.apache.org%3e

Trust: 1.0

url:https://lists.apache.org/thread.html/17ff53f7999e74fbe3cc0ceb4e1c3b00b180b7c5afec8e978837bc49%40%3cuser.flink.apache.org%3e

Trust: 1.0

url:https://lists.apache.org/thread.html/519eb0fd45642dcecd9ff74cb3e71c20a4753f7d82e2f07864b5108f%40%3cdev.drill.apache.org%3e

Trust: 1.0

url:https://lists.apache.org/thread.html/52bafac05ad174000ea465fe275fd3cc7bd5c25535a7631c0bc9bfb2%40%3cuser.flink.apache.org%3e

Trust: 1.0

url:https://lists.apache.org/thread.html/54df3aeb4239b64b50b356f0ca6f986e3c4ca5b84c515dce077c7854%40%3cuser.flink.apache.org%3e

Trust: 1.0

url:https://lists.apache.org/thread.html/b0656d359c7d40ec9f39c8cc61bca66802ef9a2a12ee199f5b0c1442%40%3cdev.drill.apache.org%3e

Trust: 1.0

url:https://lists.apache.org/thread.html/ba79cf1658741e9f146e4c59b50aee56656ea95d841d358d006c18b6%40%3ccommits.roller.apache.org%3e

Trust: 1.0

url:https://lists.apache.org/thread.html/f9bc3e55f4e28d1dcd1a69aae6d53e609a758e34d2869b4d798e13cc%40%3cissues.drill.apache.org%3e

Trust: 1.0

url:https://nvd.nist.gov/vuln/detail/cve-2015-9251

Trust: 0.4

url:https://access.redhat.com/security/cve/cve-2015-9251

Trust: 0.3

url:https://bugzilla.redhat.com/):

Trust: 0.3

url:https://access.redhat.com/security/team/contact/

Trust: 0.3

url:https://nvd.nist.gov/vuln/detail/cve-2019-11358

Trust: 0.3

url:https://www.redhat.com/mailman/listinfo/rhsa-announce

Trust: 0.2

url:https://access.redhat.com/security/updates/classification/#important

Trust: 0.2

url:https://access.redhat.com/security/cve/cve-2018-14042

Trust: 0.2

url:https://access.redhat.com/security/cve/cve-2019-8331

Trust: 0.2

url:https://access.redhat.com/security/cve/cve-2018-14040

Trust: 0.2

url:https://nvd.nist.gov/vuln/detail/cve-2018-14042

Trust: 0.2

url:https://access.redhat.com/articles/11258

Trust: 0.2

url:https://nvd.nist.gov/vuln/detail/cve-2020-11022

Trust: 0.2

url:https://access.redhat.com/security/cve/cve-2019-11358

Trust: 0.2

url:https://nvd.nist.gov/vuln/detail/cve-2016-10735

Trust: 0.2

url:https://nvd.nist.gov/vuln/detail/cve-2018-14040

Trust: 0.2

url:https://access.redhat.com/security/cve/cve-2020-11022

Trust: 0.2

url:https://access.redhat.com/security/team/key/

Trust: 0.2

url:https://access.redhat.com/security/cve/cve-2016-10735

Trust: 0.2

url:https://nvd.nist.gov/vuln/detail/cve-2019-8331

Trust: 0.2

url:https://lists.apache.org/thread.html/b0656d359c7d40ec9f39c8cc61bca66802ef9a2a12ee199f5b0c1442@%3cdev.drill.apache.org%3e

Trust: 0.1

url:https://lists.apache.org/thread.html/519eb0fd45642dcecd9ff74cb3e71c20a4753f7d82e2f07864b5108f@%3cdev.drill.apache.org%3e

Trust: 0.1

url:https://lists.apache.org/thread.html/f9bc3e55f4e28d1dcd1a69aae6d53e609a758e34d2869b4d798e13cc@%3cissues.drill.apache.org%3e

Trust: 0.1

url:https://lists.apache.org/thread.html/10f0f3aefd51444d1198c65f44ffdf2d78ca3359423dbc1c168c9731@%3cdev.flink.apache.org%3e

Trust: 0.1

url:https://lists.apache.org/thread.html/54df3aeb4239b64b50b356f0ca6f986e3c4ca5b84c515dce077c7854@%3cuser.flink.apache.org%3e

Trust: 0.1

url:https://lists.apache.org/thread.html/17ff53f7999e74fbe3cc0ceb4e1c3b00b180b7c5afec8e978837bc49@%3cuser.flink.apache.org%3e

Trust: 0.1

url:https://lists.apache.org/thread.html/52bafac05ad174000ea465fe275fd3cc7bd5c25535a7631c0bc9bfb2@%3cuser.flink.apache.org%3e

