Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
redhat jboss enterprise web platform vulnerabilities and exploits
(subscribe to this query)
5.8
CVSSv2
CVE-2011-2941
Open redirect vulnerability in Red Hat JBoss Enterprise Portal Platform prior to 5.2.0 allows remote malicious users to redirect users to arbitrary web sites and conduct phishing attacks via a URL in the initialURI parameter.
Redhat Jboss Enterprise Portal Platform 4.3.0
Redhat Jboss Enterprise Portal Platform 5.0.0
Redhat Jboss Enterprise Portal Platform 5.1.0
Redhat Jboss Enterprise Portal Platform 5.0.1
Redhat Jboss Enterprise Portal Platform
5.8
CVSSv2
CVE-2012-3370
The SecurityAssociation.getCredential method in JBoss Enterprise Application Platform (EAP) prior to 5.2.0, Web Platform (EWP) prior to 5.2.0, BRMS Platform prior to 5.3.1, and SOA Platform prior to 5.3.1 returns the credentials of the previous user when a security context is not...
Redhat Jboss Enterprise Application Platform 5.2.0
Redhat Jboss Enterprise Web Platform 5.2.0
Redhat Jboss Enterprise Brms Platform
5.8
CVSSv2
CVE-2011-4314
message/ax/AxMessage.java in OpenID4Java prior to 0.9.6 final, as used in JBoss Enterprise Application Platform 5.1 prior to 5.1.2, Step2, Kay Framework prior to 1.0.2, and possibly other products does not verify that Attribute Exchange (AX) information is signed, which allows re...
Redhat Jboss Enterprise Application Platform 5.1.0
Redhat Jboss Enterprise Application Platform 5.1.1
Kay Framework Project Kay Framework 0.1.0
Kay Framework Project Kay Framework 0.0.0
Openid Openid4java 0.9.3
Openid Openid4java 0.9.2
Kay Framework Project Kay Framework 0.3.0
Kay Framework Project Kay Framework 0.2.0
Redhat Jboss Enterprise Application Platform 5.1.2
Kay Framework Project Kay Framework
Openid Openid4java
Openid Openid4java 0.9.4.339
Kay Framework Project Kay Framework 1.0.0
Kay Framework Project Kay Framework 0.8.0
5
CVSSv2
CVE-2020-25710
A flaw was found in OpenLDAP in versions prior to 2.4.56. This flaw allows an attacker who sends a malicious packet processed by OpenLDAP to force a failed assertion in csnNormalize23(). The highest threat from this vulnerability is to system availability.
Openldap Openldap
Redhat Enterprise Linux 7.0
Redhat Enterprise Linux 6.0
Redhat Jboss Enterprise Web Server 2.0.0
Redhat Enterprise Linux 5.0
Redhat Jboss Enterprise Application Platform 5.0.0
Redhat Jboss Core Services -
Debian Debian Linux 9.0
Fedoraproject Fedora 33
5
CVSSv2
CVE-2012-5626
EJB method in Red Hat JBoss BRMS 5; Red Hat JBoss Enterprise Application Platform 5; Red Hat JBoss Operations Network 3.1; Red Hat JBoss Portal 4 and 5; Red Hat JBoss SOA Platform 4.2, 4.3, and 5; in Red Hat JBoss Enterprise Web Server 1 ignores roles specified using the @RunAs a...
Redhat Jboss Brms 5
Redhat Jboss Enterprise Application Platform 5.0.0
Redhat Jboss Enterprise Web Server 1.0.0
Redhat Jboss Operations Network 3.1
Redhat Jboss Portal 4.0.0
Redhat Jboss Portal 5.0.0
Redhat Jboss Soa Platform 4.2
Redhat Jboss Soa Platform 4.3
Redhat Jboss Soa Platform 5
5
CVSSv2
CVE-2019-19906
cyrus-sasl (aka Cyrus SASL) 2.1.27 has an out-of-bounds write leading to unauthenticated remote denial-of-service in OpenLDAP via a malformed LDAP packet. The OpenLDAP crash is ultimately caused by an off-by-one error in _sasl_add_string in common.c in cyrus-sasl.
Cyrusimap Cyrus-sasl
Debian Debian Linux 8.0
Debian Debian Linux 9.0
Debian Debian Linux 10.0
Canonical Ubuntu Linux 18.04
Canonical Ubuntu Linux 14.04
Canonical Ubuntu Linux 19.10
Canonical Ubuntu Linux 16.04
Canonical Ubuntu Linux 12.04
Fedoraproject Fedora 31
Fedoraproject Fedora 32
Redhat Enterprise Linux 7.0
Redhat Enterprise Linux 6.0
Redhat Jboss Enterprise Web Server 2.0.0
Redhat Enterprise Linux 5.0
Redhat Enterprise Linux 8.0
Apple Mac Os X 10.14.6
Redhat Enterprise Linux Server Tus 8.4
Redhat Enterprise Linux Eus 8.4
Redhat Enterprise Linux Server Aus 8.4
Redhat Enterprise Linux Server Update Services For Sap Solutions 8.4
Redhat Enterprise Linux For Power Little Endian 8.0
5
CVSSv2
CVE-2019-10184
undertow before version 2.0.23.Final is vulnerable to an information leak issue. Web apps may have their directory structures predicted through requests without trailing slashes via the api.
Redhat Undertow
Redhat Jboss Data Grid -
Redhat Jboss Enterprise Application Platform -
Redhat Jboss Enterprise Application Platform 7.0.0
Redhat Openshift Application Runtimes -
Redhat Openshift Application Runtimes 1.0
Redhat Single Sign-on -
Redhat Single Sign-on 7.0
Redhat Jboss Enterprise Application Platform 7.2
Redhat Jboss Enterprise Application Platform 7.3
Redhat Jboss Enterprise Application Platform 7.4
Redhat Single Sign-on 7.3
Netapp Active Iq Unified Manager -
1 Github repository
5
CVSSv2
CVE-2019-3888
A vulnerability was found in Undertow web server prior to 2.0.21. An information exposure of plain text credentials through log files because Connectors.executeRootHandler:402 logs the HttpServerExchange object at ERROR level using UndertowLogger.REQUEST_LOGGER.undertowRequestFai...
Redhat Undertow
Redhat Virtualization 4.0
Redhat Virtualization Host 4.0
Redhat Jboss Data Grid -
Redhat Openshift Application Runtimes -
Netapp Active Iq Unified Manager -
5
CVSSv2
CVE-2017-2670
It was found in Undertow prior to 1.3.28 that with non-clean TCP close, the Websocket server gets into infinite loop on every IO thread, effectively causing DoS.
Redhat Undertow
Debian Debian Linux 9.0
Redhat Jboss Enterprise Application Platform 6.0.0
Redhat Jboss Enterprise Application Platform 7.0.0
Redhat Jboss Enterprise Application Platform 7.1.0
5
CVSSv2
CVE-2011-4610
JBoss Web, as used in Red Hat JBoss Communications Platform prior to 5.1.3, Enterprise Web Platform prior to 5.1.2, Enterprise Application Platform prior to 5.1.2, and other products, allows remote malicious users to cause a denial of service (infinite loop) via vectors related t...
Redhat Jboss Enterprise Application Platform
Redhat Jboss Enterprise Web Platform
Redhat Jboss Enterprise Brms Platform
Redhat Jboss Communications Platform
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
man-in-the-middle
CVE-2024-34558
CVE-2024-32674
CVE-2024-34351
XPath injection
CVE-2023-45866
CVE-2024-25528
CVE-2024-25517
path traversal
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2
3
4
5
6
7
NEXT »