Filtered by vendor Redhat
Subscriptions
Filtered by product Jboss Enterprise Application Platform
Subscriptions
Total
576 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2012-0876 | 6 Canonical, Debian, Libexpat Project and 3 more | 15 Ubuntu Linux, Debian Linux, Libexpat and 12 more | 2025-04-11 | N/A |
| The XML parser (xmlparse.c) in expat before 2.1.0 computes hash values without restricting the ability to trigger hash collisions predictably, which allows context-dependent attackers to cause a denial of service (CPU consumption) via an XML file with many identifiers with the same value. | ||||
| CVE-2012-4529 | 1 Redhat | 3 Jboss Community Application Server, Jboss Enterprise Application Platform, Jboss Enterprise Portal Platform | 2025-04-11 | N/A |
| The org.apache.catalina.connector.Response.encodeURL method in Red Hat JBoss Web 7.1.x and earlier, when the tracking mode is set to COOKIE, sends the jsessionid in the URL of the first response of a session, which allows remote attackers to obtain the session id (1) via a man-in-the-middle attack or (2) by reading a log. | ||||
| CVE-2012-2687 | 2 Apache, Redhat | 3 Http Server, Enterprise Linux, Jboss Enterprise Application Platform | 2025-04-11 | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in the make_variant_list function in mod_negotiation.c in the mod_negotiation module in the Apache HTTP Server 2.4.x before 2.4.3, when the MultiViews option is enabled, allow remote attackers to inject arbitrary web script or HTML via a crafted filename that is not properly handled during construction of a variant list. | ||||
| CVE-2011-4576 | 2 Openssl, Redhat | 4 Openssl, Enterprise Linux, Jboss Enterprise Application Platform and 1 more | 2025-04-11 | N/A |
| The SSL 3.0 implementation in OpenSSL before 0.9.8s and 1.x before 1.0.0f does not properly initialize data structures for block cipher padding, which might allow remote attackers to obtain sensitive information by decrypting the padding data sent by an SSL peer. | ||||
| CVE-2011-4575 | 1 Redhat | 4 Jboss Enterprise Application Platform, Jboss Enterprise Brms Platform, Jboss Enterprise Soa Platform and 1 more | 2025-04-11 | N/A |
| Cross-site scripting (XSS) vulnerability in the JMX console in JBoss Enterprise Application Platform (EAP) before 5.2.0, Web Platform (EWP) before 5.2.0, BRMS Platform before 5.3.1, and SOA Platform before 5.3.1 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. | ||||
| CVE-2011-5245 | 1 Redhat | 9 Jboss Bpms, Jboss Brms, Jboss Enterprise Application Platform and 6 more | 2025-04-11 | N/A |
| The readFrom function in providers.jaxb.JAXBXmlTypeProvider in RESTEasy before 2.3.2 allows remote attackers to read arbitrary files via an external entity reference in a Java Architecture for XML Binding (JAXB) input, aka an XML external entity (XXE) injection attack, a similar vulnerability to CVE-2012-0818. | ||||
| CVE-2013-4213 | 1 Redhat | 2 Jboss Enterprise Application Platform, Jboss Enterprise Portal Platform | 2025-04-11 | N/A |
| Red Hat JBoss Enterprise Application Platform (EAP) 6.1.0 does not properly cache EJB invocations by the EJB client API, which allows remote attackers to hijack sessions by using an EJB client. | ||||
| CVE-2013-4128 | 1 Redhat | 2 Jboss Enterprise Application Platform, Jboss Enterprise Portal Platform | 2025-04-11 | N/A |
| Red Hat JBoss Enterprise Application Platform (EAP) 6.1.0 does not properly cache EJB invocations by remote-naming, which allows remote attackers to hijack sessions by using a remoting client. | ||||
| CVE-2011-1184 | 2 Apache, Redhat | 9 Tomcat, Enterprise Linux, Jboss Communications Platform and 6 more | 2025-04-11 | N/A |
| The HTTP Digest Access Authentication implementation in Apache Tomcat 5.5.x before 5.5.34, 6.x before 6.0.33, and 7.x before 7.0.12 does not have the expected countermeasures against replay attacks, which makes it easier for remote attackers to bypass intended access restrictions by sniffing the network for valid requests, related to lack of checking of nonce (aka server nonce) and nc (aka nonce-count or client nonce count) values. | ||||
| CVE-2010-2227 | 2 Apache, Redhat | 7 Tomcat, Certificate System, Enterprise Linux and 4 more | 2025-04-11 | N/A |
| Apache Tomcat 5.5.0 through 5.5.29, 6.0.0 through 6.0.27, and 7.0.0 beta does not properly handle an invalid Transfer-Encoding header, which allows remote attackers to cause a denial of service (application outage) or obtain sensitive information via a crafted header that interferes with "recycling of a buffer." | ||||
