redhat jboss enterprise web platform 5.1.2 vulnerabilities and exploits

(subscribe to this query)

JBoss Web, as used in Red Hat JBoss Communications Platform prior to 5.1.3, Enterprise Web Platform prior to 5.1.2, Enterprise Application Platform prior to 5.1.2, and other products, allows remote malicious users to cause a denial of service (infinite loop) via vectors related t...

Redhat Jboss Enterprise Application Platform Redhat Jboss Enterprise Web Platform Redhat Jboss Enterprise Brms Platform Redhat Jboss Communications Platform

EC2 Amazon Machine Image (AMI) in JBoss Enterprise Application Platform (EAP) 5.1.2 uses 755 permissions for /var/cache/jboss-ec2-eap/, which allows local users to read sensitive information such as Amazon Web Services (AWS) credentials by reading files in the directory.

Redhat Jboss Enterprise Application Platform 5.1.2

The GUI installer in JBoss Enterprise Application Platform (EAP) and Enterprise Web Platform (EWP) 5.2.0 and possibly 5.1.2 uses world-readable permissions for the auto-install XML file, which allows local users to obtain the administrator password and the sucker password by read...

Redhat Jboss Enterprise Application Platform 5.2.0 Redhat Jboss Enterprise Application Platform 5.1.2 Redhat Jboss Enterprise Web Platform 5.1.2 Redhat Jboss Enterprise Web Platform 5.2.0

The NonManagedConnectionFactory in JBoss Enterprise Application Platform (EAP) 5.1.2 and 5.2.0, Web Platform (EWP) 5.1.2 and 5.2.0, and BRMS Platform prior to 5.3.1 logs the username and password in cleartext when an exception is thrown, which allows local users to obtain sensiti...

Redhat Jboss Enterprise Application Platform 5.1.2 Redhat Jboss Enterprise Application Platform 5.2.0 Redhat Jboss Enterprise Web Platform 5.2.0 Redhat Jboss Enterprise Web Platform 5.1.2 Redhat Jboss Enterprise Brms Platform

The JBoss Server in JBoss Enterprise Application Platform 5.1.x prior to 5.1.2 and 5.2.x prior to 5.2.2, Web Platform prior to 5.1.2, BRMS Platform prior to 5.3.0, and SOA Platform prior to 5.3.0, when the server is configured to use the JaccAuthorizationRealm and the ignoreBaseD...

Redhat Jboss Enterprise Application Platform 5.1.1 Redhat Jboss Enterprise Application Platform 5.1.0 Redhat Jboss Enterprise Application Platform 5.2.0 Redhat Jboss Enterprise Application Platform 5.2.1 Redhat Jboss Enterprise Soa Platform 5.1.0 Redhat Jboss Enterprise Soa Platform 5.0.2 Redhat Jboss Enterprise Soa Platform 5.0.1 Redhat Jboss Enterprise Soa Platform Redhat Jboss Enterprise Soa Platform 5.1.1 Redhat Jboss Enterprise Web Platform 5.1.0 Redhat Jboss Enterprise Brms Platform Redhat Jboss Enterprise Web Platform Redhat Jboss Enterprise Soa Platform 5.0.0

The (1) JNDI service, (2) HA-JNDI service, and (3) HAJNDIFactory invoker servlet in JBoss Enterprise Application Platform 4.3.0 CP10 and 5.1.2, Web Platform 5.1.2, SOA Platform 4.2.0.CP05 and 4.3.0.CP05, Portal Platform 4.3 CP07 and 5.2.x prior to 5.2.2, and BRMS Platform prior t...

Redhat Jboss Enterprise Application Platform 4.3.0 Redhat Jboss Enterprise Application Platform 5.1.2 Redhat Jboss Enterprise Web Platform 5.1.2 Redhat Jboss Enterprise Portal Platform 5.2.1 Redhat Jboss Enterprise Portal Platform 4.3.0 Redhat Jboss Enterprise Brms Platform Redhat Jboss Enterprise Soa Platform 4.2.0 Redhat Jboss Enterprise Portal Platform 5.2.0 Redhat Jboss Enterprise Soa Platform 4.3.0

message/ax/AxMessage.java in OpenID4Java prior to 0.9.6 final, as used in JBoss Enterprise Application Platform 5.1 prior to 5.1.2, Step2, Kay Framework prior to 1.0.2, and possibly other products does not verify that Attribute Exchange (AX) information is signed, which allows re...

Redhat Jboss Enterprise Application Platform 5.1.0 Redhat Jboss Enterprise Application Platform 5.1.1 Kay Framework Project Kay Framework 0.1.0 Kay Framework Project Kay Framework 0.0.0 Openid Openid4java 0.9.3 Openid Openid4java 0.9.2 Kay Framework Project Kay Framework 0.3.0 Kay Framework Project Kay Framework 0.2.0 Redhat Jboss Enterprise Application Platform 5.1.2 Kay Framework Project Kay Framework Openid Openid4java Openid Openid4java 0.9.4.339 Kay Framework Project Kay Framework 1.0.0 Kay Framework Project Kay Framework 0.8.0

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Twitter Reddit Linkedin Facebook