Vulmon Recent Vulnerabilities Research Posts Trends Blog About Contact

redhat jboss enterprise application platform 5.1.2 vulnerabilities and exploits

(subscribe to this query)
7.5
CVSSv2
CVE-2016-3690
The PooledInvokerServlet in JBoss EAP 4.x and 5.x allows remote malicious users to execute arbitrary code via a crafted serialized payload.
Redhat Jboss Enterprise Application Platform 5.2.0Redhat Jboss Enterprise Application Platform 5.1.2Redhat Jboss Enterprise Application Platform 5.0.0Redhat Jboss Enterprise Application Platform 4.2.0Redhat Jboss Enterprise Application Platform 4.3.0Redhat Jboss Enterprise Application Platform 5.1.1Redhat Jboss Enterprise Application Platform 5.1.0
5
CVSSv2
CVE-2011-4610
JBoss Web, as used in Red Hat JBoss Communications Platform prior to 5.1.3, Enterprise Web Platform prior to 5.1.2, Enterprise Application Platform prior to 5.1.2, and other products, allows remote malicious users to cause a denial of service (infinite loop) via vectors related t...
Redhat Jboss Enterprise Application PlatformRedhat Jboss Enterprise Web PlatformRedhat Jboss Enterprise Brms PlatformRedhat Jboss Communications Platform
2.1
CVSSv2
CVE-2012-3427
EC2 Amazon Machine Image (AMI) in JBoss Enterprise Application Platform (EAP) 5.1.2 uses 755 permissions for /var/cache/jboss-ec2-eap/, which allows local users to read sensitive information such as Amazon Web Services (AWS) credentials by reading files in the directory.
Redhat Jboss Enterprise Application Platform 5.1.2
2.1
CVSSv2
CVE-2013-0218
The GUI installer in JBoss Enterprise Application Platform (EAP) and Enterprise Web Platform (EWP) 5.2.0 and possibly 5.1.2 uses world-readable permissions for the auto-install XML file, which allows local users to obtain the administrator password and the sucker password by read...
Redhat Jboss Enterprise Application Platform 5.2.0Redhat Jboss Enterprise Application Platform 5.1.2Redhat Jboss Enterprise Web Platform 5.1.2Redhat Jboss Enterprise Web Platform 5.2.0
2.1
CVSSv2
CVE-2012-0034
The NonManagedConnectionFactory in JBoss Enterprise Application Platform (EAP) 5.1.2 and 5.2.0, Web Platform (EWP) 5.1.2 and 5.2.0, and BRMS Platform prior to 5.3.1 logs the username and password in cleartext when an exception is thrown, which allows local users to obtain sensiti...
Redhat Jboss Enterprise Application Platform 5.1.2Redhat Jboss Enterprise Application Platform 5.2.0Redhat Jboss Enterprise Web Platform 5.2.0Redhat Jboss Enterprise Web Platform 5.1.2Redhat Jboss Enterprise Brms Platform
5.8
CVSSv2
CVE-2012-4549
The processInvocation function in org.jboss.as.ejb3.security.AuthorizationInterceptor in JBoss Enterprise Application Platform (aka JBoss EAP or JBEAP) prior to 6.0.1, authorizes all requests when no roles are allowed for an Enterprise Java Beans (EJB) method invocation, which al...
Redhat Jboss Enterprise Application Platform 5.1.1Redhat Jboss Enterprise Application Platform 4.3.0Redhat Jboss Enterprise Application Platform 5.0.0Redhat Jboss Enterprise Application Platform 5.1.0Redhat Jboss Enterprise Application Platform 5.2.1Redhat Jboss Enterprise Application Platform 5.2.0Redhat Jboss Enterprise Application Platform 5.2.2Redhat Jboss Enterprise Application Platform 5.0.1Redhat Jboss Enterprise Application Platform 5.1.2Redhat Jboss Enterprise Application Platform 4.2.0Redhat Jboss Enterprise Application Platform
6.8
CVSSv2
CVE-2011-4085
