redhat jboss enterprise application platform 4.2.0 vulnerabilities and exploits

(subscribe to this query)

The PooledInvokerServlet in JBoss EAP 4.x and 5.x allows remote malicious users to execute arbitrary code via a crafted serialized payload.

Redhat Jboss Enterprise Application Platform 5.2.0 Redhat Jboss Enterprise Application Platform 5.1.2 Redhat Jboss Enterprise Application Platform 5.0.0 Redhat Jboss Enterprise Application Platform 4.2.0 Redhat Jboss Enterprise Application Platform 4.3.0 Redhat Jboss Enterprise Application Platform 5.1.1 Redhat Jboss Enterprise Application Platform 5.1.0

The (1) JNDI service, (2) HA-JNDI service, and (3) HAJNDIFactory invoker servlet in JBoss Enterprise Application Platform 4.3.0 CP10 and 5.1.2, Web Platform 5.1.2, SOA Platform 4.2.0.CP05 and 4.3.0.CP05, Portal Platform 4.3 CP07 and 5.2.x prior to 5.2.2, and BRMS Platform prior t...

Redhat Jboss Enterprise Application Platform 4.3.0 Redhat Jboss Enterprise Application Platform 5.1.2 Redhat Jboss Enterprise Web Platform 5.1.2 Redhat Jboss Enterprise Portal Platform 5.2.1 Redhat Jboss Enterprise Portal Platform 4.3.0 Redhat Jboss Enterprise Brms Platform Redhat Jboss Enterprise Soa Platform 4.2.0 Redhat Jboss Enterprise Portal Platform 5.2.0 Redhat Jboss Enterprise Soa Platform 4.3.0

The serialization implementation in JBoss Drools in Red Hat JBoss Enterprise Application Platform (aka JBoss EAP or JBEAP) 4.3 prior to 4.3.0.CP09 and JBoss Enterprise SOA Platform 4.2 and 4.3 supports the embedding of class files, which allows remote malicious users to execute a...

Redhat Jboss Enterprise Application Platform 4.3.0 Redhat Jboss Enterprise Soa Platform 4.2.0 Redhat Jboss Enterprise Soa Platform 4.3.0

The servlets invoked by httpha-invoker in JBoss Enterprise Application Platform prior to 5.1.2, SOA Platform prior to 5.2.0, BRMS Platform prior to 5.3.0, and Portal Platform prior to 4.3 CP07 perform access control only for the GET and POST methods, which allow remote malicious ...

Redhat Jboss Enterprise Application Platform 4.3.0 Redhat Jboss Enterprise Application Platform 5.0.1 Redhat Jboss Enterprise Application Platform 5.1.0 Redhat Jboss Enterprise Application Platform 4.2.0 Redhat Jboss Enterprise Application Platform Redhat Jboss Enterprise Application Platform 5.0.0 Redhat Jboss Enterprise Soa Platform 4.3.0 Redhat Jboss Enterprise Soa Platform 4.2.0 Redhat Jboss Enterprise Soa Platform 5.0.2 Redhat Jboss Enterprise Soa Platform 5.0.1 Redhat Jboss Enterprise Soa Platform 5.1.0 Redhat Jboss Enterprise Soa Platform Redhat Jboss Enterprise Soa Platform 5.0.0 Redhat Jboss Enterprise Brms Platform Redhat Jboss Enterprise Portal Platform

The processInvocation function in org.jboss.as.ejb3.security.AuthorizationInterceptor in JBoss Enterprise Application Platform (aka JBoss EAP or JBEAP) prior to 6.0.1, authorizes all requests when no roles are allowed for an Enterprise Java Beans (EJB) method invocation, which al...

