ReportizFlow
Filtered by vendor Redhat
Subscriptions
Filtered by product Jboss Enterprise Application Platform
Subscriptions
Total
562 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2017-12174 | 2 Apache, Redhat | 5 Activemq Artemis, Enterprise Linux, Hornetq and 2 more | 2024-11-21 | 7.5 High |
| It was found that when Artemis and HornetQ before 2.4.0 are configured with UDP discovery and JGroups discovery a huge byte array is created when receiving an unexpected multicast message. This may result in a heap memory exhaustion, full GC, or OutOfMemoryError. | ||||
| CVE-2017-12167 | 1 Redhat | 2 Enterprise Linux, Jboss Enterprise Application Platform | 2024-11-21 | N/A |
| It was found in EAP 7 before 7.0.9 that properties based files of the management and the application realm configuration that contain user to role mapping are world readable allowing access to users and roles information to all the users logged in to the system. | ||||
| CVE-2017-12165 | 1 Redhat | 4 Jboss Amq, Jboss Enterprise Application Platform, Jboss Fuse and 1 more | 2024-11-21 | N/A |
| It was discovered that Undertow before 1.4.17, 1.3.31 and 2.0.0 processes http request headers with unusual whitespaces which can cause possible http request smuggling. | ||||
| CVE-2016-9606 | 1 Redhat | 4 Jboss Bpms, Jboss Enterprise Application Platform, Jboss Enterprise Brms Platform and 1 more | 2024-11-21 | N/A |
| JBoss RESTEasy before version 3.1.2 could be forced into parsing a request with YamlProvider, resulting in unmarshalling of potentially untrusted data which could allow an attacker to execute arbitrary code with RESTEasy application permissions. | ||||
| CVE-2016-9589 | 1 Redhat | 4 Jboss Enterprise Application Platform, Jboss Single Sign On, Jboss Wildfly Application Server and 1 more | 2024-11-21 | N/A |
| Undertow in Red Hat wildfly before version 11.0.0.Beta1 is vulnerable to a resource exhaustion resulting in a denial of service. Undertow keeps a cache of seen HTTP headers in persistent connections. It was found that this cache can easily exploited to fill memory with garbage, up to "max-headers" (default 200) * "max-header-size" (default 1MB) per active TCP connection. | ||||
| CVE-2016-9585 | 1 Redhat | 1 Jboss Enterprise Application Platform | 2024-11-21 | N/A |
| Red Hat JBoss EAP version 5 is vulnerable to a deserialization of untrusted data in the JMX endpoint when deserializes the credentials passed to it. An attacker could exploit this vulnerability resulting in a denial of service attack. | ||||
| CVE-2016-8657 | 1 Redhat | 2 Enterprise Linux, Jboss Enterprise Application Platform | 2024-11-21 | N/A |
| It was discovered that EAP packages in certain versions of Red Hat Enterprise Linux use incorrect permissions for /etc/sysconfig/jbossas configuration files. The file is writable to jboss group (root:jboss, 664). On systems using classic /etc/init.d init scripts (i.e. on Red Hat Enterprise Linux 6 and earlier), the file is sourced by the jboss init script and its content executed with root privileges when jboss service is started, stopped, or restarted. | ||||
| CVE-2016-8656 | 1 Redhat | 1 Jboss Enterprise Application Platform | 2024-11-21 | N/A |
| Jboss jbossas before versions 5.2.0-23, 6.4.13, 7.0.5 is vulnerable to an unsafe file handling in the jboss init script which could result in local privilege escalation. | ||||
| CVE-2016-8627 | 1 Redhat | 2 Jboss Enterprise Application Platform, Keycloak | 2024-11-21 | N/A |
| admin-cli before versions 3.0.0.alpha25, 2.2.1.cr2 is vulnerable to an EAP feature to download server log files that allows logs to be available via GET requests making them vulnerable to cross-origin attacks. An attacker could trigger the user's browser to request the log files consuming enough resources that normal server functioning could be impaired. | ||||
| CVE-2016-7066 | 1 Redhat | 1 Jboss Enterprise Application Platform | 2024-11-21 | N/A |
