Vulmon Recent Vulnerabilities Research Posts Trends Blog About Contact

redhat jboss enterprise application platform 5.1.1 vulnerabilities and exploits

(subscribe to this query)
7.5
CVSSv2
CVE-2016-3690
The PooledInvokerServlet in JBoss EAP 4.x and 5.x allows remote malicious users to execute arbitrary code via a crafted serialized payload.
Redhat Jboss Enterprise Application Platform 5.2.0Redhat Jboss Enterprise Application Platform 5.1.2Redhat Jboss Enterprise Application Platform 5.0.0Redhat Jboss Enterprise Application Platform 4.2.0Redhat Jboss Enterprise Application Platform 4.3.0Redhat Jboss Enterprise Application Platform 5.1.1Redhat Jboss Enterprise Application Platform 5.1.0
6.8
CVSSv2
CVE-2011-4085
The servlets invoked by httpha-invoker in JBoss Enterprise Application Platform prior to 5.1.2, SOA Platform prior to 5.2.0, BRMS Platform prior to 5.3.0, and Portal Platform prior to 4.3 CP07 perform access control only for the GET and POST methods, which allow remote malicious ...
Redhat Jboss Enterprise Application Platform 4.3.0Redhat Jboss Enterprise Application Platform 5.0.1Redhat Jboss Enterprise Application Platform 5.1.0Redhat Jboss Enterprise Application Platform 4.2.0Redhat Jboss Enterprise Application PlatformRedhat Jboss Enterprise Application Platform 5.0.0Redhat Jboss Enterprise Soa Platform 4.3.0Redhat Jboss Enterprise Soa Platform 4.2.0Redhat Jboss Enterprise Soa Platform 5.0.2Redhat Jboss Enterprise Soa Platform 5.0.1Redhat Jboss Enterprise Soa Platform 5.1.0Redhat Jboss Enterprise Soa PlatformRedhat Jboss Enterprise Soa Platform 5.0.0Redhat Jboss Enterprise Brms PlatformRedhat Jboss Enterprise Portal Platform
6.8
CVSSv2
CVE-2011-2196
jboss-seam.jar in the JBoss Seam 2 framework 2.2.x and previous versions, as distributed in Red Hat JBoss Enterprise SOA Platform 4.3.0.CP05 and 5.1.0; JBoss Enterprise Application Platform (aka JBoss EAP or JBEAP) 4.3.0, 4.3.0.CP09, and 5.1.1; and JBoss Enterprise Web Platform 5...
Redhat Jboss Seam 2 Framework 2.1.2Redhat Jboss Seam 2 FrameworkRedhat Jboss Seam 2 Framework 2.0.0Redhat Jboss Seam 2 Framework 2.2.0Redhat Jboss Seam 2 Framework 2.0.2Redhat Jboss Enterprise Application Platform 4.3.0Redhat Jboss Seam 2 Framework 2.1.0Redhat Jboss Enterprise Application Platform 5.1.1Redhat Jboss Enterprise Soa Platform 5.1.0Redhat Jboss Seam 2 Framework 2.0.1Redhat Jboss Seam 2 Framework 2.1.1Redhat Jboss Seam 2 Framework 2.2.1Redhat Jboss Seam 2 Framework 2.0.3Redhat Jboss Enterprise Soa Platform 4.3.0Redhat Jboss Enterprise Web Platform 5.1.1
6
CVSSv2
CVE-2011-2908
Cross-site request forgery (CSRF) vulnerability in the JMX Console (jmx-console) in JBoss Enterprise Portal Platform prior to 5.2.2, BRMS Platform 5.3.0 before roll up patch1, and SOA Platform 5.3.0 allows remote authenticated users to hijack the authentication of arbitrary users...
Redhat Jboss Enterprise Portal Platform 5.0.0Redhat Jboss Enterprise Portal Platform 5.1.1Redhat Jboss Enterprise Portal Platform 5.1.0Redhat Jboss Enterprise Portal PlatformRedhat Jboss Enterprise Brms Platform 5.3.0Redhat Jboss Enterprise Portal Platform 5.2.0Redhat Jboss Enterprise Soa Platform 5.3.0Redhat Jboss Enterprise Portal Platform 5.0.1
5.8
CVSSv2
CVE-2012-4549
The processInvocation function in org.jboss.as.ejb3.security.AuthorizationInterceptor in JBoss Enterprise Application Platform (aka JBoss EAP or JBEAP) prior to 6.0.1, authorizes all requests when no roles are allowed for an Enterprise Java Beans (EJB) method invocation, which al...
Redhat Jboss Enterprise Application Platform 5.1.1Redhat Jboss Enterprise Application Platform 4.3.0Redhat Jboss Enterprise Application Platform 5.0.0Redhat Jboss Enterprise Application Platform 5.1.0Redhat Jboss Enterprise Application Platform 5.2.1Redhat Jboss Enterprise Application Platform 5.2.0Redhat Jboss Enterprise Application Platform 5.2.2Redhat Jboss Enterprise Application Platform 5.0.1Redhat Jboss Enterprise Application Platform 5.1.2Redhat Jboss Enterprise Application Platform 4.2.0Redhat Jboss Enterprise Application Platform
5.8
CVSSv2
CVE-2011-4314
message/ax/AxMessage.java in OpenID4Java prior to 0.9.6 final, as used in JBoss Enterprise Application Platform 5.1 prior to 5.1.2, Step2, Kay Framework prior to 1.0.2, and possibly other products does not verify that Attribute Exchange (AX) information is signed, which allows re...
