Vulmon
Recent Vulnerabilities
Product List
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
redhat jboss application server 7.0.0 vulnerabilities and exploits
(subscribe to this query)
5.4
CVSSv3
CVE-2011-3606
A DOM based cross-site scripting flaw was found in the JBoss Application Server 7 prior to 7.1.0 Beta 1 administration console. A remote attacker could provide a specially-crafted web page and trick the valid JBoss AS user, with the administrator privilege, to visit it, which wou...
Redhat Jboss Application Server 7.0.0
Redhat Jboss Application Server 7.0.1
Redhat Jboss Application Server 7.0.2
6.5
CVSSv3
CVE-2011-3609
A CSRF issue was found in JBoss Application Server 7 prior to 7.1.0. JBoss did not properly restrict access to the management console information (for example via the "Access-Control-Allow-Origin" HTTP access control flag). This can lead to unauthorized information leak...
Redhat Jboss Application Server 7.0.0
Redhat Jboss Application Server 7.0.1
Redhat Jboss Application Server 7.0.2
NA
CVE-2012-4529
The org.apache.catalina.connector.Response.encodeURL method in Red Hat JBoss Web 7.1.x and previous versions, when the tracking mode is set to COOKIE, sends the jsessionid in the URL of the first response of a session, which allows remote malicious users to obtain the session id ...
Redhat Jboss Community Application Server
Redhat Jboss Community Application Server 7.1.0
Redhat Jboss Community Application Server 6.1.0
Redhat Jboss Community Application Server 5.0.0
Redhat Jboss Community Application Server 7.0.2
Redhat Jboss Community Application Server 7.0.1
Redhat Jboss Community Application Server 7.0.0
Redhat Jboss Community Application Server 6.0.0
Redhat Jboss Community Application Server 5.1.0
Redhat Jboss Community Application Server 5.0.1
Redhat Jboss Enterprise Application Platform 6.0.0
7.5
CVSSv3
CVE-2019-14888
A vulnerability was found in the Undertow HTTP server in versions prior to 2.0.28.SP1 when listening on HTTPS. An attacker can target the HTTPS port to carry out a Denial Of Service (DOS) to make the service unavailable on SSL.
Redhat Undertow
Redhat Jboss Fuse 6.0.0
Redhat Jboss Enterprise Application Platform 7.0.0
Redhat Single Sign-on 7.0
Redhat Jboss Fuse 7.0.0
Redhat Jboss Data Grid 7.0.0
Redhat Jboss Data Grid -
Netapp Active Iq Unified Manager -
7.5
CVSSv3
CVE-2017-2670
It was found in Undertow prior to 1.3.28 that with non-clean TCP close, the Websocket server gets into infinite loop on every IO thread, effectively causing DoS.
Redhat Undertow
Debian Debian Linux 9.0
Redhat Jboss Enterprise Application Platform 6.0.0
Redhat Jboss Enterprise Application Platform 7.0.0
Redhat Jboss Enterprise Application Platform 7.1.0
5.3
CVSSv3
CVE-2020-10693
A flaw was found in Hibernate Validator version 6.1.2.Final. A bug in the message interpolation processor enables invalid EL expressions to be evaluated as if they were valid. This flaw allows malicious users to bypass input sanitation (escaping, stripping) controls that develope...
Redhat Hibernate Validator 7.0.0
Redhat Hibernate Validator
Ibm Websphere Application Server
Redhat Jboss Enterprise Application Platform 7.2.0
Redhat Jboss Enterprise Application Platform 7.3.0
Redhat Satellite Capsule 6.8
Redhat Satellite 6.8
Quarkus Quarkus
Oracle Weblogic Server 14.1.1.0.0
3 Github repositories
4.9
CVSSv3
CVE-2019-14838
A flaw was found in wildfly-core prior to 7.2.5.GA. The Management users with Monitor, Auditor and Deployer Roles should not be allowed to modify the runtime state of the server
Redhat Wildfly Core 7.0.0
Redhat Jboss Enterprise Application Platform 7.2.0
Redhat Jboss Enterprise Application Platform 7.2.5
Redhat Jboss Enterprise Application Platform 7.3.0
Redhat Single Sign-on 7.3.5
Redhat Data Grid 7.3.4
Redhat Jboss Enterprise Application Platform 7.2.4
1 Github repository
6.5
CVSSv3
CVE-2021-32029
A flaw was found in postgresql. Using an UPDATE ... RETURNING command on a purpose-crafted table, an authenticated database user could read arbitrary bytes of server memory. The highest threat from this vulnerability is to data confidentiality.
Postgresql Postgresql
Redhat Jboss Enterprise Application Platform 7.0.0
6.5
CVSSv3
CVE-2017-2666
It exists in Undertow that the code that parsed the HTTP request line permitted invalid characters. This could be exploited, in conjunction with a proxy that also permitted the invalid characters but with a different interpretation, to inject data into the HTTP response. By manip...
Redhat Undertow -
Redhat Jboss Enterprise Application Platform 7.0.0
Redhat Jboss Enterprise Application Platform 7.1.0
Debian Debian Linux 9.0
Debian Debian Linux 10.0
8.8
CVSSv3
CVE-2021-32027
A flaw was found in postgresql in versions prior to 13.3, prior to 12.7, prior to 11.12, prior to 10.17 and prior to 9.6.22. While modifying certain SQL array values, missing bounds checks let authenticated database users write arbitrary bytes to a wide area of server memory. The...
Postgresql Postgresql
Redhat Enterprise Linux 7.0
Redhat Jboss Enterprise Application Platform 7.0.0
Redhat Enterprise Linux 8.0
Redhat Software Collections -
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
TCP
CVE-2024-4577
CVE-2024-2695
CVE-2024-31870
injection
CVE-2024-3813
arbitrary code
CVE-2024-27801
CVE-2024-30120
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
1
2
NEXT »