Vulmon
Recent Vulnerabilities
Product List
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
jboss jboss application server vulnerabilities and exploits
(subscribe to this query)
1.9
CVSSv2
CVE-2012-2148
An issue exists in the property replacements feature in any descriptor in JBoxx AS 7.1.1 ignores java security policies
Redhat Jboss Community Application Server 7.1.1
Redhat Jboss Enterprise Web Server 1.0.0
6.8
CVSSv2
CVE-2011-4085
The servlets invoked by httpha-invoker in JBoss Enterprise Application Platform prior to 5.1.2, SOA Platform prior to 5.2.0, BRMS Platform prior to 5.3.0, and Portal Platform prior to 4.3 CP07 perform access control only for the GET and POST methods, which allow remote malicious ...
Redhat Jboss Enterprise Application Platform 4.3.0
Redhat Jboss Enterprise Application Platform 5.0.1
Redhat Jboss Enterprise Application Platform 5.1.0
Redhat Jboss Enterprise Application Platform 4.2.0
Redhat Jboss Enterprise Application Platform
Redhat Jboss Enterprise Application Platform 5.0.0
Redhat Jboss Enterprise Soa Platform 4.3.0
Redhat Jboss Enterprise Soa Platform 4.2.0
Redhat Jboss Enterprise Soa Platform 5.0.2
Redhat Jboss Enterprise Soa Platform 5.0.1
Redhat Jboss Enterprise Soa Platform 5.1.0
Redhat Jboss Enterprise Soa Platform
Redhat Jboss Enterprise Soa Platform 5.0.0
Redhat Jboss Enterprise Brms Platform
Redhat Jboss Enterprise Portal Platform
5
CVSSv2
CVE-2010-0738
The JMX-Console web application in JBossAs in Red Hat JBoss Enterprise Application Platform (aka JBoss EAP or JBEAP) 4.2 prior to 4.2.0.CP09 and 4.3 prior to 4.3.0.CP08 performs access control only for the GET and POST methods, which allows remote malicious users to send requests...
Redhat Jboss Enterprise Application Platform 4.2.0
Redhat Jboss Enterprise Application Platform 4.2
Redhat Jboss Enterprise Application Platform 4.3.0
Redhat Jboss Enterprise Application Platform 4.3
4 EDB exploits
2 Nmap scripts
4 Github repositories
1 Article
4.6
CVSSv2
CVE-2012-1167
The JBoss Server in JBoss Enterprise Application Platform 5.1.x prior to 5.1.2 and 5.2.x prior to 5.2.2, Web Platform prior to 5.1.2, BRMS Platform prior to 5.3.0, and SOA Platform prior to 5.3.0, when the server is configured to use the JaccAuthorizationRealm and the ignoreBaseD...
Redhat Jboss Enterprise Application Platform 5.1.1
Redhat Jboss Enterprise Application Platform 5.1.0
Redhat Jboss Enterprise Application Platform 5.2.0
Redhat Jboss Enterprise Application Platform 5.2.1
Redhat Jboss Enterprise Soa Platform 5.0.2
Redhat Jboss Enterprise Soa Platform 5.0.1
Redhat Jboss Enterprise Web Platform
Redhat Jboss Enterprise Soa Platform 5.1.0
Redhat Jboss Enterprise Brms Platform
Redhat Jboss Enterprise Web Platform 5.1.0
Redhat Jboss Enterprise Soa Platform 5.1.1
Redhat Jboss Enterprise Soa Platform
Redhat Jboss Enterprise Soa Platform 5.0.0
6
CVSSv2
CVE-2013-3734
The Embedded Jopr component in JBoss Application Server includes the cleartext datasource password in unspecified HTML responses, which might allow (1) man-in-the-middle malicious users to obtain sensitive information by leveraging failure to use SSL or (2) malicious users to obt...
Redhat Jboss Application Server
5
CVSSv2
CVE-2012-1094
JBoss AS 7 before 7.1.1 and mod_cluster do not handle default hostname in the same way, which can cause the excluded-contexts list to be mismatched and the root context to be exposed.
Redhat Jboss Application Server
NA
CVE-2023-4503
An improper initialization vulnerability was found in Galleon. When using Galleon to provision custom EAP or EAP-XP servers, the servers are created unsecured. This issue could allow an malicious user to access remote HTTP services available from the server.
Redhat Jboss Enterprise Application Platform -
Redhat Jboss Enterprise Application Platform Expansion Pack -
Redhat Jboss Enterprise Application Platform 7.4
5
CVSSv2
CVE-2012-5626
EJB method in Red Hat JBoss BRMS 5; Red Hat JBoss Enterprise Application Platform 5; Red Hat JBoss Operations Network 3.1; Red Hat JBoss Portal 4 and 5; Red Hat JBoss SOA Platform 4.2, 4.3, and 5; in Red Hat JBoss Enterprise Web Server 1 ignores roles specified using the @RunAs a...
Redhat Jboss Operations Network 3.1
Redhat Jboss Enterprise Web Server 1.0.0
Redhat Jboss Enterprise Application Platform 5.0.0
Redhat Jboss Brms 5
Redhat Jboss Soa Platform 4.3
Redhat Jboss Soa Platform 5
Redhat Jboss Soa Platform 4.2
Redhat Jboss Portal 4.0.0
Redhat Jboss Portal 5.0.0
5
CVSSv2
CVE-2015-3198
The Undertow module of WildFly 9.x prior to 9.0.0.CR2 and 10.x prior to 10.0.0.Alpha1 allows remote malicious users to obtain the source code of a JSP page via a "/" at the end of a URL.
Redhat Jboss Wildfly Application Server 9.0.0
5
CVSSv2
CVE-2016-0793
Incomplete blacklist vulnerability in the servlet filter restriction mechanism in WildFly (formerly JBoss Application Server) prior to 10.0.0.Final on Windows allows remote malicious users to read the sensitive files in the (1) WEB-INF or (2) META-INF directory via a request that...
Redhat Jboss Wildfly Application Server 10.0.0
1 EDB exploit
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-37884
CVE-2024-6003
remote
brute force
information disclosure
CVE-2024-27801
CVE-2024-30078
CVE-2024-31870
CVE-2024-6042
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2
3
4
5
6
7
NEXT »