Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
enterprise application platform vulnerabilities and exploits
(subscribe to this query)
4.9
CVSSv2
CVE-2012-5478
The AuthorizationInterceptor in JBoss Enterprise Application Platform (EAP) prior to 5.2.0, Web Platform (EWP) prior to 5.2.0, BRMS Platform prior to 5.3.1, and SOA Platform prior to 5.3.1 does not properly restrict access, which allows remote authenticated users to bypass intend...
Redhat Jboss Enterprise Application Platform 5.2.0
Redhat Jboss Enterprise Web Platform 5.2.0
Redhat Jboss Enterprise Brms Platform
4.3
CVSSv2
CVE-2011-4575
Cross-site scripting (XSS) vulnerability in the JMX console in JBoss Enterprise Application Platform (EAP) prior to 5.2.0, Web Platform (EWP) prior to 5.2.0, BRMS Platform prior to 5.3.1, and SOA Platform prior to 5.3.1 allows remote malicious users to inject arbitrary web script...
Redhat Jboss Enterprise Web Platform 5.2.0
Redhat Jboss Enterprise Application Platform 5.2.0
Redhat Jboss Enterprise Brms Platform
5
CVSSv2
CVE-2020-7238
Netty 4.1.43.Final allows HTTP Request Smuggling because it mishandles Transfer-Encoding whitespace (such as a [space]Transfer-Encoding:chunked line) and a later Content-Length header. This issue exists because of an incomplete fix for CVE-2019-16869.
Netty Netty 4.1.43
Fedoraproject Fedora 33
Debian Debian Linux 8.0
Debian Debian Linux 9.0
Debian Debian Linux 10.0
Redhat Jboss Enterprise Application Platform 7.2
Redhat Jboss Enterprise Application Platform Text-only Advisories -
Redhat Jboss Enterprise Application Platform 7.3
Redhat Openshift Application Runtimes Text-only Advisories -
Redhat Jboss Enterprise Application Platform 7.4
NA
CVE-2023-5379
A flaw was found in Undertow. When an AJP request is sent that exceeds the max-header-size attribute in ajp-listener, JBoss EAP is marked in an error state by mod_cluster in httpd, causing JBoss EAP to close the TCP connection without returning an AJP response. This happens becau...
Redhat Jboss Enterprise Application Platform 7.0.0
Redhat Undertow -
Redhat Single Sign-on 7.0
Redhat Jboss Enterprise Application Platform -
7.5
CVSSv2
CVE-2010-3708
The serialization implementation in JBoss Drools in Red Hat JBoss Enterprise Application Platform (aka JBoss EAP or JBEAP) 4.3 prior to 4.3.0.CP09 and JBoss Enterprise SOA Platform 4.2 and 4.3 supports the embedding of class files, which allows remote malicious users to execute a...
Redhat Jboss Enterprise Application Platform 4.3.0
Redhat Jboss Enterprise Soa Platform 4.2.0
Redhat Jboss Enterprise Soa Platform 4.3.0
6.8
CVSSv2
CVE-2014-3518
jmx-remoting.sar in JBoss Remoting, as used in Red Hat JBoss Enterprise Application Platform (JEAP) 5.2.0, Red Hat JBoss BRMS 5.3.1, Red Hat JBoss Portal Platform 5.2.2, and Red Hat JBoss SOA Platform 5.3.1, does not properly implement the JSR 160 specification, which allows remo...
Redhat Jboss Enterprise Application Platform 5.2.0
Redhat Jboss Enterprise Portal Platform 5.2.2
Redhat Jboss Enterprise Soa Platform 5.3.1
Redhat Jboss Enterprise Brms Platform 5.3.1
10
CVSSv2
CVE-2007-4758
Multiple buffer overflows in the image-processing APIs in Cosminexus Developer's Kit for Java in Cosminexus 4 through 7 allow remote malicious users to cause a denial of service or execute arbitrary code via unspecified vectors.