Redhat Jboss Enterprise Application Platform 5.1.0Redhat Jboss Enterprise Application Platform 5.1.1Kay Framework Project Kay Framework 0.1.0Kay Framework Project Kay Framework 0.0.0Openid Openid4java 0.9.3Openid Openid4java 0.9.2Kay Framework Project Kay Framework 0.3.0Kay Framework Project Kay Framework 0.2.0Redhat Jboss Enterprise Application Platform 5.1.2Kay Framework Project Kay FrameworkOpenid Openid4javaOpenid Openid4java 0.9.4.339Kay Framework Project Kay Framework 1.0.0Kay Framework Project Kay Framework 0.8.0
5
CVSSv2
CVE-2011-1483
wsf/common/DOMUtils.java in JBossWS Native in Red Hat JBoss Enterprise Application Platform 4.2.0.CP09, 4.3, and 5.1.1; JBoss Enterprise Portal Platform 4.3.CP06 and 5.1.1; JBoss Enterprise SOA Platform 4.2.CP05, 4.3.CP05, and 5.1.0; JBoss Communications Platform 1.2.11 and 5.1.1...
Redhat Jboss Enterprise Portal Platform 4.3.0Redhat Jboss Enterprise Soa Platform 4.2.0Redhat Jboss Enterprise Soa Platform 5.1.0Redhat Jboss Communications Platform 1.2.11Redhat Jboss Communications Platform 5.1.1Redhat Jboss Enterprise Brms Platform 5.1.0Redhat Jboss Enterprise Application Platform 4.2.0Redhat Jboss Enterprise Application Platform 4.3.0Redhat Jboss Enterprise Application Platform 5.1.1Redhat Jboss Enterprise Portal Platform 5.1.1Redhat Jboss Enterprise Soa Platform 4.3.0Redhat Jboss Enterprise Web Platform 5.1.1Hp Network Node Manager I 9.02Hp Network Node Manager I 9.0Hp Network Node Manager I 9.10Hp Network Node Manager I 9.03Hp Network Node Manager I 9.01
5
CVSSv2
CVE-2011-1096
The W3C XML Encryption Standard, as used in the JBoss Web Services (JBossWS) component in JBoss Enterprise Portal Platform prior to 5.2.2 and other products, when using block ciphers in cipher-block chaining (CBC) mode, allows remote malicious users to obtain plaintext data via a...
Redhat Jboss Enterprise Portal Platform 5.0.0Redhat Jboss Enterprise Portal Platform 5.1.1Redhat Jboss Enterprise Portal Platform 5.1.0Redhat Jboss Enterprise Portal PlatformRedhat Jboss Enterprise Portal Platform 5.2.0Redhat Jboss Enterprise Portal Platform 5.0.1
4.6
CVSSv2
CVE-2012-1167
The JBoss Server in JBoss Enterprise Application Platform 5.1.x prior to 5.1.2 and 5.2.x prior to 5.2.2, Web Platform prior to 5.1.2, BRMS Platform prior to 5.3.0, and SOA Platform prior to 5.3.0, when the server is configured to use the JaccAuthorizationRealm and the ignoreBaseD...
Redhat Jboss Enterprise Application Platform 5.1.1Redhat Jboss Enterprise Application Platform 5.1.0Redhat Jboss Enterprise Application Platform 5.2.0Redhat Jboss Enterprise Application Platform 5.2.1Redhat Jboss Enterprise Soa Platform 5.1.0Redhat Jboss Enterprise Soa Platform 5.0.2Redhat Jboss Enterprise Soa Platform 5.0.1Redhat Jboss Enterprise Soa PlatformRedhat Jboss Enterprise Soa Platform 5.1.1Redhat Jboss Enterprise Web Platform 5.1.0Redhat Jboss Enterprise Brms PlatformRedhat Jboss Enterprise Web PlatformRedhat Jboss Enterprise Soa Platform 5.0.0
3.3
CVSSv2
CVE-2012-2377
JGroups diagnostics service in JBoss Enterprise Portal Platform prior to 5.2.2, SOA Platform prior to 5.3.0, and BRMS Platform prior to 5.3.0, is enabled without authentication when started by the JGroups channel, which allows remote attackers in adjacent networks to read diagnos...
Redhat Jboss Enterprise Portal Platform 5.1.1Redhat Jboss Enterprise Portal Platform 5.1.0Redhat Jboss Enterprise Portal PlatformRedhat Jboss Enterprise Portal Platform 5.2.0Redhat Jboss Enterprise Portal Platform 4.3.0Redhat Jboss Enterprise Portal Platform 5.0.1Redhat Jboss Enterprise Portal Platform 5.0.0Redhat Jboss Enterprise Soa Platform 5.1.1Redhat Jboss Enterprise Soa Platform 5.1.0Redhat Jboss Enterprise Soa Platform 4.2.0Redhat Jboss Enterprise Soa PlatformRedhat Jboss Enterprise Soa Platform 4.3.0Redhat Jboss Enterprise Soa Platform 5.0.0Redhat Jboss Enterprise Soa Platform 5.0.2Redhat Jboss Enterprise Soa Platform 5.0.1Redhat Jboss Enterprise Brms Platform
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
blind SQL injectionCVE-2006-4304CVE-2023-26603CVE-2024-28327CVE-2023-50363CVE-2024-21905template injectionCVE-2024-3400cross-site request forgery
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started

Vulmon Search

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

About

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Products

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Connect

Twitter Reddit Linkedin Facebook