Product:

Jboss_enterprise_application_platform

(Redhat)
Repositories https://github.com/FasterXML/jackson-databind
https://github.com/qos-ch/slf4j
https://github.com/bcgit/bc-java
https://github.com/apache/cxf
https://github.com/dom4j/dom4j
#Vulnerabilities 223
Date Id Summary Products Score Patch Annotated
2018-07-26 CVE-2017-12167 It was found in EAP 7 before 7.0.9 that properties based files of the management and the application realm configuration that contain user to role mapping are world readable allowing access to users and roles information to all the users logged in to the system. Jboss_enterprise_application_platform 5.5
2018-07-27 CVE-2017-12165 It was discovered that Undertow before 1.4.17, 1.3.31 and 2.0.0 processes http request headers with unusual whitespaces which can cause possible http request smuggling. Jboss_enterprise_application_platform, Undertow 7.5
2018-03-09 CVE-2016-9585 Red Hat JBoss EAP version 5 is vulnerable to a deserialization of untrusted data in the JMX endpoint when deserializes the credentials passed to it. An attacker could exploit this vulnerability resulting in a denial of service attack. Jboss_enterprise_application_platform 5.3
2013-07-29 CVE-2011-1483 wsf/common/DOMUtils.java in JBossWS Native in Red Hat JBoss Enterprise Application Platform 4.2.0.CP09, 4.3, and 5.1.1; JBoss Enterprise Portal Platform 4.3.CP06 and 5.1.1; JBoss Enterprise SOA Platform 4.2.CP05, 4.3.CP05, and 5.1.0; JBoss Communications Platform 1.2.11 and 5.1.1; JBoss Enterprise BRMS Platform 5.1.0; and JBoss Enterprise Web Platform 5.1.1 does not properly handle recursion during entity expansion, which allows remote attackers to cause a denial of service (memory and CPU... Network_node_manager_i, Jboss_communications_platform, Jboss_enterprise_application_platform, Jboss_enterprise_brms_platform, Jboss_enterprise_portal_platform, Jboss_enterprise_soa_platform, Jboss_enterprise_web_platform N/A
2017-09-13 CVE-2017-7561 Red Hat JBoss EAP version 3.0.7 through before 4.0.0.Beta1 is vulnerable to a server-side cache poisoning or CORS requests in the JAX-RS component resulting in a moderate impact. Jboss_enterprise_application_platform 7.5
2019-06-12 CVE-2019-3873 It was found that Picketlink as shipped with Jboss Enterprise Application Platform 7.2 would accept an xinclude parameter in SAMLresponse XML. An attacker could use this flaw to send a URL to achieve cross-site scripting or possibly conduct further attacks. Jboss_enterprise_application_platform, Single_sign\-On 9.0
2019-06-12 CVE-2019-3872 It was found that a SAMLRequest containing a script could be processed by Picketlink versions shipped in Jboss Application Platform 7.2.x and 7.1.x. An attacker could use this to send a malicious script to achieve cross-site scripting and obtain unauthorized information or conduct further attacks. Jboss_enterprise_application_platform, Single_sign\-On 5.4
2019-03-27 CVE-2018-10934 A cross-site scripting (XSS) vulnerability was found in the JBoss Management Console versions before 7.1.6.CR1, 7.1.6.GA. Users with roles that can create objects in the application can exploit this to attack other privileged users. Jboss_enterprise_application_platform, Single_sign\-On 5.4
2018-07-27 CVE-2018-10862 WildFly Core before version 6.0.0.Alpha3 does not properly validate file paths in .war archives, allowing for the extraction of crafted .war archives to overwrite arbitrary files. This is an instance of the 'Zip Slip' vulnerability. Jboss_enterprise_application_platform, Virtualization, Wildfly_core 5.5
2017-05-18 CVE-2017-7503 It was found that the Red Hat JBoss EAP 7.0.5 implementation of javax.xml.transform.TransformerFactory is vulnerable to XXE. An attacker could use this flaw to launch DoS or SSRF attacks, or read files from the server where EAP is deployed. Jboss_enterprise_application_platform 9.8