Note:
This project will be discontinued after December 13, 2021. [more]
Product:
Jboss_enterprise_application_platform
(Redhat)| Repositories |
• https://github.com/FasterXML/jackson-databind
• https://github.com/bcgit/bc-java • https://github.com/qos-ch/slf4j • https://github.com/apache/cxf • https://github.com/dom4j/dom4j |
| #Vulnerabilities | 230 |
| Date | Id | Summary | Products | Score | Patch | Annotated |
|---|---|---|---|---|---|---|
| 2014-02-26 | CVE-2014-0058 | The security audit functionality in Red Hat JBoss Enterprise Application Platform (EAP) 6.x before 6.2.1 logs request parameters in plaintext, which might allow local users to obtain passwords by reading the log files. | Jboss_enterprise_application_platform | N/A | ||
| 2014-02-14 | CVE-2014-0018 | Red Hat JBoss Enterprise Application Platform (JBEAP) 6.2.0 and JBoss WildFly Application Server, when run under a security manager, do not properly restrict access to the Modular Service Container (MSC) service registry, which allows local users to modify the server via a crafted deployment. | Jboss_enterprise_application_platform, Jboss_wildfly_application_server | N/A | ||
| 2015-02-20 | CVE-2014-0005 | PicketBox and JBossSX, as used in Red Hat JBoss Enterprise Application Platform (JBEAP) 6.2.2 and JBoss BRMS before 6.0.3 roll up patch 2, allows remote authenticated users to read and modify the application sever configuration and state by deploying a crafted application. | Jboss_enterprise_application_platform, Jboss_enterprise_brms_platform | N/A | ||
| 2013-08-16 | CVE-2013-4213 | Red Hat JBoss Enterprise Application Platform (EAP) 6.1.0 does not properly cache EJB invocations by the EJB client API, which allows remote attackers to hijack sessions by using an EJB client. | Jboss_enterprise_application_platform | N/A | ||
| 2013-10-01 | CVE-2013-4210 | The org.jboss.remoting.transport.socket.ServerThread class in Red Hat JBoss Remoting for Red Hat JBoss SOA Platform 5.3.1 GA, Web Platform 5.2.0, Enterprise Application Platform 5.2.0, and other products allows remote attackers to cause a denial of service (file descriptor consumption) via unspecified vectors. | Jboss_enterprise_application_platform, Jboss_enterprise_brms_platform, Jboss_enterprise_soa_platform, Jboss_enterprise_web_platform | N/A | ||
| 2013-08-16 | CVE-2013-4128 | Red Hat JBoss Enterprise Application Platform (EAP) 6.1.0 does not properly cache EJB invocations by remote-naming, which allows remote attackers to hijack sessions by using a remoting client. | Jboss_enterprise_application_platform | N/A | ||
| 2013-09-28 | CVE-2013-4112 | The DiagnosticsHandler in JGroup 3.0.x, 3.1.x, 3.2.x before 3.2.9, and 3.3.x before 3.3.3 allows remote attackers to obtain sensitive information (diagnostic information) and execute arbitrary code by reusing valid credentials. | Jgroup, Jboss_enterprise_application_platform | N/A | ||
| 2013-12-06 | CVE-2013-2133 | The EJB invocation handler implementation in Red Hat JBossWS, as used in JBoss Enterprise Application Platform (EAP) before 6.2.0, does not properly enforce the method level restrictions for JAX-WS Service endpoints, which allows remote authenticated users to access otherwise restricted JAX-WS handlers by leveraging permissions to the EJB class. | Enterprise_linux, Jboss_enterprise_application_platform | N/A | ||
| 2013-09-28 | CVE-2013-1921 | PicketBox, as used in Red Hat JBoss Enterprise Application Platform before 6.1.1, allows local users to obtain the admin encryption key by reading the Vault data file. | Jboss_enterprise_application_platform | N/A | ||
| 2013-02-05 | CVE-2013-0218 | The GUI installer in JBoss Enterprise Application Platform (EAP) and Enterprise Web Platform (EWP) 5.2.0 and possibly 5.1.2 uses world-readable permissions for the auto-install XML file, which allows local users to obtain the administrator password and the sucker password by reading this file. | Jboss_enterprise_application_platform, Jboss_enterprise_web_platform | N/A |