Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
jboss enterprise web platform vulnerabilities and exploits
(subscribe to this query)
NA
CVE-2010-0738
The JMX-Console web application in JBossAs in Red Hat JBoss Enterprise Application Platform (aka JBoss EAP or JBEAP) 4.2 prior to 4.2.0.CP09 and 4.3 prior to 4.3.0.CP08 performs access control only for the GET and POST methods, which allows remote malicious users to send requests...
Redhat Jboss Enterprise Application Platform 4.2.0
Redhat Jboss Enterprise Application Platform 4.2
Redhat Jboss Enterprise Application Platform 4.3.0
Redhat Jboss Enterprise Application Platform 4.3
4 EDB exploits
2 Nmap scripts
4 Github repositories
1 Article
NA
CVE-2010-1428
The Web Console (aka web-console) in JBossAs in Red Hat JBoss Enterprise Application Platform (aka JBoss EAP or JBEAP) 4.2 prior to 4.2.0.CP09 and 4.3 prior to 4.3.0.CP08 performs access control only for the GET and POST methods, which allows remote malicious users to obtain sens...
Redhat Jboss Enterprise Application Platform 4.2.0
Redhat Jboss Enterprise Application Platform 4.3.0
Redhat Jboss Enterprise Application Platform
Redhat Jboss Enterprise Application Platform 4.2
Redhat Jboss Enterprise Application Platform 4.3
NA
CVE-2009-2405
Multiple cross-site scripting (XSS) vulnerabilities in the Web Console in the Application Server in Red Hat JBoss Enterprise Application Platform (aka JBoss EAP or JBEAP) 4.2.0 prior to 4.2.0.CP08, 4.2.2GA, 4.3 prior to 4.3.0.CP07, and 5.1.0GA allow remote malicious users to inje...
Redhat Jboss Enterprise Application Platform 4.3
Redhat Jboss Enterprise Application Platform 5.1.0
Redhat Jboss Enterprise Application Platform 4.2
Redhat Jboss Enterprise Application Platform 4.2.0
Redhat Jboss Enterprise Application Platform 4.3.0
Redhat Jboss Enterprise Application Platform 4.2.2
NA
CVE-2009-1380
Cross-site scripting (XSS) vulnerability in JMX-Console in JBossAs in Red Hat JBoss Enterprise Application Platform (aka JBoss EAP or JBEAP) 4.2 prior to 4.2.0.CP08 and 4.3 prior to 4.3.0.CP07 allows remote malicious users to inject arbitrary web script or HTML via the filter par...
Redhat Jboss Enterprise Application Platform 4.3
Redhat Jboss Enterprise Application Platform 4.2
Redhat Jboss Enterprise Application Platform 4.2.0
Redhat Jboss Enterprise Application Platform 4.3.0
NA
CVE-2008-5515
Apache Tomcat 4.1.0 up to and including 4.1.39, 5.5.0 up to and including 5.5.27, 6.0.0 up to and including 6.0.18, and possibly earlier versions normalizes the target pathname before filtering the query string when using the RequestDispatcher method, which allows remote maliciou...
Apache Tomcat 5.5.27
Apache Tomcat 4.1.2
Apache Tomcat 4.1.35
Apache Tomcat 4.1.36
Apache Tomcat 5.5.18
Apache Tomcat 4.1.21
Apache Tomcat 6.0.6
Apache Tomcat 5.5.12
Apache Tomcat 5.5.14
Apache Tomcat 4.1.24
Apache Tomcat 5.5.10
Apache Tomcat 5.5.4
Apache Tomcat 5.5.7
Apache Tomcat 5.5.1
Apache Tomcat 6.0.7
Apache Tomcat 5.5.11
Apache Tomcat 4.1.25
Apache Tomcat 6.0.4
Apache Tomcat 5.5.6
Apache Tomcat 5.5.26
Apache Tomcat 4.1.39
Apache Tomcat 5.5.20
4.2
CVSSv3
CVE-2009-0783
Apache Tomcat 4.1.0 up to and including 4.1.39, 5.5.0 up to and including 5.5.27, and 6.0.0 up to and including 6.0.18 permits web applications to replace an XML parser used for other web applications, which allows local users to read or modify the (1) web.xml, (2) context.xml, o...
Apache Tomcat
NA
CVE-2009-0027
The request handler in JBossWS in JBoss Enterprise Application Platform (aka JBoss EAP or JBEAP) 4.2 prior to 4.2.0.CP06 and 4.3 prior to 4.3.0.CP04 does not properly validate the resource path during a request for a WSDL file with a custom web-service endpoint, which allows remo...
Redhat Jboss Enterprise Application Platform 4.3.0
Redhat Jboss Enterprise Application Platform 4.2.0
NA
CVE-2008-3273
JBoss Enterprise Application Platform (aka JBossEAP or EAP) prior to 4.2.0.CP03, and 4.3.0 prior to 4.3.0.CP01, allows remote malicious users to obtain sensitive information about "deployed web contexts" via a request to the status servlet, as demonstrated by a full=tru...
Jboss Enterprise Application Platform 4.2.0.cp01
Jboss Enterprise Application Platform 4.2.0.cp02
Jboss Enterprise Application Platform
NA
CVE-2008-0455
Cross-site scripting (XSS) vulnerability in the mod_negotiation module in the Apache HTTP Server 2.2.6 and previous versions in the 2.2.x series, 2.0.61 and previous versions in the 2.0.x series, and 1.3.39 and previous versions in the 1.3.x series allows remote authenticated use...
Apache Http Server
Redhat Enterprise Linux Server 5.0
Redhat Enterprise Linux Workstation 5.0
Redhat Enterprise Linux Desktop 5.0
Redhat Jboss Enterprise Application Platform 6.0.0
Redhat Jboss Enterprise Application Platform 6.4.0
1 EDB exploit
NA
CVE-2007-5342
The default catalina.policy in the JULI logging component in Apache Tomcat 5.5.9 up to and including 5.5.25 and 6.0.0 up to and including 6.0.15 does not restrict certain permissions for web applications, which allows malicious users to modify logging configuration options and ov...
Apache Tomcat 5.5.18
Apache Tomcat 6.0.6
Apache Tomcat 6.0.11
Apache Tomcat 5.5.12
Apache Tomcat 5.5.14
Apache Tomcat 5.5.10
Apache Tomcat 6.0.7
Apache Tomcat 5.5.11
Apache Tomcat 6.0.4
Apache Tomcat 5.5.20
Apache Tomcat 5.5.15
Apache Tomcat 6.0.15
Apache Tomcat 5.5.21
Apache Tomcat 5.5.22
Apache Tomcat 6.0.10
Apache Tomcat 6.0.3
Apache Tomcat 6.0.9
Apache Tomcat 6.0
Apache Tomcat 5.5.9
Apache Tomcat 5.5.25
Apache Tomcat 6.0.14
Apache Tomcat 5.5.13
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
SSTI
CVE-2024-35863
CVE-2024-35910
man-in-the-middle
CVE-2024-35912
CVE-2024-25742
LFI
CVE-2024-32002
CVE-2024-22120
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
5
6
7
8
9
10