Note:
This project will be discontinued after December 13, 2021. [more]
Product:
Jboss_enterprise_application_platform
(Redhat)| Repositories |
• https://github.com/FasterXML/jackson-databind
• https://github.com/qos-ch/slf4j • https://github.com/bcgit/bc-java • https://github.com/apache/cxf • https://github.com/dom4j/dom4j |
| #Vulnerabilities | 228 |
| Date | Id | Summary | Products | Score | Patch | Annotated |
|---|---|---|---|---|---|---|
| 2017-08-22 | CVE-2016-6311 | Get requests in JBoss Enterprise Application Platform (EAP) 7 disclose internal IP addresses to remote attackers. | Jboss_enterprise_application_platform | 5.3 | ||
| 2016-09-26 | CVE-2016-5406 | The domain controller in Red Hat JBoss Enterprise Application Platform (EAP) 7.x before 7.0.2 allows remote authenticated users to gain privileges by leveraging failure to propagate administrative RBAC configuration to all slaves. | Jboss_enterprise_application_platform | 8.8 | ||
| 2016-09-26 | CVE-2016-4993 | CRLF injection vulnerability in the Undertow web server in WildFly 10.0.0, as used in Red Hat JBoss Enterprise Application Platform (EAP) 7.x before 7.0.2, allows remote attackers to inject arbitrary HTTP headers and conduct HTTP response splitting attacks via unspecified vectors. | Jboss_enterprise_application_platform, Jboss_wildfly_application_server | 6.1 | ||
| 2017-06-08 | CVE-2016-3690 | The PooledInvokerServlet in JBoss EAP 4.x and 5.x allows remote attackers to execute arbitrary code via a crafted serialized payload. | Jboss_enterprise_application_platform | 9.8 | ||
| 2015-12-16 | CVE-2015-5304 | Red Hat JBoss Enterprise Application Platform (EAP) before 6.4.5 does not properly authorize access to shut down the server, which allows remote authenticated users with the Monitor, Deployer, or Auditor role to cause a denial of service via unspecified vectors. | Jboss_enterprise_application_platform | N/A | ||
| 2017-09-19 | CVE-2015-1849 | AdvancedLdapLodinMogule in Red Hat JBoss Enterprise Application Platform (EAP) before 6.4.1 allows attackers to obtain sensitive information via vectors involving logging the LDAP bind credential password when TRACE logging is enabled. | Jboss_enterprise_application_platform | 5.9 | ||
| 2015-02-13 | CVE-2014-7853 | The JBoss Application Server (WildFly) JacORB subsystem in Red Hat JBoss Enterprise Application Platform (EAP) before 6.3.3 does not properly assign socket-binding-ref sensitivity classification to the security-domain attribute, which allows remote authenticated users to obtain sensitive information by leveraging access to the security-domain attribute. | Jboss_enterprise_application_platform, Jboss_operations_network | N/A | ||
| 2015-02-13 | CVE-2014-7849 | The Role Based Access Control (RBAC) implementation in JBoss Enterprise Application Platform (EAP) 6.2.0 through 6.3.2 does not properly verify authorization conditions, which allows remote authenticated users to add, modify, and undefine otherwise restricted attributes by leveraging the Maintainer role. | Jboss_enterprise_application_platform | N/A | ||
| 2015-02-13 | CVE-2014-7827 | The org.jboss.security.plugins.mapping.JBossMappingManager implementation in JBoss Security in Red Hat JBoss Enterprise Application Platform (EAP) before 6.3.3 uses the default security domain when a security domain is undefined, which allows remote authenticated users to bypass intended access restrictions by leveraging credentials on the default domain for a role that is also on the application domain. | Jboss_enterprise_application_platform | N/A | ||
| 2015-04-21 | CVE-2014-3586 | The default configuration for the Command Line Interface in Red Hat Enterprise Application Platform before 6.4.0 and WildFly (formerly JBoss Application Server) uses weak permissions for .jboss-cli-history, which allows local users to obtain sensitive information via unspecified vectors. | Jboss_enterprise_application_platform | N/A |