Product:

Jboss_enterprise_application_platform

(Redhat)
Repositories https://github.com/FasterXML/jackson-databind
https://github.com/qos-ch/slf4j
https://github.com/bcgit/bc-java
https://github.com/apache/cxf
https://github.com/dom4j/dom4j
#Vulnerabilities 223
Date Id Summary Products Score Patch Annotated
2018-04-18 CVE-2017-12196 undertow before versions 1.4.18.SP1, 2.0.2.Final, 1.4.24.Final was found vulnerable when using Digest authentication, the server does not ensure that the value of URI in the Authorization header matches the URI in HTTP request line. This allows the attacker to cause a MITM attack and access the desired content on the server. Jboss_enterprise_application_platform, Jboss_fuse, Undertow, Virtualization 5.9
2018-01-10 CVE-2017-12189 It was discovered that the jboss init script as used in Red Hat JBoss Enterprise Application Platform 7.0.7.GA performed unsafe file handling which could result in local privilege escalation. This issue is a result of an incomplete fix for CVE-2016-8656. Enterprise_linux, Jboss_enterprise_application_platform 7.8
2018-07-26 CVE-2017-12167 It was found in EAP 7 before 7.0.9 that properties based files of the management and the application realm configuration that contain user to role mapping are world readable allowing access to users and roles information to all the users logged in to the system. Jboss_enterprise_application_platform 5.5
2018-07-27 CVE-2017-12165 It was discovered that Undertow before 1.4.17, 1.3.31 and 2.0.0 processes http request headers with unusual whitespaces which can cause possible http request smuggling. Jboss_enterprise_application_platform, Undertow 7.5
2018-03-09 CVE-2016-9585 Red Hat JBoss EAP version 5 is vulnerable to a deserialization of untrusted data in the JMX endpoint when deserializes the credentials passed to it. An attacker could exploit this vulnerability resulting in a denial of service attack. Jboss_enterprise_application_platform 5.3
2013-07-29 CVE-2011-1483 wsf/common/DOMUtils.java in JBossWS Native in Red Hat JBoss Enterprise Application Platform 4.2.0.CP09, 4.3, and 5.1.1; JBoss Enterprise Portal Platform 4.3.CP06 and 5.1.1; JBoss Enterprise SOA Platform 4.2.CP05, 4.3.CP05, and 5.1.0; JBoss Communications Platform 1.2.11 and 5.1.1; JBoss Enterprise BRMS Platform 5.1.0; and JBoss Enterprise Web Platform 5.1.1 does not properly handle recursion during entity expansion, which allows remote attackers to cause a denial of service (memory and CPU... Network_node_manager_i, Jboss_communications_platform, Jboss_enterprise_application_platform, Jboss_enterprise_brms_platform, Jboss_enterprise_portal_platform, Jboss_enterprise_soa_platform, Jboss_enterprise_web_platform N/A
2017-09-13 CVE-2017-7561 Red Hat JBoss EAP version 3.0.7 through before 4.0.0.Beta1 is vulnerable to a server-side cache poisoning or CORS requests in the JAX-RS component resulting in a moderate impact. Jboss_enterprise_application_platform 7.5
2019-06-12 CVE-2019-3873 It was found that Picketlink as shipped with Jboss Enterprise Application Platform 7.2 would accept an xinclude parameter in SAMLresponse XML. An attacker could use this flaw to send a URL to achieve cross-site scripting or possibly conduct further attacks. Jboss_enterprise_application_platform, Single_sign\-On 9.0
2019-06-12 CVE-2019-3872 It was found that a SAMLRequest containing a script could be processed by Picketlink versions shipped in Jboss Application Platform 7.2.x and 7.1.x. An attacker could use this to send a malicious script to achieve cross-site scripting and obtain unauthorized information or conduct further attacks. Jboss_enterprise_application_platform, Single_sign\-On 5.4
2019-03-27 CVE-2018-10934 A cross-site scripting (XSS) vulnerability was found in the JBoss Management Console versions before 7.1.6.CR1, 7.1.6.GA. Users with roles that can create objects in the application can exploit this to attack other privileged users. Jboss_enterprise_application_platform, Single_sign\-On 5.4