| CVE-2011-2196 | 1 Redhat | 5 Jboss Enterprise Application Platform, Jboss Enterprise Soa Platform, Jboss Enterprise Web Platform and 2 more | 2025-04-11 | N/A |
| jboss-seam.jar in the JBoss Seam 2 framework 2.2.x and earlier, as distributed in Red Hat JBoss Enterprise SOA Platform 4.3.0.CP05 and 5.1.0; JBoss Enterprise Application Platform (aka JBoss EAP or JBEAP) 4.3.0, 4.3.0.CP09, and 5.1.1; and JBoss Enterprise Web Platform 5.1.1, does not properly restrict use of Expression Language (EL) statements in FacesMessages during page exception handling, which allows remote attackers to execute arbitrary Java code via a crafted URL to an application. NOTE: this vulnerability exists because of an incomplete fix for CVE-2011-1484. | ||||
| CVE-2012-5885 | 2 Apache, Redhat | 8 Tomcat, Enterprise Linux, Jboss Data Grid and 5 more | 2025-04-11 | N/A |
| The replay-countermeasure functionality in the HTTP Digest Access Authentication implementation in Apache Tomcat 5.5.x before 5.5.36, 6.x before 6.0.36, and 7.x before 7.0.30 tracks cnonce (aka client nonce) values instead of nonce (aka server nonce) and nc (aka nonce-count) values, which makes it easier for remote attackers to bypass intended access restrictions by sniffing the network for valid requests, a different vulnerability than CVE-2011-1184. | ||||
| CVE-2012-0884 | 2 Openssl, Redhat | 4 Openssl, Enterprise Linux, Jboss Enterprise Application Platform and 1 more | 2025-04-11 | N/A |
| The implementation of Cryptographic Message Syntax (CMS) and PKCS #7 in OpenSSL before 0.9.8u and 1.x before 1.0.0h does not properly restrict certain oracle behavior, which makes it easier for context-dependent attackers to decrypt data via a Million Message Attack (MMA) adaptive chosen ciphertext attack. | ||||
| CVE-2013-2133 | 1 Redhat | 5 Enterprise Linux, Jboss Bpms, Jboss Brms and 2 more | 2025-04-11 | N/A |
| The EJB invocation handler implementation in Red Hat JBossWS, as used in JBoss Enterprise Application Platform (EAP) before 6.2.0, does not properly enforce the method level restrictions for JAX-WS Service endpoints, which allows remote authenticated users to access otherwise restricted JAX-WS handlers by leveraging permissions to the EJB class. | ||||
| CVE-2012-5633 | 2 Apache, Redhat | 7 Cxf, Fuse Esb Enterprise, Jboss Enterprise Application Platform and 4 more | 2025-04-11 | N/A |
| The URIMappingInterceptor in Apache CXF before 2.5.8, 2.6.x before 2.6.5, and 2.7.x before 2.7.2, when using the WSS4JInInterceptor, bypasses WS-Security processing, which allows remote attackers to obtain access to SOAP services via an HTTP GET request. | ||||
| CVE-2012-3451 | 2 Apache, Redhat | 5 Cxf, Jboss Enterprise Application Platform, Jboss Enterprise Brms Platform and 2 more | 2025-04-11 | N/A |
| Apache CXF before 2.4.9, 2.5.x before 2.5.5, and 2.6.x before 2.6.2 allows remote attackers to execute unintended web-service operations by sending a header with a SOAP Action String that is inconsistent with the message body. | ||||
| CVE-2012-5629 | 1 Redhat | 6 Jboss Data Grid, Jboss Enterprise Application Platform, Jboss Enterprise Brms Platform and 3 more | 2025-04-11 | N/A |
| The default configuration of the (1) LdapLoginModule and (2) LdapExtLoginModule modules in JBoss Enterprise Application Platform (EAP) 4.3.0 CP10, 5.2.0, and 6.0.1, and Enterprise Web Platform (EWP) 5.2.0 allow remote attackers to bypass authentication via an empty password. | ||||
| CVE-2012-1165 | 2 Openssl, Redhat | 4 Openssl, Enterprise Linux, Jboss Enterprise Application Platform and 1 more | 2025-04-11 | N/A |
| The mime_param_cmp function in crypto/asn1/asn_mime.c in OpenSSL before 0.9.8u and 1.x before 1.0.0h allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) via a crafted S/MIME message, a different vulnerability than CVE-2006-7250. | ||||
| CVE-2010-1157 | 2 Apache, Redhat | 3 Tomcat, Jboss Enterprise Application Platform, Jboss Enterprise Web Server | 2025-04-11 | N/A |
| Apache Tomcat 5.5.0 through 5.5.29 and 6.0.0 through 6.0.26 might allow remote attackers to discover the server's hostname or IP address by sending a request for a resource that requires (1) BASIC or (2) DIGEST authentication, and then reading the realm field in the WWW-Authenticate header in the reply. | ||||
| CVE-2012-3427 | 1 Redhat | 1 Jboss Enterprise Application Platform | 2025-04-11 | N/A |
| EC2 Amazon Machine Image (AMI) in JBoss Enterprise Application Platform (EAP) 5.1.2 uses 755 permissions for /var/cache/jboss-ec2-eap/, which allows local users to read sensitive information such as Amazon Web Services (AWS) credentials by reading files in the directory. | ||||