Home
Bugtraq
Full List
Only Bugs
Only Tricks
Only Exploits
Only Dorks
Only CVE
Only CWE
Fake Notes
Ranking
CVEMAP
Full List
Show Vendors
Show Products
CWE Dictionary
Check CVE Id
Check CWE Id
Search
Bugtraq
CVEMAP
By author
CVE Id
CWE Id
By vendors
By products
RSS
Bugtraq
CVEMAP
CVE Products
Bugs
Exploits
Dorks
More
cIFrex
Facebook
Twitter
Donate
About
Submit
Vulnerabilities for
'Jboss a-mq'
2021-12-14
CVE-2021-4104
CWE-502
JMSAppender in Log4j 1.2 is vulnerable to deserialization of untrusted data when the attacker has write access to the Log4j configuration. The attacker can provide TopicBindingName and TopicConnectionFactoryBindingName configurations causing JMSAppender to perform JNDI requests that result in remote code execution in a similar fashion to CVE-2021-44228. Note this issue only affects Log4j 1.2 when specifically configured to use JMSAppender, which is not the default. Apache Log4j 1.2 reached end of life in August 2015. Users should upgrade to Log4j 2 as it addresses numerous other issues from the previous versions.
2021-05-20
CVE-2021-3536
CWE-79
A flaw was found in Wildfly in versions before 23.0.2.Final while creating a new role in domain mode via the admin console, it is possible to add a payload in the name field, leading to XSS. This affects Confidentiality and Integrity.
2018-08-01
CVE-2016-8653
CWE-502
It was found that the JMX endpoint of Red Hat JBoss Fuse 6, and Red Hat A-MQ 6 deserializes the credentials passed to it. An attacker could use this flaw to launch a denial of service attack.
CVE-2016-8648
CWE-502
It was found that the Karaf container used by Red Hat JBoss Fuse 6.x, and Red Hat JBoss A-MQ 6.x, deserializes objects passed to MBeans via JMX operations. An attacker could use this flaw to execute remote code on the server as the user running the Java Virtual Machine if the target MBean contain deserialization gadgets in its classpath.
2017-11-09
CVE-2015-7501
CWE-502
Red Hat JBoss A-MQ 6.x; BPM Suite (BPMS) 6.x; BRMS 6.x and 5.x; Data Grid (JDG) 6.x; Data Virtualization (JDV) 6.x and 5.x; Enterprise Application Platform 6.x, 5.x, and 4.3.x; Fuse 6.x; Fuse Service Works (FSW) 6.x; Operations Network (JBoss ON) 3.x; Portal 6.x; SOA Platform (SOA-P) 5.x; Web Server (JWS) 3.x; Red Hat OpenShift/xPAAS 3.x; and Red Hat Subscription Asset Manager 1.3 allow remote attackers to execute arbitrary commands via a crafted serialized Java object, related to the Apache Commons Collections (ACC) library.
2017-09-25
CVE-2015-5183
CWE-254
The Hawtio console in A-MQ does not set HTTPOnly or Secure attributes on cookies.
CVE-2015-5181
The JBoss console in A-MQ allows remote attackers to execute arbitrary JavaScript.
2014-04-17
CVE-2014-0085
CWE-255
JBoss Fuse did not enable encrypted passwords by default in its usage of Apache Zookeeper. This permitted sensitive information disclosure via logging to local users. Note: this description has been updated; previous text mistakenly identified the source of the flaw as Zookeeper. Previous text: Apache Zookeeper logs cleartext admin passwords, which allows local users to obtain sensitive information by reading the log.
2013-09-30
CVE-2013-4372
Multiple cross-site scripting (XSS) vulnerabilities in Fuse Management Console in Red Hat JBoss Fuse 6.0.0 before patch 3 and JBoss A-MQ 6.0.0 before patch 3 allow remote attackers to inject arbitrary web script or HTML via the (1) user field in the create user page or (2) profile version to the create profile page.
>>>
Vendor:
Redhat
373
Products
Linux
Certificate server
Directory server
Sendmail
Openssl
Rsync
Tcpdump
Enterprise linux
Enterprise linux desktop
Linux powertools
Tmpwatch
Pam smb
Stronghold
Redhat package manager
Docbook stylesheets
Docbook utils
Libpng
Pre-execution environment
Interchange
Linux advanced workstation
Rhmask
LV
Analog real-time synthesizer
Kdebase
Kdelibs
Kdelibs devel
Kdelibs sound
Kdelibs sound devel
Wu ftpd
Daredevil skk
Ddskk-xemacs
Up2date
Kernel
Vsftpd
Bigmem kernel
Kernel doc
Kernel source
Sysstat
Gdk pixbuf
LHA
Fedora core
Linux desktop
Sysreport
JBPM
Desktop
Package manager
Jboss application server
Conga
Open iscsi
Cluster suite
Network satelite server
Fedora
Mcstrans
Cairo
Network satellite server
Cygwin
Enterprise linux desktop workstation
Fedora directory server
Nfs utils
Policykit
Desktop workstation
Fedora 8
Certificate system
KVM
Adminutil
Enterprise ipa
Freeipa
Jboss enterprise application platform
Initscripts
CMAN
dogtag certificate system
Libvirt
Cluster project
Gfs2-utils
Rgmanager
Dogtag certificate system
Enterprise mrg
Spacewalk-java
Enterprise virtualization
Qspice
Network satellite
Yum-rhn-plugin
Enterprise virtualization hypervisor
Enterprise virtualization manager
Jboss enterprise service bus
Jboss enterprise soa platform
LVM2
Evince
Spice-xpi
Spice-activex
LUCI
Icedtea
Jboss enterprise web platform
Jboss remoting
389 directory server
Libuser
Icedtea-web
Policycoreutils
Jboss seam 2 framework
Virtualization manager
See all Products for Vendor
Redhat
Copyright
2024
, cxsecurity.com
Back to Top