The servlets invoked by httpha-invoker in JBoss Enterprise Application Platform prior to 5.1.2, SOA Platform prior to 5.2.0, BRMS Platform prior to 5.3.0, and Portal Platform prior to 4.3 CP07 perform access control only for the GET and POST methods, which allow remote malicious ...
Redhat Jboss Enterprise Application Platform 4.3.0Redhat Jboss Enterprise Application Platform 5.0.1Redhat Jboss Enterprise Application Platform 5.1.0Redhat Jboss Enterprise Application Platform 4.2.0Redhat Jboss Enterprise Application PlatformRedhat Jboss Enterprise Application Platform 5.0.0Redhat Jboss Enterprise Soa Platform 4.3.0Redhat Jboss Enterprise Soa Platform 4.2.0Redhat Jboss Enterprise Soa Platform 5.0.2Redhat Jboss Enterprise Soa Platform 5.0.1Redhat Jboss Enterprise Soa Platform 5.1.0Redhat Jboss Enterprise Soa PlatformRedhat Jboss Enterprise Soa Platform 5.0.0Redhat Jboss Enterprise Brms PlatformRedhat Jboss Enterprise Portal Platform
4.6
CVSSv2
CVE-2012-1167
The JBoss Server in JBoss Enterprise Application Platform 5.1.x prior to 5.1.2 and 5.2.x prior to 5.2.2, Web Platform prior to 5.1.2, BRMS Platform prior to 5.3.0, and SOA Platform prior to 5.3.0, when the server is configured to use the JaccAuthorizationRealm and the ignoreBaseD...
Redhat Jboss Enterprise Application Platform 5.1.1Redhat Jboss Enterprise Application Platform 5.1.0Redhat Jboss Enterprise Application Platform 5.2.0Redhat Jboss Enterprise Application Platform 5.2.1Redhat Jboss Enterprise Soa Platform 5.1.0Redhat Jboss Enterprise Soa Platform 5.0.2Redhat Jboss Enterprise Soa Platform 5.0.1Redhat Jboss Enterprise Soa PlatformRedhat Jboss Enterprise Soa Platform 5.1.1Redhat Jboss Enterprise Web Platform 5.1.0Redhat Jboss Enterprise Brms PlatformRedhat Jboss Enterprise Web PlatformRedhat Jboss Enterprise Soa Platform 5.0.0
7.5
CVSSv2
CVE-2011-4605
The (1) JNDI service, (2) HA-JNDI service, and (3) HAJNDIFactory invoker servlet in JBoss Enterprise Application Platform 4.3.0 CP10 and 5.1.2, Web Platform 5.1.2, SOA Platform 4.2.0.CP05 and 4.3.0.CP05, Portal Platform 4.3 CP07 and 5.2.x prior to 5.2.2, and BRMS Platform prior t...
Redhat Jboss Enterprise Application Platform 4.3.0Redhat Jboss Enterprise Application Platform 5.1.2Redhat Jboss Enterprise Web Platform 5.1.2Redhat Jboss Enterprise Portal Platform 5.2.1Redhat Jboss Enterprise Portal Platform 4.3.0Redhat Jboss Enterprise Brms PlatformRedhat Jboss Enterprise Soa Platform 4.2.0Redhat Jboss Enterprise Portal Platform 5.2.0Redhat Jboss Enterprise Soa Platform 4.3.0
4.3
CVSSv2
CVE-2012-1154
mod_cluster 1.0.10 prior to 1.0.10 CP03 and 1.1.x prior to 1.1.4, as used in JBoss Enterprise Application Platform 5.1.2, when "ROOT" is set to excludedContexts, exposes the root context of the server, which allows remote malicious users to bypass access restrictions an...
Redhat Jboss Enterprise Application Platform 5.1.2Redhat Mod Cluster 1.1.0Redhat Mod Cluster 1.1.1Redhat Mod Cluster 1.1.2Redhat Mod Cluster 1.1.3Redhat Mod Cluster 1.1.4Redhat Mod Cluster 1.0.10
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-21111CVE-2024-32884IDORCVE-2023-1000CVE-2024-33260CVE-2024-3682reflected XSSrace conditionCVE-2024-3400
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started

Vulmon Search

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

About

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Products

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Connect

Twitter Reddit Linkedin Facebook