Note:
This project will be discontinued after December 13, 2021. [more]
Product:
Jboss_enterprise_application_platform
(Redhat)| Repositories |
• https://github.com/FasterXML/jackson-databind
• https://github.com/bcgit/bc-java • https://github.com/qos-ch/slf4j • https://github.com/apache/cxf • https://github.com/dom4j/dom4j |
| #Vulnerabilities | 230 |
| Date | Id | Summary | Products | Score | Patch | Annotated |
|---|---|---|---|---|---|---|
| 2018-07-26 | CVE-2017-2582 | It was found that while parsing the SAML messages the StaxParserUtil class of keycloak before 2.5.1 replaces special strings for obtaining attribute values with system property. This could allow an attacker to determine values of system properties at the attacked system by formatting the SAML request ID field to be the chosen system property which could be obtained in the "InResponseTo" field in the response. | Jboss_enterprise_application_platform, Keycloak | 6.5 | ||
| 2016-10-13 | CVE-2016-7065 | The JMX servlet in Red Hat JBoss Enterprise Application Platform (EAP) 4 and 5 allows remote authenticated users to cause a denial of service and possibly execute arbitrary code via a crafted serialized Java object. | Jboss_enterprise_application_platform | 8.8 | ||
| 2016-10-03 | CVE-2016-7046 | Red Hat JBoss Enterprise Application Platform (EAP) 7, when operating as a reverse-proxy with default buffer sizes, allows remote attackers to cause a denial of service (CPU and disk consumption) via a long URL. | Jboss_enterprise_application_platform | 5.9 | ||
| 2017-08-22 | CVE-2016-6311 | Get requests in JBoss Enterprise Application Platform (EAP) 7 disclose internal IP addresses to remote attackers. | Jboss_enterprise_application_platform | 5.3 | ||
| 2016-09-26 | CVE-2016-5406 | The domain controller in Red Hat JBoss Enterprise Application Platform (EAP) 7.x before 7.0.2 allows remote authenticated users to gain privileges by leveraging failure to propagate administrative RBAC configuration to all slaves. | Jboss_enterprise_application_platform | 8.8 | ||
| 2016-09-26 | CVE-2016-4993 | CRLF injection vulnerability in the Undertow web server in WildFly 10.0.0, as used in Red Hat JBoss Enterprise Application Platform (EAP) 7.x before 7.0.2, allows remote attackers to inject arbitrary HTTP headers and conduct HTTP response splitting attacks via unspecified vectors. | Jboss_enterprise_application_platform, Jboss_wildfly_application_server | 6.1 | ||
| 2017-06-08 | CVE-2016-3690 | The PooledInvokerServlet in JBoss EAP 4.x and 5.x allows remote attackers to execute arbitrary code via a crafted serialized payload. | Jboss_enterprise_application_platform | 9.8 | ||
| 2015-12-16 | CVE-2015-5304 | Red Hat JBoss Enterprise Application Platform (EAP) before 6.4.5 does not properly authorize access to shut down the server, which allows remote authenticated users with the Monitor, Deployer, or Auditor role to cause a denial of service via unspecified vectors. | Jboss_enterprise_application_platform | N/A | ||
| 2017-09-19 | CVE-2015-1849 | AdvancedLdapLodinMogule in Red Hat JBoss Enterprise Application Platform (EAP) before 6.4.1 allows attackers to obtain sensitive information via vectors involving logging the LDAP bind credential password when TRACE logging is enabled. | Jboss_enterprise_application_platform | 5.9 | ||
| 2015-02-13 | CVE-2014-7853 | The JBoss Application Server (WildFly) JacORB subsystem in Red Hat JBoss Enterprise Application Platform (EAP) before 6.3.3 does not properly assign socket-binding-ref sensitivity classification to the security-domain attribute, which allows remote authenticated users to obtain sensitive information by leveraging access to the security-domain attribute. | Jboss_enterprise_application_platform, Jboss_operations_network | N/A |