jboss brms vulnerabilities and exploits

(subscribe to this query)

The NonManagedConnectionFactory in JBoss Enterprise Application Platform (EAP) 5.1.2 and 5.2.0, Web Platform (EWP) 5.1.2 and 5.2.0, and BRMS Platform prior to 5.3.1 logs the username and password in cleartext when an exception is thrown, which allows local users to obtain sensiti...

Redhat Jboss Enterprise Application Platform 5.1.2 Redhat Jboss Enterprise Application Platform 5.2.0 Redhat Jboss Enterprise Web Platform 5.2.0 Redhat Jboss Enterprise Web Platform 5.1.2 Redhat Jboss Enterprise Brms Platform

EJB method in Red Hat JBoss BRMS 5; Red Hat JBoss Enterprise Application Platform 5; Red Hat JBoss Operations Network 3.1; Red Hat JBoss Portal 4 and 5; Red Hat JBoss SOA Platform 4.2, 4.3, and 5; in Red Hat JBoss Enterprise Web Server 1 ignores roles specified using the @RunAs a...

Redhat Jboss Brms 5 Redhat Jboss Enterprise Application Platform 5.0.0 Redhat Jboss Enterprise Web Server 1.0.0 Redhat Jboss Operations Network 3.1 Redhat Jboss Portal 4.0.0 Redhat Jboss Portal 5.0.0 Redhat Jboss Soa Platform 4.2 Redhat Jboss Soa Platform 4.3 Redhat Jboss Soa Platform 5

Cross-site request forgery (CSRF) vulnerability in the JMX Console (jmx-console) in JBoss Enterprise Portal Platform prior to 5.2.2, BRMS Platform 5.3.0 before roll up patch1, and SOA Platform 5.3.0 allows remote authenticated users to hijack the authentication of arbitrary users...

Redhat Jboss Enterprise Portal Platform 5.0.0 Redhat Jboss Enterprise Portal Platform 5.1.1 Redhat Jboss Enterprise Portal Platform 5.1.0 Redhat Jboss Enterprise Portal Platform Redhat Jboss Enterprise Brms Platform 5.3.0 Redhat Jboss Enterprise Portal Platform 5.2.0 Redhat Jboss Enterprise Soa Platform 5.3.0 Redhat Jboss Enterprise Portal Platform 5.0.1

The (1) JNDI service, (2) HA-JNDI service, and (3) HAJNDIFactory invoker servlet in JBoss Enterprise Application Platform 4.3.0 CP10 and 5.1.2, Web Platform 5.1.2, SOA Platform 4.2.0.CP05 and 4.3.0.CP05, Portal Platform 4.3 CP07 and 5.2.x prior to 5.2.2, and BRMS Platform prior t...

Redhat Jboss Enterprise Application Platform 4.3.0 Redhat Jboss Enterprise Application Platform 5.1.2 Redhat Jboss Enterprise Web Platform 5.1.2 Redhat Jboss Enterprise Portal Platform 5.2.1 Redhat Jboss Enterprise Portal Platform 4.3.0 Redhat Jboss Enterprise Brms Platform Redhat Jboss Enterprise Soa Platform 4.2.0 Redhat Jboss Enterprise Portal Platform 5.2.0 Redhat Jboss Enterprise Soa Platform 4.3.0

A vulnerability exists in XNIO where file descriptor leak caused by growing amounts of NIO Selector file handles between garbage collection cycles. It may allow the malicious user to cause a denial of service. It affects XNIO versions 3.6.0.Beta1 up to and including 3.8.1.Final.

Redhat Xnio Redhat Xnio 3.6.0 Redhat Jboss Operations Network 3.0 Redhat Jboss Enterprise Application Platform 6.0.0 Redhat Jboss Fuse 6.0.0 Redhat Jboss Enterprise Application Platform 5.0.0 Redhat Jboss Fuse 7.0.0 Redhat Jboss Data Grid 7.0.0 Redhat Jboss Brms 5 Redhat Jboss Soa Platform 5 Redhat Jboss Brms 6 Redhat Jboss Data Grid 6.0.0 Redhat Jboss Data Virtualization 6.0.0 Oracle Communications Cloud Native Core Network Repository Function 1.14.0 Oracle Communications Cloud Native Core Policy 1.14.0 Oracle Communications Cloud Native Core Unified Data Repository 1.14.0 Oracle Communications Cloud Native Core Service Communication Proxy 1.14.0 Oracle Communications Cloud Native Core Security Edge Protection Proxy 1.15.0 Oracle Communications Cloud Native Core Console 1.9.0

XML external entity (XXE) vulnerability in the SVG to (1) PNG and (2) JPG conversion classes in Apache Batik 1.x prior to 1.8 allows remote malicious users to read arbitrary files or cause a denial of service via a crafted SVG file.

