Vulmon Recent Vulnerabilities Research Posts Trends Blog About Contact

redhat jboss enterprise application platform 7.1.0 vulnerabilities and exploits

(subscribe to this query)
4.6
CVSSv2
CVE-2012-2312
An Elevated Privileges issue exists in JBoss AS 7 Community Release due to the improper implementation in the security context propagation, A threat gets reused from the thread pool that still retains the security context from the process last used, which lets a local user obtain...
Redhat Jboss Application Server 7.1.0Redhat Jboss Application Server 7.1.1Redhat Jboss Enterprise Application Platform 6.0.0
3.5
CVSSv2
CVE-2018-10934
A cross-site scripting (XSS) vulnerability was found in the JBoss Management Console versions prior to 7.1.6.CR1, 7.1.6.GA. Users with roles that can create objects in the application can exploit this to attack other privileged users.
Redhat Jboss Enterprise Application Platform 7.0Redhat Jboss Enterprise Application Platform 7.1.0Redhat Single Sign-on 7.2
4.3
CVSSv2
CVE-2012-4529
The org.apache.catalina.connector.Response.encodeURL method in Red Hat JBoss Web 7.1.x and previous versions, when the tracking mode is set to COOKIE, sends the jsessionid in the URL of the first response of a session, which allows remote malicious users to obtain the session id ...
Redhat Jboss Community Application Server 6.0.0Redhat Jboss Community Application Server 6.1.0Redhat Jboss Community Application Server 7.0.0Redhat Jboss Community Application Server 5.1.0Redhat Jboss Community Application Server 5.0.1Redhat Jboss Community Application Server 5.0.0Redhat Jboss Community Application Server 7.0.1Redhat Jboss Community Application Server 7.1.0Redhat Jboss Community Application Server 7.0.2Redhat Jboss Community Application ServerRedhat Jboss Enterprise Application Platform 6.0.0
4.3
CVSSv2
CVE-2022-0866
This is a concurrency issue that can result in the wrong caller principal being returned from the session context of an EJB that is configured with a RunAs principal. In particular, the org.jboss.as.ejb3.component.EJBComponent class has an incomingRunAsIdentity field. This field ...
Redhat Openstack Platform 13.0Redhat WildflyRedhat Jboss Enterprise Application Platform
5
CVSSv2
CVE-2016-9589
Undertow in Red Hat wildfly before version 11.0.0.Beta1 is vulnerable to a resource exhaustion resulting in a denial of service. Undertow keeps a cache of seen HTTP headers in persistent connections. It was found that this cache can easily exploited to fill memory with garbage, u...
Redhat Jboss Wildfly Application Server 11.0.0Redhat Jboss Wildfly Application Server
6.4
CVSSv2
CVE-2012-5575
Apache CXF 2.5.x prior to 2.5.10, 2.6.x before CXF 2.6.7, and 2.7.x before CXF 2.7.4 does not verify that a specified cryptographic algorithm is allowed by the WS-SecurityPolicy AlgorithmSuite definition before decrypting, which allows remote malicious users to force CXF to use w...
Apache Cxf 2.5.2Apache Cxf 2.5.9Redhat Jboss Enterprise Web Platform 5.2.0Redhat Jboss Enterprise Soa Platform 4.3.0Apache Cxf 2.6.0Apache Cxf 2.5.3Apache Cxf 2.7.3Apache Cxf 2.5.7Redhat Jboss Fuse Esb Enterprise 7.1.0Apache Cxf 2.6.2Apache Cxf 2.5.0Apache Cxf 2.5.1Apache Cxf 2.5.5Apache Cxf 2.5.8Apache Cxf 2.6.5Apache Cxf 2.7.0Apache Cxf 2.6.6Apache Cxf 2.6.3Redhat Jboss Enterprise Portal Platform 4.3.0Apache Cxf 2.5.6Apache Cxf 2.6.4Apache Cxf 2.6.1
4
CVSSv2
CVE-2017-2582
It was found that while parsing the SAML messages the StaxParserUtil class of keycloak prior to 2.5.1 replaces special strings for obtaining attribute values with system property. This could allow an malicious user to determine values of system properties at the attacked system b...
Redhat KeycloakRedhat Jboss Enterprise Application Platform 6.0.0Redhat Jboss Enterprise Application Platform 7.0.0Redhat Jboss Enterprise Application Platform 7.1.0Redhat Jboss Enterprise Application Platform 6.4.0
4
CVSSv2
CVE-2017-2595
It was found that the log file viewer in Red Hat JBoss Enterprise Application 6 and 7 allows arbitrary file read to authenticated user via path traversal.
Redhat Jboss Enterprise Application Platform 7.1.0Redhat Jboss Enterprise Application Platform 6.4.0Redhat Jboss Enterprise Application Platform 6.0.0Redhat Jboss Enterprise Application Platform 7.0.0
5
CVSSv2
CVE-2017-2670
It was found in Undertow prior to 1.3.28 that with non-clean TCP close, the Websocket server gets into infinite loop on every IO thread, effectively causing DoS.
Redhat UndertowDebian Debian Linux 9.0Redhat Jboss Enterprise Application Platform 6.0.0Redhat Jboss Enterprise Application Platform 7.0.0Redhat Jboss Enterprise Application Platform 7.1.0
6.4
CVSSv2
CVE-2017-2666
It exists in Undertow that the code that parsed the HTTP request line permitted invalid characters. This could be exploited, in conjunction with a proxy that also permitted the invalid characters but with a different interpretation, to inject data into the HTTP response. By manip...
Redhat Undertow -Redhat Jboss Enterprise Application Platform 7.0.0Redhat Jboss Enterprise Application Platform 7.1.0Debian Debian Linux 9.0Debian Debian Linux 10.0
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-30924CVE-2024-3400overflowCVE-2024-23528CVE-2024-21338CVE-2024-3818CVE-2024-23535NULL pointer dereferenceelevation of privilege
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started

Vulmon Search

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

About

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Products

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Connect

Twitter Reddit Linkedin Facebook