RSS   Vulnerabilities for 'Jboss enterprise web server'   RSS

2021-05-28
 
CVE-2020-25710

CWE-617
 

 
A flaw was found in OpenLDAP in versions before 2.4.56. This flaw allows an attacker who sends a malicious packet processed by OpenLDAP to force a failed assertion in csnNormalize23(). The highest threat from this vulnerability is to system availability.

 
2020-01-23
 
CVE-2012-5626

NVD-CWE-noinfo
 

 
EJB method in Red Hat JBoss BRMS 5; Red Hat JBoss Enterprise Application Platform 5; Red Hat JBoss Operations Network 3.1; Red Hat JBoss Portal 4 and 5; Red Hat JBoss SOA Platform 4.2, 4.3, and 5; in Red Hat JBoss Enterprise Web Server 1 ignores roles specified using the @RunAs annotation.

 
2019-12-15
 
CVE-2014-3701

CWE-362
 

 
eDeploy has tmp file race condition flaws

 
 
CVE-2014-3699

CWE-502
 

 
eDeploy has RCE via cPickle deserialization of untrusted data

 
2019-11-21
 
CVE-2014-3700

CWE-74
 

 
eDeploy through at least 2014-10-14 has remote code execution due to eval() of untrusted data

 
2019-11-13
 
CVE-2014-3655

CWE-352
 

 
JBoss KeyCloak is vulnerable to soft token deletion via CSRF

 
2018-08-02
 
CVE-2018-1336

CWE-835
 

 
An improper handing of overflow in the UTF-8 decoder with supplementary characters can lead to an infinite loop in the decoder causing a Denial of Service. Versions Affected: Apache Tomcat 9.0.0.M9 to 9.0.7, 8.5.0 to 8.5.30, 8.0.0.RC1 to 8.0.51, and 7.0.28 to 7.0.86.

 
2018-02-28
 
CVE-2018-1304

CWE-noinfo
 

 
The URL pattern of "" (the empty string) which exactly maps to the context root was not correctly handled in Apache Tomcat 9.0.0.M1 to 9.0.4, 8.5.0 to 8.5.27, 8.0.0.RC1 to 8.0.49 and 7.0.0 to 7.0.84 when used as part of a security constraint definition. This caused the constraint to be ignored. It was, therefore, possible for unauthorised users to gain access to web application resources that should have been protected. Only security constraints with a URL pattern of the empty string were affected.

 
2017-11-09
 
CVE-2015-7501

CWE-502
 

 
Red Hat JBoss A-MQ 6.x; BPM Suite (BPMS) 6.x; BRMS 6.x and 5.x; Data Grid (JDG) 6.x; Data Virtualization (JDV) 6.x and 5.x; Enterprise Application Platform 6.x, 5.x, and 4.3.x; Fuse 6.x; Fuse Service Works (FSW) 6.x; Operations Network (JBoss ON) 3.x; Portal 6.x; SOA Platform (SOA-P) 5.x; Web Server (JWS) 3.x; Red Hat OpenShift/xPAAS 3.x; and Red Hat Subscription Asset Manager 1.3 allow remote attackers to execute arbitrary commands via a crafted serialized Java object, related to the Apache Commons Collections (ACC) library.

 
2017-07-13
 
CVE-2017-9788

CWE-200
 

 
In Apache httpd before 2.2.34 and 2.4.x before 2.4.27, the value placeholder in [Proxy-]Authorization headers of type 'Digest' was not initialized or reset before or between successive key=value assignments by mod_auth_digest. Providing an initial key with no '=' assignment could reflect the stale value of uninitialized pool memory used by the prior request, leading to leakage of potentially confidential information, and a segfault in other cases resulting in denial of service.

 


Copyright 2024, cxsecurity.com

 

Back to Top