Redhat Jboss Enterprise Application Platform 5.1.1 Redhat Jboss Enterprise Application Platform 4.3.0 Redhat Jboss Enterprise Application Platform 5.0.0 Redhat Jboss Enterprise Application Platform 5.1.0 Redhat Jboss Enterprise Application Platform 5.2.1 Redhat Jboss Enterprise Application Platform 5.2.0 Redhat Jboss Enterprise Application Platform 5.2.2 Redhat Jboss Enterprise Application Platform 5.0.1 Redhat Jboss Enterprise Application Platform 5.1.2 Redhat Jboss Enterprise Application Platform 4.2.0 Redhat Jboss Enterprise Application Platform

wsf/common/DOMUtils.java in JBossWS Native in Red Hat JBoss Enterprise Application Platform 4.2.0.CP09, 4.3, and 5.1.1; JBoss Enterprise Portal Platform 4.3.CP06 and 5.1.1; JBoss Enterprise SOA Platform 4.2.CP05, 4.3.CP05, and 5.1.0; JBoss Communications Platform 1.2.11 and 5.1.1...

Redhat Jboss Enterprise Portal Platform 4.3.0 Redhat Jboss Enterprise Soa Platform 4.2.0 Redhat Jboss Enterprise Soa Platform 5.1.0 Redhat Jboss Communications Platform 1.2.11 Redhat Jboss Communications Platform 5.1.1 Redhat Jboss Enterprise Brms Platform 5.1.0 Redhat Jboss Enterprise Application Platform 4.2.0 Redhat Jboss Enterprise Application Platform 4.3.0 Redhat Jboss Enterprise Application Platform 5.1.1 Redhat Jboss Enterprise Portal Platform 5.1.1 Redhat Jboss Enterprise Soa Platform 4.3.0 Redhat Jboss Enterprise Web Platform 5.1.1 Hp Network Node Manager I 9.02 Hp Network Node Manager I 9.0 Hp Network Node Manager I 9.10 Hp Network Node Manager I 9.03 Hp Network Node Manager I 9.01

The default configuration of the deployment descriptor (aka web.xml) in picketlink-sts.war in (1) the security_saml quickstart, (2) the webservice_proxy_security quickstart, (3) the web-console application, (4) the http-invoker application, (5) the gpd-deployer application, (6) t...

Redhat Jboss Enterprise Soa Platform 4.3.0 Redhat Jboss Enterprise Soa Platform 5.0.0 Redhat Jboss Enterprise Soa Platform 4.2.0 Redhat Jboss Enterprise Soa Platform

The Web Console (aka web-console) in JBossAs in Red Hat JBoss Enterprise Application Platform (aka JBoss EAP or JBEAP) 4.2 prior to 4.2.0.CP09 and 4.3 prior to 4.3.0.CP08 performs access control only for the GET and POST methods, which allows remote malicious users to obtain sens...

Redhat Jboss Enterprise Application Platform 4.2.0 Redhat Jboss Enterprise Application Platform 4.3.0 Redhat Jboss Enterprise Application Platform Redhat Jboss Enterprise Application Platform 4.2 Redhat Jboss Enterprise Application Platform 4.3

Red Hat JBoss Enterprise Application Platform (aka JBoss EAP or JBEAP) 4.2 prior to 4.2.0.CP09 and 4.3 prior to 4.3.0.CP08 allows remote malicious users to obtain sensitive information about "deployed web contexts" via a request to the status servlet, as demonstrated by...

Redhat Jboss Enterprise Application Platform 4.3.0 Redhat Jboss Enterprise Application Platform 4.2.0 Redhat Jboss Enterprise Application Platform Redhat Jboss Enterprise Application Platform 4.2 Redhat Jboss Enterprise Application Platform 4.3

1 Github repository

The JMX-Console web application in JBossAs in Red Hat JBoss Enterprise Application Platform (aka JBoss EAP or JBEAP) 4.2 prior to 4.2.0.CP09 and 4.3 prior to 4.3.0.CP08 performs access control only for the GET and POST methods, which allows remote malicious users to send requests...

Redhat Jboss Enterprise Application Platform 4.2.0 Redhat Jboss Enterprise Application Platform 4.2 Redhat Jboss Enterprise Application Platform 4.3.0 Redhat Jboss Enterprise Application Platform 4.3

4 EDB exploits2 Nmap scripts4 Github repositories1 Article

1 2 NEXT »

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Twitter Reddit Linkedin Facebook