Total
33 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2011-3923 | 2 Apache, Redhat | 2 Struts, Jboss Enterprise Web Server | 2023-11-07 | 7.5 HIGH | 9.8 CRITICAL |
| Apache Struts before 2.3.1.2 allows remote attackers to bypass security protections in the ParameterInterceptor class and execute arbitrary commands. | |||||
| CVE-2011-3348 | 2 Apache, Redhat | 3 Http Server, Enterprise Linux, Jboss Enterprise Web Server | 2023-11-07 | 4.3 MEDIUM | N/A |
| The mod_proxy_ajp module in the Apache HTTP Server before 2.2.21, when used with mod_proxy_balancer in certain configurations, allows remote attackers to cause a denial of service (temporary "error state" in the backend server) via a malformed HTTP request. | |||||
| CVE-2016-3110 | 2 Fedoraproject, Redhat | 4 Fedora, Enterprise Linux, Jboss Enterprise Application Platform and 1 more | 2023-02-13 | 5.0 MEDIUM | 7.5 HIGH |
| mod_cluster, as used in Red Hat JBoss Web Server 2.1, allows remote attackers to cause a denial of service (Apache http server crash) via an MCMP message containing a series of = (equals) characters after a legitimate element. | |||||
| CVE-2016-6325 | 2 Apache, Redhat | 11 Tomcat, Enterprise Linux, Enterprise Linux Desktop and 8 more | 2023-02-12 | 7.2 HIGH | 7.8 HIGH |
| The Tomcat package on Red Hat Enterprise Linux (RHEL) 5 through 7, JBoss Web Server 3.0, and JBoss EWS 2 uses weak permissions for (1) /etc/sysconfig/tomcat and (2) /etc/tomcat/tomcat.conf, which allows local users to gain privileges by leveraging membership in the tomcat group. | |||||
| CVE-2016-2183 | 6 Cisco, Nodejs, Openssl and 3 more | 9 Content Security Management Appliance, Node.js, Openssl and 6 more | 2023-02-12 | 5.0 MEDIUM | 7.5 HIGH |
| The DES and Triple DES ciphers, as used in the TLS, SSH, and IPSec protocols and other protocols and products, have a birthday bound of approximately four billion blocks, which makes it easier for remote attackers to obtain cleartext data via a birthday attack against a long-duration encrypted session, as demonstrated by an HTTPS session using Triple DES in CBC mode, aka a "Sweet32" attack. | |||||
| CVE-2012-5626 | 1 Redhat | 6 Jboss Brms, Jboss Enterprise Application Platform, Jboss Enterprise Web Server and 3 more | 2020-02-05 | 5.0 MEDIUM | 7.5 HIGH |
| EJB method in Red Hat JBoss BRMS 5; Red Hat JBoss Enterprise Application Platform 5; Red Hat JBoss Operations Network 3.1; Red Hat JBoss Portal 4 and 5; Red Hat JBoss SOA Platform 4.2, 4.3, and 5; in Red Hat JBoss Enterprise Web Server 1 ignores roles specified using the @RunAs annotation. | |||||
| CVE-2014-3701 | 1 Redhat | 2 Edeploy, Jboss Enterprise Web Server | 2019-12-19 | 9.3 HIGH | 8.1 HIGH |
| eDeploy has tmp file race condition flaws | |||||
| CVE-2014-3699 | 1 Redhat | 2 Edeploy, Jboss Enterprise Web Server | 2019-12-19 | 7.5 HIGH | 9.8 CRITICAL |
| eDeploy has RCE via cPickle deserialization of untrusted data | |||||
| CVE-2012-2148 | 2 Linux, Redhat | 3 Linux Kernel, Jboss Community Application Server, Jboss Enterprise Web Server | 2019-12-16 | 1.9 LOW | 3.3 LOW |
| An issue exists in the property replacements feature in any descriptor in JBoxx AS 7.1.1 ignores java security policies | |||||
| CVE-2014-3700 | 1 Redhat | 2 Edeploy, Jboss Enterprise Web Server | 2019-11-27 | 7.5 HIGH | 9.8 CRITICAL |
| eDeploy through at least 2014-10-14 has remote code execution due to eval() of untrusted data | |||||
| CVE-2014-3655 | 1 Redhat | 2 Jboss Enterprise Web Server, Keycloak | 2019-11-14 | 4.3 MEDIUM | 4.3 MEDIUM |
| JBoss KeyCloak is vulnerable to soft token deletion via CSRF | |||||
| CVE-2013-1976 | 1 Redhat | 2 Enterprise Linux, Jboss Enterprise Web Server | 2019-04-22 | 6.9 MEDIUM | N/A |
| The (1) tomcat5, (2) tomcat6, and (3) tomcat7 init scripts, as used in the RPM distribution of Tomcat for JBoss Enterprise Web Server 1.0.2 and 2.0.0, and Red Hat Enterprise Linux 5 and 6, allow local users to change the ownership of arbitrary files via a symlink attack on (a) tomcat5-initd.log, (b) tomcat6-initd.log, (c) catalina.out, or (d) tomcat7-initd.log. | |||||
| CVE-2013-2186 | 2 Redhat, Ubuntu | 5 Jboss Enterprise Brms Platform, Jboss Enterprise Portal Platform, Jboss Enterprise Web Server and 2 more | 2018-01-09 | 7.5 HIGH | N/A |
| The DiskFileItem class in Apache Commons FileUpload, as used in Red Hat JBoss BRMS 5.3.1; JBoss Portal 4.3 CP07, 5.2.2, and 6.0.0; and Red Hat JBoss Web Server 1.0.2 allows remote attackers to write to arbitrary files via a NULL byte in a file name in a serialized instance. | |||||