Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
redhat jboss enterprise application platform 4.3 vulnerabilities and exploits
(subscribe to this query)
NA
CVE-2010-1429
Red Hat JBoss Enterprise Application Platform (aka JBoss EAP or JBEAP) 4.2 prior to 4.2.0.CP09 and 4.3 prior to 4.3.0.CP08 allows remote malicious users to obtain sensitive information about "deployed web contexts" via a request to the status servlet, as demonstrated by...
Redhat Jboss Enterprise Application Platform 4.3.0
Redhat Jboss Enterprise Application Platform 4.2.0
Redhat Jboss Enterprise Application Platform
Redhat Jboss Enterprise Application Platform 4.2
Redhat Jboss Enterprise Application Platform 4.3
1 Github repository
NA
CVE-2010-1428
The Web Console (aka web-console) in JBossAs in Red Hat JBoss Enterprise Application Platform (aka JBoss EAP or JBEAP) 4.2 prior to 4.2.0.CP09 and 4.3 prior to 4.3.0.CP08 performs access control only for the GET and POST methods, which allows remote malicious users to obtain sens...
Redhat Jboss Enterprise Application Platform 4.2.0
Redhat Jboss Enterprise Application Platform 4.3.0
Redhat Jboss Enterprise Application Platform
Redhat Jboss Enterprise Application Platform 4.2
Redhat Jboss Enterprise Application Platform 4.3
NA
CVE-2008-3519
The default configuration of the JBossAs component in Red Hat JBoss Enterprise Application Platform (aka JBossEAP or EAP), possibly 4.2 before CP04 and 4.3 before CP02, when a production environment is enabled, sets the DownloadServerClasses property to true, which allows remote ...
Redhat Jboss Enterprise Application Platform 4.2
Redhat Jboss Enterprise Application Platform
Redhat Jboss Enterprise Application Platform 4.3
NA
CVE-2010-0738
The JMX-Console web application in JBossAs in Red Hat JBoss Enterprise Application Platform (aka JBoss EAP or JBEAP) 4.2 prior to 4.2.0.CP09 and 4.3 prior to 4.3.0.CP08 performs access control only for the GET and POST methods, which allows remote malicious users to send requests...
Redhat Jboss Enterprise Application Platform 4.2.0
Redhat Jboss Enterprise Application Platform 4.2
Redhat Jboss Enterprise Application Platform 4.3.0
Redhat Jboss Enterprise Application Platform 4.3
4 EDB exploits
2 Nmap scripts
4 Github repositories
1 Article
NA
CVE-2009-1380
Cross-site scripting (XSS) vulnerability in JMX-Console in JBossAs in Red Hat JBoss Enterprise Application Platform (aka JBoss EAP or JBEAP) 4.2 prior to 4.2.0.CP08 and 4.3 prior to 4.3.0.CP07 allows remote malicious users to inject arbitrary web script or HTML via the filter par...
Redhat Jboss Enterprise Application Platform 4.3
Redhat Jboss Enterprise Application Platform 4.2
Redhat Jboss Enterprise Application Platform 4.2.0
Redhat Jboss Enterprise Application Platform 4.3.0
NA
CVE-2009-2405
Multiple cross-site scripting (XSS) vulnerabilities in the Web Console in the Application Server in Red Hat JBoss Enterprise Application Platform (aka JBoss EAP or JBEAP) 4.2.0 prior to 4.2.0.CP08, 4.2.2GA, 4.3 prior to 4.3.0.CP07, and 5.1.0GA allow remote malicious users to inje...
Redhat Jboss Enterprise Application Platform 4.3
Redhat Jboss Enterprise Application Platform 5.1.0
Redhat Jboss Enterprise Application Platform 4.2
Redhat Jboss Enterprise Application Platform 4.2.0
Redhat Jboss Enterprise Application Platform 4.3.0
Redhat Jboss Enterprise Application Platform 4.2.2
NA
CVE-2011-4085
The servlets invoked by httpha-invoker in JBoss Enterprise Application Platform prior to 5.1.2, SOA Platform prior to 5.2.0, BRMS Platform prior to 5.3.0, and Portal Platform prior to 4.3 CP07 perform access control only for the GET and POST methods, which allow remote malicious ...
Redhat Jboss Enterprise Application Platform 4.3.0
Redhat Jboss Enterprise Application Platform 5.0.1
Redhat Jboss Enterprise Application Platform 5.1.0
Redhat Jboss Enterprise Application Platform 4.2.0
Redhat Jboss Enterprise Application Platform
Redhat Jboss Enterprise Application Platform 5.0.0
Redhat Jboss Enterprise Soa Platform 4.3.0
Redhat Jboss Enterprise Soa Platform 4.2.0
Redhat Jboss Enterprise Soa Platform 5.0.2
Redhat Jboss Enterprise Soa Platform 5.0.1
Redhat Jboss Enterprise Soa Platform 5.1.0
Redhat Jboss Enterprise Soa Platform
Redhat Jboss Enterprise Soa Platform 5.0.0
Redhat Jboss Enterprise Brms Platform
Redhat Jboss Enterprise Portal Platform
NA
CVE-2009-3554
Twiddle in Red Hat JBoss Enterprise Application Platform (aka JBoss EAP or JBEAP) 4.2 prior to 4.2.0.CP08 and 4.3 prior to 4.3.0.CP07 writes the JMX password, and other command-line arguments, to the twiddle.log file, which allows local users to obtain sensitive information by re...
Redhat Jboss Enterprise Application Platform 4.2
Redhat Jboss Enterprise Application Platform 4.2.0
Redhat Jboss Enterprise Application Platform 4.2.2
NA
CVE-2011-4605
The (1) JNDI service, (2) HA-JNDI service, and (3) HAJNDIFactory invoker servlet in JBoss Enterprise Application Platform 4.3.0 CP10 and 5.1.2, Web Platform 5.1.2, SOA Platform 4.2.0.CP05 and 4.3.0.CP05, Portal Platform 4.3 CP07 and 5.2.x prior to 5.2.2, and BRMS Platform prior t...
Redhat Jboss Enterprise Application Platform 4.3.0
Redhat Jboss Enterprise Application Platform 5.1.2
Redhat Jboss Enterprise Web Platform 5.1.2
Redhat Jboss Enterprise Portal Platform 5.2.1
Redhat Jboss Enterprise Portal Platform 4.3.0
Redhat Jboss Enterprise Brms Platform
Redhat Jboss Enterprise Soa Platform 4.2.0
Redhat Jboss Enterprise Portal Platform 5.2.0
Redhat Jboss Enterprise Soa Platform 4.3.0
NA
CVE-2009-0027
The request handler in JBossWS in JBoss Enterprise Application Platform (aka JBoss EAP or JBEAP) 4.2 prior to 4.2.0.CP06 and 4.3 prior to 4.3.0.CP04 does not properly validate the resource path during a request for a WSDL file with a custom web-service endpoint, which allows remo...
Redhat Jboss Enterprise Application Platform 4.3.0
Redhat Jboss Enterprise Application Platform 4.2.0
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2023-7028
memory leak
log injection
CVE-2024-3400
CVE-2022-48695
CVE-2022-48675
CVE-2024-34487
CVE-2024-33792
spoof
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
1
2
NEXT »