Product:

Jboss_enterprise_web_platform

(Redhat)
Repositories

Unknown:

This might be proprietary software.

#Vulnerabilities 21
Date Id Summary Products Score Patch Annotated
2020-03-11 CVE-2011-2487 The implementations of PKCS#1 v1.5 key transport mechanism for XMLEncryption in JBossWS and Apache WSS4J before 1.6.5 is susceptible to a Bleichenbacher attack. Cxf, Wss4j, Jboss_business_rules_management_system, Jboss_enterprise_application_platform, Jboss_enterprise_application_platform_text\-Only_advisories, Jboss_enterprise_soa_platform, Jboss_enterprise_web_platform, Jboss_middleware_text\-Only_advisories, Jboss_portal, Jboss_web_services 5.9
2013-07-29 CVE-2011-1483 wsf/common/DOMUtils.java in JBossWS Native in Red Hat JBoss Enterprise Application Platform 4.2.0.CP09, 4.3, and 5.1.1; JBoss Enterprise Portal Platform 4.3.CP06 and 5.1.1; JBoss Enterprise SOA Platform 4.2.CP05, 4.3.CP05, and 5.1.0; JBoss Communications Platform 1.2.11 and 5.1.1; JBoss Enterprise BRMS Platform 5.1.0; and JBoss Enterprise Web Platform 5.1.1 does not properly handle recursion during entity expansion, which allows remote attackers to cause a denial of service (memory and CPU... Network_node_manager_i, Jboss_communications_platform, Jboss_enterprise_application_platform, Jboss_enterprise_brms_platform, Jboss_enterprise_portal_platform, Jboss_enterprise_soa_platform, Jboss_enterprise_web_platform N/A
2013-10-01 CVE-2013-4210 The org.jboss.remoting.transport.socket.ServerThread class in Red Hat JBoss Remoting for Red Hat JBoss SOA Platform 5.3.1 GA, Web Platform 5.2.0, Enterprise Application Platform 5.2.0, and other products allows remote attackers to cause a denial of service (file descriptor consumption) via unspecified vectors. Jboss_enterprise_application_platform, Jboss_enterprise_brms_platform, Jboss_enterprise_soa_platform, Jboss_enterprise_web_platform N/A
2013-02-05 CVE-2013-0218 The GUI installer in JBoss Enterprise Application Platform (EAP) and Enterprise Web Platform (EWP) 5.2.0 and possibly 5.1.2 uses world-readable permissions for the auto-install XML file, which allows local users to obtain the administrator password and the sucker password by reading this file. Jboss_enterprise_application_platform, Jboss_enterprise_web_platform N/A
2013-02-05 CVE-2012-5478 The AuthorizationInterceptor in JBoss Enterprise Application Platform (EAP) before 5.2.0, Web Platform (EWP) before 5.2.0, BRMS Platform before 5.3.1, and SOA Platform before 5.3.1 does not properly restrict access, which allows remote authenticated users to bypass intended role restrictions and perform arbitrary JMX operations via unspecified vectors. Jboss_enterprise_application_platform, Jboss_enterprise_brms_platform, Jboss_enterprise_web_platform N/A
2013-02-05 CVE-2012-3370 The SecurityAssociation.getCredential method in JBoss Enterprise Application Platform (EAP) before 5.2.0, Web Platform (EWP) before 5.2.0, BRMS Platform before 5.3.1, and SOA Platform before 5.3.1 returns the credentials of the previous user when a security context is not provided, which allows remote attackers to gain privileges as other users. Jboss_enterprise_application_platform, Jboss_enterprise_brms_platform, Jboss_enterprise_web_platform N/A
2013-02-05 CVE-2012-3369 The CallerIdentityLoginModule in JBoss Enterprise Application Platform (EAP) before 5.2.0, Web Platform (EWP) before 5.2.0, BRMS Platform before 5.3.1, and SOA Platform before 5.3.1 allows remote attackers to gain privileges of the previous user via a null password, which causes the previous user's password to be used. Jboss_enterprise_application_platform, Jboss_enterprise_brms_platform, Jboss_enterprise_web_platform N/A
2012-11-23 CVE-2012-1167 The JBoss Server in JBoss Enterprise Application Platform 5.1.x before 5.1.2 and 5.2.x before 5.2.2, Web Platform before 5.1.2, BRMS Platform before 5.3.0, and SOA Platform before 5.3.0, when the server is configured to use the JaccAuthorizationRealm and the ignoreBaseDecision property is set to true on the JBossWebRealm, does not properly check the permissions created by the WebPermissionMapping class, which allows remote authenticated users to access arbitrary applications. Jboss_enterprise_application_platform, Jboss_enterprise_brms_platform, Jboss_enterprise_soa_platform, Jboss_enterprise_web_platform N/A
2013-02-05 CVE-2012-0034 The NonManagedConnectionFactory in JBoss Enterprise Application Platform (EAP) 5.1.2 and 5.2.0, Web Platform (EWP) 5.1.2 and 5.2.0, and BRMS Platform before 5.3.1 logs the username and password in cleartext when an exception is thrown, which allows local users to obtain sensitive information by reading the log file. Jboss_enterprise_application_platform, Jboss_enterprise_brms_platform, Jboss_enterprise_web_platform N/A
2014-02-10 CVE-2011-4610 JBoss Web, as used in Red Hat JBoss Communications Platform before 5.1.3, Enterprise Web Platform before 5.1.2, Enterprise Application Platform before 5.1.2, and other products, allows remote attackers to cause a denial of service (infinite loop) via vectors related to a crafted UTF-8 and a "surrogate pair character" that is "at the boundary of an internal buffer." Jboss_communications_platform, Jboss_enterprise_application_platform, Jboss_enterprise_brms_platform, Jboss_enterprise_web_platform N/A