Trust: 0.1

url:https://lists.apache.org/thread.html/ba79cf1658741e9f146e4c59b50aee56656ea95d841d358d006c18b6@%3ccommits.roller.apache.org%3e

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2019-16335

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2019-14892

Trust: 0.1

url:https://access.redhat.com/documentation/en-us/red_hat_data_grid/7.3/html-single/red_hat_data_grid_7.3_release_notes/index

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2019-14892

Trust: 0.1

url:https://access.redhat.com/jbossnetwork/restricted/softwaredetail.html?softwareidp381&product\xdata.grid&version=7.3&downloadtype=patches

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2019-14893

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2019-14893

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2019-16335

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2019-14888

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2019-14888

Trust: 0.1

url:https://access.redhat.com/documentation/en-us/red_hat_enterprise_linux/8/html/8.3_release_notes/

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2020-1722

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2018-20676

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2020-1722

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2018-20676

Trust: 0.1

url:https://access.redhat.com/security/updates/classification/#moderate

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2018-20677

Trust: 0.1

url:https://access.redhat.com/errata/rhsa-2020:4670

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2018-20677

Trust: 0.1

url:https://blog.jquery.com/2019/04/10/jquery-3-4-0-released/

Trust: 0.1

url:https://github.com/dojo/dojo/pull/307

Trust: 0.1

url:http://bugs.jquery.com/ticket/11290

Trust: 0.1

url:http://secureli.com/retirejs-vulnerabilities-identified-with-retirejs/

Trust: 0.1

url:https://dojotoolkit.org/blog/dojo-1-14-released

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2012-6708

Trust: 0.1

url:http://research.insecurelabs.org/jquery/test/

Trust: 0.1

url:http://github.com/eoftedal/retire.js/

Trust: 0.1

url:https://bugs.jquery.com/ticket/11974

Trust: 0.1

url:https://github.com/jquery/jquery/commit/753d591aea698e57d6db58c9f722cd0808619b1b

Trust: 0.1

url:http://blog.jquery.com/2016/01/08/jquery-2-2-and-1-12-released/

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2020-11023

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2022-40150

Trust: 0.1

url:https://access.redhat.com/errata/rhsa-2023:0554

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2022-3143

Trust: 0.1

url:https://access.redhat.com/documentation/en-us/red_hat_jboss_enterprise_application_platform/7.4/

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2022-42003

Trust: 0.1

url:https://access.redhat.com/documentation/en-us/red_hat_jboss_enterprise_application_platform/7.4/html-single/installation_guide/

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2022-42004

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2018-14041

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2022-40150

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2022-45047

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2017-18214

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2022-40152

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2022-40149

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2022-40149

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2020-11023

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2022-40152

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2018-14041

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2017-18214

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2022-45693

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2022-46364

Trust: 0.1

url:https://issues.jboss.org/):

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2022-3143

Trust: 0.1

url:https://listman.redhat.com/mailman/listinfo/rhsa-announce

Trust: 0.1

sources: VULHUB: VHN-87212 // PACKETSTORM: 156630 // PACKETSTORM: 159876 // PACKETSTORM: 153237 // PACKETSTORM: 170819 // NVD: CVE-2015-9251

CREDITS

Red Hat

Trust: 0.3

sources: PACKETSTORM: 156630 // PACKETSTORM: 159876 // PACKETSTORM: 170819

SOURCES

db:VULHUBid:VHN-87212
db:VULMONid:CVE-2015-9251
db:PACKETSTORMid:156630
db:PACKETSTORMid:159876
db:PACKETSTORMid:153237
db:PACKETSTORMid:170819
db:NVDid:CVE-2015-9251

LAST UPDATE DATE

2024-11-07T21:21:29.735000+00:00


SOURCES UPDATE DATE

db:VULHUBid:VHN-87212date:2021-01-08T00:00:00
db:VULMONid:CVE-2015-9251date:2023-11-07T00:00:00
db:NVDid:CVE-2015-9251date:2023-11-07T02:28:57.737

SOURCES RELEASE DATE

db:VULHUBid:VHN-87212date:2018-01-18T00:00:00
db:VULMONid:CVE-2015-9251date:2018-01-18T00:00:00
db:PACKETSTORMid:156630date:2020-03-05T14:42:33
db:PACKETSTORMid:159876date:2020-11-04T15:32:52
db:PACKETSTORMid:153237date:2019-06-07T16:22:22
db:PACKETSTORMid:170819date:2023-01-31T17:19:24
db:NVDid:CVE-2015-9251date:2018-01-18T23:29:00.307