Filtered by vendor Redhat
Subscriptions
Filtered by product Jboss Community Application Server
Subscriptions
Total
3 CVE
CVE | Vendors | Products | Updated | CVSS v3.1 |
---|---|---|---|---|
CVE-2012-4529 | 1 Redhat | 3 Jboss Community Application Server, Jboss Enterprise Application Platform, Jboss Enterprise Portal Platform | 2024-11-21 | N/A |
The org.apache.catalina.connector.Response.encodeURL method in Red Hat JBoss Web 7.1.x and earlier, when the tracking mode is set to COOKIE, sends the jsessionid in the URL of the first response of a session, which allows remote attackers to obtain the session id (1) via a man-in-the-middle attack or (2) by reading a log. | ||||
CVE-2012-2148 | 2 Linux, Redhat | 3 Linux Kernel, Jboss Community Application Server, Jboss Enterprise Web Server | 2024-11-21 | 3.3 Low |
An issue exists in the property replacements feature in any descriptor in JBoxx AS 7.1.1 ignores java security policies | ||||
CVE-2009-5066 | 1 Redhat | 5 Jboss Community Application Server, Jboss Enterprise Application Platform, Jboss Enterprise Brms Platform and 2 more | 2024-11-21 | N/A |
twiddle.sh in JBoss AS 5.0 and EAP 5.0 and earlier accepts credentials as command-line arguments, which allows local users to read the credentials by listing the process and its arguments. |
Page 1 of 1.