Canonical Ubuntu Linux 14.04 Canonical Ubuntu Linux 12.04 Canonical Ubuntu Linux 14.10 Apache Batik Redhat Jboss Enterprise Brms Platform

2 Github repositories

The JBoss Server in JBoss Enterprise Application Platform 5.1.x prior to 5.1.2 and 5.2.x prior to 5.2.2, Web Platform prior to 5.1.2, BRMS Platform prior to 5.3.0, and SOA Platform prior to 5.3.0, when the server is configured to use the JaccAuthorizationRealm and the ignoreBaseD...

Redhat Jboss Enterprise Application Platform 5.1.1 Redhat Jboss Enterprise Application Platform 5.1.0 Redhat Jboss Enterprise Application Platform 5.2.0 Redhat Jboss Enterprise Application Platform 5.2.1 Redhat Jboss Enterprise Soa Platform 5.1.0 Redhat Jboss Enterprise Soa Platform 5.0.2 Redhat Jboss Enterprise Soa Platform 5.0.1 Redhat Jboss Enterprise Soa Platform Redhat Jboss Enterprise Soa Platform 5.1.1 Redhat Jboss Enterprise Web Platform 5.1.0 Redhat Jboss Enterprise Brms Platform Redhat Jboss Enterprise Web Platform Redhat Jboss Enterprise Soa Platform 5.0.0

The servlets invoked by httpha-invoker in JBoss Enterprise Application Platform prior to 5.1.2, SOA Platform prior to 5.2.0, BRMS Platform prior to 5.3.0, and Portal Platform prior to 4.3 CP07 perform access control only for the GET and POST methods, which allow remote malicious ...

Redhat Jboss Enterprise Application Platform 4.3.0 Redhat Jboss Enterprise Application Platform 5.0.1 Redhat Jboss Enterprise Application Platform 5.1.0 Redhat Jboss Enterprise Application Platform 4.2.0 Redhat Jboss Enterprise Application Platform Redhat Jboss Enterprise Application Platform 5.0.0 Redhat Jboss Enterprise Soa Platform 4.3.0 Redhat Jboss Enterprise Soa Platform 4.2.0 Redhat Jboss Enterprise Soa Platform 5.0.2 Redhat Jboss Enterprise Soa Platform 5.0.1 Redhat Jboss Enterprise Soa Platform 5.1.0 Redhat Jboss Enterprise Soa Platform Redhat Jboss Enterprise Soa Platform 5.0.0 Redhat Jboss Enterprise Brms Platform Redhat Jboss Enterprise Portal Platform

JGroups diagnostics service in JBoss Enterprise Portal Platform prior to 5.2.2, SOA Platform prior to 5.3.0, and BRMS Platform prior to 5.3.0, is enabled without authentication when started by the JGroups channel, which allows remote attackers in adjacent networks to read diagnos...

Redhat Jboss Enterprise Portal Platform 5.1.1 Redhat Jboss Enterprise Portal Platform 5.1.0 Redhat Jboss Enterprise Portal Platform Redhat Jboss Enterprise Portal Platform 5.2.0 Redhat Jboss Enterprise Portal Platform 4.3.0 Redhat Jboss Enterprise Portal Platform 5.0.1 Redhat Jboss Enterprise Portal Platform 5.0.0 Redhat Jboss Enterprise Soa Platform 5.1.1 Redhat Jboss Enterprise Soa Platform 5.1.0 Redhat Jboss Enterprise Soa Platform 4.2.0 Redhat Jboss Enterprise Soa Platform Redhat Jboss Enterprise Soa Platform 4.3.0 Redhat Jboss Enterprise Soa Platform 5.0.0 Redhat Jboss Enterprise Soa Platform 5.0.2 Redhat Jboss Enterprise Soa Platform 5.0.1 Redhat Jboss Enterprise Brms Platform

wsf/common/DOMUtils.java in JBossWS Native in Red Hat JBoss Enterprise Application Platform 4.2.0.CP09, 4.3, and 5.1.1; JBoss Enterprise Portal Platform 4.3.CP06 and 5.1.1; JBoss Enterprise SOA Platform 4.2.CP05, 4.3.CP05, and 5.1.0; JBoss Communications Platform 1.2.11 and 5.1.1...

Redhat Jboss Enterprise Portal Platform 4.3.0 Redhat Jboss Enterprise Soa Platform 4.2.0 Redhat Jboss Enterprise Soa Platform 5.1.0 Redhat Jboss Communications Platform 1.2.11 Redhat Jboss Communications Platform 5.1.1 Redhat Jboss Enterprise Brms Platform 5.1.0 Redhat Jboss Enterprise Application Platform 4.2.0 Redhat Jboss Enterprise Application Platform 4.3.0 Redhat Jboss Enterprise Application Platform 5.1.1 Redhat Jboss Enterprise Portal Platform 5.1.1 Redhat Jboss Enterprise Soa Platform 4.3.0 Redhat Jboss Enterprise Web Platform 5.1.1 Hp Network Node Manager I 9.02 Hp Network Node Manager I 9.0 Hp Network Node Manager I 9.10 Hp Network Node Manager I 9.03 Hp Network Node Manager I 9.01

« PREV 1 2 3 4 NEXT »

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Twitter Reddit Linkedin Facebook