| It was found that the improper default permissions on /tmp/auth directory in JBoss Enterprise Application Platform before 7.1.0 can allow any local user to connect to CLI and allow the user to execute any arbitrary operations. | ||||
| CVE-2016-7061 | 1 Redhat | 2 Enterprise Linux, Jboss Enterprise Application Platform | 2024-11-21 | N/A |
| An information disclosure vulnerability was found in JBoss Enterprise Application Platform before 7.0.4. It was discovered that when configuring RBAC and marking information as sensitive, users with a Monitor role are able to view the sensitive information. | ||||
| CVE-2016-10735 | 2 Getbootstrap, Redhat | 9 Bootstrap, Cloudforms Managementengine, Enterprise Linux and 6 more | 2024-11-21 | N/A |
| In Bootstrap 3.x before 3.4.0 and 4.x-beta before 4.0.0-beta.2, XSS is possible in the data-target attribute, a different vulnerability than CVE-2018-14041. | ||||
| CVE-2015-9251 | 3 Jquery, Oracle, Redhat | 51 Jquery, Agile Product Lifecycle Management For Process, Banking Platform and 48 more | 2024-11-21 | N/A |
| jQuery before 3.0.0 is vulnerable to Cross-site Scripting (XSS) attacks when a cross-domain Ajax request is performed without the dataType option, causing text/javascript responses to be executed. | ||||
| CVE-2014-0169 | 1 Redhat | 1 Jboss Enterprise Application Platform | 2024-11-21 | 6.5 Medium |
| In JBoss EAP 6 a security domain is configured to use a cache that is shared between all applications that are in the security domain. This could allow an authenticated user in one application to access protected resources in another application without proper authorization. Although this is an intended functionality, it was not clearly documented which can mislead users into thinking that a security domain cache is isolated to a single application. | ||||
| CVE-2013-6495 | 1 Redhat | 3 Jboss Enterprise Application Platform, Jboss Enterprise Portal Platform, Jboss Portal | 2024-11-21 | 6.1 Medium |
| JBossWeb Bayeux has reflected XSS | ||||
| CVE-2012-5626 | 1 Redhat | 6 Jboss Brms, Jboss Enterprise Application Platform, Jboss Enterprise Web Server and 3 more | 2024-11-21 | 7.5 High |
| EJB method in Red Hat JBoss BRMS 5; Red Hat JBoss Enterprise Application Platform 5; Red Hat JBoss Operations Network 3.1; Red Hat JBoss Portal 4 and 5; Red Hat JBoss SOA Platform 4.2, 4.3, and 5; in Red Hat JBoss Enterprise Web Server 1 ignores roles specified using the @RunAs annotation. | ||||
| CVE-2012-2312 | 1 Redhat | 2 Jboss Application Server, Jboss Enterprise Application Platform | 2024-11-21 | 7.8 High |
| An Elevated Privileges issue exists in JBoss AS 7 Community Release due to the improper implementation in the security context propagation, A threat gets reused from the thread pool that still retains the security context from the process last used, which lets a local user obtain elevated privileges. | ||||
| CVE-2011-2487 | 2 Apache, Redhat | 12 Cxf, Wss4j, Jboss Business Rules Management System and 9 more | 2024-11-21 | 5.9 Medium |
| The implementations of PKCS#1 v1.5 key transport mechanism for XMLEncryption in JBossWS and Apache WSS4J before 1.6.5 is susceptible to a Bleichenbacher attack. | ||||
| CVE-2024-47535 | 2 Netty, Redhat | 4 Netty, Amq Streams, Jboss Enterprise Application Platform and 1 more | 2024-11-13 | 5.5 Medium |
| Netty is an asynchronous event-driven network application framework for rapid development of maintainable high performance protocol servers & clients. An unsafe reading of environment file could potentially cause a denial of service in Netty. When loaded on an Windows application, Netty attempts to load a file that does not exist. If an attacker creates such a large file, the Netty application crashes. This vulnerability is fixed in 4.1.115. | ||||
| CVE-2023-1973 | 1 Redhat | 2 Jboss Enterprise Application Platform, Jboss Enterprise Application Platform Eus | 2024-11-08 | 7.5 High |
| A flaw was found in Undertow package. Using the FormAuthenticationMechanism, a malicious user could trigger a Denial of Service by sending crafted requests, leading the server to an OutofMemory error, exhausting the server's memory. | ||||