Product:

Jboss_enterprise_application_platform

(Redhat)
Repositories https://github.com/FasterXML/jackson-databind
https://github.com/qos-ch/slf4j
https://github.com/bcgit/bc-java
https://github.com/apache/cxf
https://github.com/dom4j/dom4j
#Vulnerabilities 223
Date Id Summary Products Score Patch Annotated
2016-09-26 CVE-2016-5406 The domain controller in Red Hat JBoss Enterprise Application Platform (EAP) 7.x before 7.0.2 allows remote authenticated users to gain privileges by leveraging failure to propagate administrative RBAC configuration to all slaves. Jboss_enterprise_application_platform 8.8
2016-09-26 CVE-2016-4993 CRLF injection vulnerability in the Undertow web server in WildFly 10.0.0, as used in Red Hat JBoss Enterprise Application Platform (EAP) 7.x before 7.0.2, allows remote attackers to inject arbitrary HTTP headers and conduct HTTP response splitting attacks via unspecified vectors. Jboss_enterprise_application_platform, Jboss_wildfly_application_server 6.1
2017-06-08 CVE-2016-3690 The PooledInvokerServlet in JBoss EAP 4.x and 5.x allows remote attackers to execute arbitrary code via a crafted serialized payload. Jboss_enterprise_application_platform 9.8
2015-12-16 CVE-2015-5304 Red Hat JBoss Enterprise Application Platform (EAP) before 6.4.5 does not properly authorize access to shut down the server, which allows remote authenticated users with the Monitor, Deployer, or Auditor role to cause a denial of service via unspecified vectors. Jboss_enterprise_application_platform N/A
2017-09-19 CVE-2015-1849 AdvancedLdapLodinMogule in Red Hat JBoss Enterprise Application Platform (EAP) before 6.4.1 allows attackers to obtain sensitive information via vectors involving logging the LDAP bind credential password when TRACE logging is enabled. Jboss_enterprise_application_platform 5.9
2015-02-13 CVE-2014-7853 The JBoss Application Server (WildFly) JacORB subsystem in Red Hat JBoss Enterprise Application Platform (EAP) before 6.3.3 does not properly assign socket-binding-ref sensitivity classification to the security-domain attribute, which allows remote authenticated users to obtain sensitive information by leveraging access to the security-domain attribute. Jboss_enterprise_application_platform, Jboss_operations_network N/A
2015-02-13 CVE-2014-7849 The Role Based Access Control (RBAC) implementation in JBoss Enterprise Application Platform (EAP) 6.2.0 through 6.3.2 does not properly verify authorization conditions, which allows remote authenticated users to add, modify, and undefine otherwise restricted attributes by leveraging the Maintainer role. Jboss_enterprise_application_platform N/A
2015-02-13 CVE-2014-7827 The org.jboss.security.plugins.mapping.JBossMappingManager implementation in JBoss Security in Red Hat JBoss Enterprise Application Platform (EAP) before 6.3.3 uses the default security domain when a security domain is undefined, which allows remote authenticated users to bypass intended access restrictions by leveraging credentials on the default domain for a role that is also on the application domain. Jboss_enterprise_application_platform N/A
2015-04-21 CVE-2014-3586 The default configuration for the Command Line Interface in Red Hat Enterprise Application Platform before 6.4.0 and WildFly (formerly JBoss Application Server) uses weak permissions for .jboss-cli-history, which allows local users to obtain sensitive information via unspecified vectors. Jboss_enterprise_application_platform N/A
2014-07-22 CVE-2014-3518 jmx-remoting.sar in JBoss Remoting, as used in Red Hat JBoss Enterprise Application Platform (JEAP) 5.2.0, Red Hat JBoss BRMS 5.3.1, Red Hat JBoss Portal Platform 5.2.2, and Red Hat JBoss SOA Platform 5.3.1, does not properly implement the JSR 160 specification, which allows remote attackers to execute arbitrary code via unspecified vectors. Jboss_enterprise_application_platform, Jboss_enterprise_brms_platform, Jboss_enterprise_portal_platform, Jboss_enterprise_soa_platform N/A