Red Hat JBoss Operations Network is a middleware management solution that
provides a single point of control to deploy, manage, and monitor JBoss
Enterprise Middleware, applications, and services.

Apache Struts is a framework for building web applications with Java.

It was found that the Struts 1 ActionForm object allowed access to the
‘class’ parameter, which is directly mapped to the getClass() method. A
remote attacker could use this flaw to manipulate the ClassLoader used by
an application server running Struts 1. This could lead to remote code
execution under certain conditions. (CVE-2014-0114)

It was found that when JBoss Web processed a series of HTTP requests in
which at least one request contained either multiple content-length
headers, or one content-length header with a chunked transfer-encoding
header, JBoss Web would incorrectly handle the request. A remote attacker
could use this flaw to poison a web cache, perform cross-site scripting
(XSS) attacks, or obtain sensitive information from other requests.
(CVE-2013-4286)

All users of JBoss Operations Network 3.2.1 as provided from the Red Hat
Customer Portal are advised to apply this update.

redhat 15

ibm 70

openvas 22

nessus 24

debian 2

securityvulns 6

cvelist 3

nvd 6

ubuntucve 2

suse 1

fedora 2