RSS   Vulnerabilities for 'Jboss'   RSS

2007-03-02
 
CVE-2007-1157

CWE-352
 

 
Cross-site request forgery (CSRF) vulnerability in jmx-console/HtmlAdaptor in JBoss allows remote attackers to perform privileged actions as administrators via certain MBean operations, a different vulnerability than CVE-2006-3733.

 
2005-06-17
 
CVE-2005-2006

CWE-Other
 

 
JBOSS 3.2.2 through 3.2.7 and 4.0.2 allows remote attackers to obtain sensitive information via a GET request (1) with a "%." (percent dot), which reveals the installation path or (2) with a % (percent) before a filename, which reveals the contents of the file.

 

 >>> Vendor: Jboss 10 Products
Jboss
JBPM
Jboss application server
SEAM
Enterprise application platform
Ironjacamar
Jboss enterprise application server
Red hat jboss data virtualization
Teiid
Jboss-remoting


Copyright 2022, cxsecurity.com

 

Back to Top