Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
jboss enterprise web platform vulnerabilities and exploits
(subscribe to this query)
5.8
CVSSv2
CVE-2011-2941
Open redirect vulnerability in Red Hat JBoss Enterprise Portal Platform prior to 5.2.0 allows remote malicious users to redirect users to arbitrary web sites and conduct phishing attacks via a URL in the initialURI parameter.
Redhat Jboss Enterprise Portal Platform 4.3.0
Redhat Jboss Enterprise Portal Platform 5.0.0
Redhat Jboss Enterprise Portal Platform 5.1.0
Redhat Jboss Enterprise Portal Platform 5.0.1
Redhat Jboss Enterprise Portal Platform
5
CVSSv2
CVE-2010-1429
Red Hat JBoss Enterprise Application Platform (aka JBoss EAP or JBEAP) 4.2 prior to 4.2.0.CP09 and 4.3 prior to 4.3.0.CP08 allows remote malicious users to obtain sensitive information about "deployed web contexts" via a request to the status servlet, as demonstrated by...
Redhat Jboss Enterprise Application Platform 4.3.0
Redhat Jboss Enterprise Application Platform 4.2.0
Redhat Jboss Enterprise Application Platform
Redhat Jboss Enterprise Application Platform 4.2
Redhat Jboss Enterprise Application Platform 4.3
1 Github repository
5
CVSSv2
CVE-2010-2493
The default configuration of the deployment descriptor (aka web.xml) in picketlink-sts.war in (1) the security_saml quickstart, (2) the webservice_proxy_security quickstart, (3) the web-console application, (4) the http-invoker application, (5) the gpd-deployer application, (6) t...
Redhat Jboss Enterprise Soa Platform 4.3.0
Redhat Jboss Enterprise Soa Platform 5.0.0
Redhat Jboss Enterprise Soa Platform 4.2.0
Redhat Jboss Enterprise Soa Platform
4.3
CVSSv2
CVE-2009-1380
Cross-site scripting (XSS) vulnerability in JMX-Console in JBossAs in Red Hat JBoss Enterprise Application Platform (aka JBoss EAP or JBEAP) 4.2 prior to 4.2.0.CP08 and 4.3 prior to 4.3.0.CP07 allows remote malicious users to inject arbitrary web script or HTML via the filter par...
Redhat Jboss Enterprise Application Platform 4.3
Redhat Jboss Enterprise Application Platform 4.2
Redhat Jboss Enterprise Application Platform 4.2.0
Redhat Jboss Enterprise Application Platform 4.3.0
5
CVSSv2
CVE-2008-3273
JBoss Enterprise Application Platform (aka JBossEAP or EAP) prior to 4.2.0.CP03, and 4.3.0 prior to 4.3.0.CP01, allows remote malicious users to obtain sensitive information about "deployed web contexts" via a request to the status servlet, as demonstrated by a full=tru...
Jboss Enterprise Application Platform 4.2.0.cp01
Jboss Enterprise Application Platform 4.2.0.cp02
Jboss Enterprise Application Platform
5
CVSSv2
CVE-2010-0738
The JMX-Console web application in JBossAs in Red Hat JBoss Enterprise Application Platform (aka JBoss EAP or JBEAP) 4.2 prior to 4.2.0.CP09 and 4.3 prior to 4.3.0.CP08 performs access control only for the GET and POST methods, which allows remote malicious users to send requests...
Redhat Jboss Enterprise Application Platform 4.2.0
Redhat Jboss Enterprise Application Platform 4.2
Redhat Jboss Enterprise Application Platform 4.3.0
Redhat Jboss Enterprise Application Platform 4.3
4 EDB exploits
2 Nmap scripts
4 Github repositories
1 Article
6.8
CVSSv2
CVE-2011-2196
jboss-seam.jar in the JBoss Seam 2 framework 2.2.x and previous versions, as distributed in Red Hat JBoss Enterprise SOA Platform 4.3.0.CP05 and 5.1.0; JBoss Enterprise Application Platform (aka JBoss EAP or JBEAP) 4.3.0, 4.3.0.CP09, and 5.1.1; and JBoss Enterprise Web Platform 5...
Redhat Jboss Seam 2 Framework 2.1.2
Redhat Jboss Seam 2 Framework
Redhat Jboss Seam 2 Framework 2.0.0
Redhat Jboss Seam 2 Framework 2.2.0
Redhat Jboss Seam 2 Framework 2.0.2
Redhat Jboss Enterprise Application Platform 4.3.0
Redhat Jboss Seam 2 Framework 2.1.0
Redhat Jboss Enterprise Application Platform 5.1.1
Redhat Jboss Enterprise Soa Platform 5.1.0
Redhat Jboss Seam 2 Framework 2.0.1
Redhat Jboss Seam 2 Framework 2.1.1
Redhat Jboss Seam 2 Framework 2.2.1
Redhat Jboss Seam 2 Framework 2.0.3
Redhat Jboss Enterprise Soa Platform 4.3.0
Redhat Jboss Enterprise Web Platform 5.1.1
5
CVSSv2
CVE-2009-0027
The request handler in JBossWS in JBoss Enterprise Application Platform (aka JBoss EAP or JBEAP) 4.2 prior to 4.2.0.CP06 and 4.3 prior to 4.3.0.CP04 does not properly validate the resource path during a request for a WSDL file with a custom web-service endpoint, which allows remo...
Redhat Jboss Enterprise Application Platform 4.3.0
Redhat Jboss Enterprise Application Platform 4.2.0
2.1
CVSSv2
CVE-2009-5066
twiddle.sh in JBoss AS 5.0 and EAP 5.0 and previous versions accepts credentials as command-line arguments, which allows local users to read the credentials by listing the process and its arguments.
Redhat Jboss Community Application Server 5.0.0
Redhat Jboss Enterprise Application Platform 5.0.0
5
CVSSv2
CVE-2020-25710
A flaw was found in OpenLDAP in versions prior to 2.4.56. This flaw allows an attacker who sends a malicious packet processed by OpenLDAP to force a failed assertion in csnNormalize23(). The highest threat from this vulnerability is to system availability.
Openldap Openldap
Redhat Enterprise Linux 7.0
Redhat Enterprise Linux 6.0
Redhat Jboss Enterprise Web Server 2.0.0
Redhat Enterprise Linux 5.0
Redhat Jboss Enterprise Application Platform 5.0.0
Redhat Jboss Core Services -
Debian Debian Linux 9.0
Fedoraproject Fedora 33
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
deserialization
CVE-2024-4040
cross-site scripting
CVE-2023-25790
CVE-2024-2961
XML external entity
CVE-2024-26926
CVE-2024-32806
CVE-2024-32711
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2
3
4
5
6
7
8
NEXT »