Note:
This project will be discontinued after December 13, 2021. [more]
Product:
Jboss_enterprise_web_server
(Redhat)| Repositories |
Unknown: This might be proprietary software. |
| #Vulnerabilities | 35 |
| Date | Id | Summary | Products | Score | Patch | Annotated |
|---|---|---|---|---|---|---|
| 2020-01-23 | CVE-2012-5626 | EJB method in Red Hat JBoss BRMS 5; Red Hat JBoss Enterprise Application Platform 5; Red Hat JBoss Operations Network 3.1; Red Hat JBoss Portal 4 and 5; Red Hat JBoss SOA Platform 4.2, 4.3, and 5; in Red Hat JBoss Enterprise Web Server 1 ignores roles specified using the @RunAs annotation. | Jboss_brms, Jboss_enterprise_application_platform, Jboss_enterprise_web_server, Jboss_operations_network, Jboss_portal, Jboss_soa_platform | N/A | ||
| 2019-12-15 | CVE-2014-3701 | eDeploy has tmp file race condition flaws | Edeploy, Jboss_enterprise_web_server | N/A | ||
| 2019-12-15 | CVE-2014-3699 | eDeploy has RCE via cPickle deserialization of untrusted data | Edeploy, Jboss_enterprise_web_server | N/A | ||
| 2019-12-06 | CVE-2012-2148 | An issue exists in the property replacements feature in any descriptor in JBoxx AS 7.1.1 ignores java security policies | Jboss_community_application_server, Jboss_enterprise_web_server | N/A | ||
| 2019-11-21 | CVE-2014-3700 | eDeploy through at least 2014-10-14 has remote code execution due to eval() of untrusted data | Edeploy, Jboss_enterprise_web_server | N/A | ||
| 2019-11-13 | CVE-2014-3655 | JBoss KeyCloak is vulnerable to soft token deletion via CSRF | Jboss_enterprise_web_server, Keycloak | N/A | ||
| 2013-10-28 | CVE-2013-2186 | The DiskFileItem class in Apache Commons FileUpload, as used in Red Hat JBoss BRMS 5.3.1; JBoss Portal 4.3 CP07, 5.2.2, and 6.0.0; and Red Hat JBoss Web Server 1.0.2 allows remote attackers to write to arbitrary files via a NULL byte in a file name in a serialized instance. | Jboss_enterprise_brms_platform, Jboss_enterprise_portal_platform, Jboss_enterprise_web_server, Openshift, Ubuntu | N/A | ||
| 2013-07-09 | CVE-2013-1976 | The (1) tomcat5, (2) tomcat6, and (3) tomcat7 init scripts, as used in the RPM distribution of Tomcat for JBoss Enterprise Web Server 1.0.2 and 2.0.0, and Red Hat Enterprise Linux 5 and 6, allow local users to change the ownership of arbitrary files via a symlink attack on (a) tomcat5-initd.log, (b) tomcat6-initd.log, (c) catalina.out, or (d) tomcat7-initd.log. | Enterprise_linux, Jboss_enterprise_web_server | N/A |