Hitachi Ucosminexus Application Server Enterprise 07 00 01
Hitachi Ucosminexus Application Server Enterprise 07 10
Hitachi Ucosminexus Application Server Standard 07 00
Hitachi Ucosminexus Application Server Standard 07 00 03
Hitachi Ucosminexus Application Server Standard 07 10
Hitachi Ucosminexus Application Server Standard 7 10 01
Hitachi Ucosminexus Service Platform 07 00 03
Hitachi Ucosminexus Service Platform 07 10
Hitachi Ucosminexus Application Server Enterprise 07 00
Hitachi Ucosminexus Application Server Enterprise 7 20 01
Hitachi Ucosminexus Application Server Standard 07 00 01
Hitachi Ucosminexus Application Server Standard 07 00 02
Hitachi Ucosminexus Service Platform 07 00 01
Hitachi Ucosminexus Service Platform 07 00 02
Hitachi Ucosminexus Service Platform 07 20
Hitachi Ucosminexus Service Platform 7 20 01
Hitachi Ucosminexus Application Server Enterprise 07 00 02
Hitachi Ucosminexus Application Server Enterprise 07 00 03
Hitachi Ucosminexus Application Server Enterprise 07 10 01
Hitachi Ucosminexus Application Server Standard 7 20
Hitachi Ucosminexus Application Server Standard 7 20 01
Hitachi Ucosminexus Application Server Enterprise 7 20
5
CVSSv2
CVE-2007-4759
Multiple unspecified vulnerabilities in the image-processing APIs in Cosminexus Developer's Kit for Java in Cosminexus 4 through 7 allow remote malicious users to cause a denial of service via unspecified vectors.
Hitachi Ucosminexus Application Server Enterprise 07 00
Hitachi Ucosminexus Application Server Enterprise 07 00 01
Hitachi Ucosminexus Application Server Enterprise 07 00 02
Hitachi Ucosminexus Application Server Enterprise 07 10 01
Hitachi Ucosminexus Application Server Standard 07 00
Hitachi Ucosminexus Application Server Standard 07 10
Hitachi Ucosminexus Application Server Standard 7 20
Hitachi Ucosminexus Application Server Standard 7 20 01
Hitachi Ucosminexus Service Platform 07 10
Hitachi Ucosminexus Application Server Enterprise 07 10
Hitachi Ucosminexus Application Server Standard 07 00 02
Hitachi Ucosminexus Application Server Standard 07 00 03
Hitachi Ucosminexus Application Server Standard 7 10 01
Hitachi Ucosminexus Service Platform 07 00 02
Hitachi Ucosminexus Service Platform 07 00 03
Hitachi Ucosminexus Service Platform 7 20 01
Hitachi Ucosminexus Application Server Enterprise 07 00 03
Hitachi Ucosminexus Application Server Enterprise 7 20
Hitachi Ucosminexus Application Server Standard 07 00 01
Hitachi Ucosminexus Service Platform 07 00
Hitachi Ucosminexus Service Platform 07 10 01
Hitachi Ucosminexus Application Server Enterprise 7 20 01
3.5
CVSSv2
CVE-2014-7827
The org.jboss.security.plugins.mapping.JBossMappingManager implementation in JBoss Security in Red Hat JBoss Enterprise Application Platform (EAP) prior to 6.3.3 uses the default security domain when a security domain is undefined, which allows remote authenticated users to bypas...
Redhat Jboss Enterprise Application Platform
7.5
CVSSv2
CVE-2017-7504
HTTPServerILServlet.java in JMS over HTTP Invocation Layer of the JbossMQ implementation, which is enabled by default in Red Hat Jboss Application Server <= Jboss 4.X does not restrict the classes for which it performs deserialization, which allows remote malicious users to ex...
Redhat Jboss Enterprise Application Platform
10 Github repositories
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-33572
CVE-2024-24919
CVE-2024-0230
CVE-2024-32714
HTML injection
local file inclusion
CVE-2024-31098
CVE-2024-31244
privilege
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2
3
4
5
6
7
8
9
NEXT »