Note:
This project will be discontinued after December 13, 2021. [more]
Product:
Jboss_enterprise_application_platform
(Redhat)Repositories |
• https://github.com/FasterXML/jackson-databind
• https://github.com/qos-ch/slf4j • https://github.com/bcgit/bc-java • https://github.com/apache/cxf • https://github.com/dom4j/dom4j |
#Vulnerabilities | 223 |
Date | Id | Summary | Products | Score | Patch | Annotated |
---|---|---|---|---|---|---|
2020-01-23 | CVE-2012-5626 | EJB method in Red Hat JBoss BRMS 5; Red Hat JBoss Enterprise Application Platform 5; Red Hat JBoss Operations Network 3.1; Red Hat JBoss Portal 4 and 5; Red Hat JBoss SOA Platform 4.2, 4.3, and 5; in Red Hat JBoss Enterprise Web Server 1 ignores roles specified using the @RunAs annotation. | Jboss_brms, Jboss_enterprise_application_platform, Jboss_enterprise_web_server, Jboss_operations_network, Jboss_portal, Jboss_soa_platform | N/A | ||
2020-01-07 | CVE-2019-14843 | A flaw was found in Wildfly Security Manager, running under JDK 11 or 8, that authorized requests for any requester. This flaw could be used by a malicious app deployed on the app server to access unauthorized information and possibly conduct further attacks. Versions shipped with Red Hat Jboss EAP 7 and Red Hat SSO 7 are vulnerable to this issue. | Jboss_enterprise_application_platform, Single_sign\-On | N/A | ||
2020-01-02 | CVE-2014-0169 | In JBoss EAP 6 a security domain is configured to use a cache that is shared between all applications that are in the security domain. This could allow an authenticated user in one application to access protected resources in another application without proper authorization. Although this is an intended functionality, it was not clearly documented which can mislead users into thinking that a security domain cache is isolated to a single application. | Jboss_enterprise_application_platform | N/A | ||
2019-12-18 | CVE-2012-2312 | An Elevated Privileges issue exists in JBoss AS 7 Community Release due to the improper implementation in the security context propagation, A threat gets reused from the thread pool that still retains the security context from the process last used, which lets a local user obtain elevated privileges. | Jboss_application_server, Jboss_enterprise_application_platform | N/A | ||
2019-12-11 | CVE-2013-6495 | JBossWeb Bayeux has reflected XSS | Jboss_enterprise_application_platform, Jboss_portal | N/A | ||
2018-02-15 | CVE-2018-1041 | A vulnerability was found in the way RemoteMessageChannel, introduced in jboss-remoting versions 3.3.10, reads from an empty buffer. An attacker could use this flaw to cause denial of service via high CPU caused by an infinite loop. | Jboss\-Remoting, Jboss_enterprise_application_platform | 7.5 | ||
2017-05-19 | CVE-2017-7504 | HTTPServerILServlet.java in JMS over HTTP Invocation Layer of the JbossMQ implementation, which is enabled by default in Red Hat Jboss Application Server <= Jboss 4.X does not restrict the classes for which it performs deserialization, which allows remote attackers to execute arbitrary code via crafted serialized data. | Jboss_enterprise_application_platform | 9.8 | ||
2018-07-27 | CVE-2017-2670 | It was found in Undertow before 1.3.28 that with non-clean TCP close, the Websocket server gets into infinite loop on every IO thread, effectively causing DoS. | Debian_linux, Jboss_enterprise_application_platform, Undertow | 7.5 | ||
2018-07-27 | CVE-2017-2666 | It was discovered in Undertow that the code that parsed the HTTP request line permitted invalid characters. This could be exploited, in conjunction with a proxy that also permitted the invalid characters but with a different interpretation, to inject data into the HTTP response. By manipulating the HTTP response the attacker could poison a web-cache, perform an XSS attack, or obtain sensitive information from requests other than their own. | Debian_linux, Jboss_enterprise_application_platform, Undertow | 6.5 | ||
2018-07-27 | CVE-2017-2595 | It was found that the log file viewer in Red Hat JBoss Enterprise Application 6 and 7 allows arbitrary file read to authenticated user via path traversal. | Jboss_enterprise_application_platform | 6.5 |