Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
enterprise application platform vulnerabilities and exploits
(subscribe to this query)
NA
CVE-2011-4575
Cross-site scripting (XSS) vulnerability in the JMX console in JBoss Enterprise Application Platform (EAP) prior to 5.2.0, Web Platform (EWP) prior to 5.2.0, BRMS Platform prior to 5.3.1, and SOA Platform prior to 5.3.1 allows remote malicious users to inject arbitrary web script...
Redhat Jboss Enterprise Web Platform 5.2.0
Redhat Jboss Enterprise Application Platform 5.2.0
Redhat Jboss Enterprise Brms Platform
NA
CVE-2012-0874
The (1) JMXInvokerHAServlet and (2) EJBInvokerHAServlet invoker servlets in JBoss Enterprise Application Platform (EAP) prior to 5.2.0, Web Platform (EWP) prior to 5.2.0, BRMS Platform prior to 5.3.1, and SOA Platform prior to 5.3.1 do not require authentication by default in cer...
Redhat Jboss Enterprise Application Platform 5.2.0
Redhat Jboss Enterprise Web Platform 5.2.0
Redhat Jboss Enterprise Brms Platform
1 EDB exploit
7.5
CVSSv3
CVE-2023-5379
A flaw was found in Undertow. When an AJP request is sent that exceeds the max-header-size attribute in ajp-listener, JBoss EAP is marked in an error state by mod_cluster in httpd, causing JBoss EAP to close the TCP connection without returning an AJP response. This happens becau...
Redhat Jboss Enterprise Application Platform 7.0.0
Redhat Undertow -
Redhat Single Sign-on 7.0
Redhat Jboss Enterprise Application Platform -
7.5
CVSSv3
CVE-2020-7238
Netty 4.1.43.Final allows HTTP Request Smuggling because it mishandles Transfer-Encoding whitespace (such as a [space]Transfer-Encoding:chunked line) and a later Content-Length header. This issue exists because of an incomplete fix for CVE-2019-16869.
Netty Netty 4.1.43
Fedoraproject Fedora 33
Debian Debian Linux 8.0
Debian Debian Linux 9.0
Debian Debian Linux 10.0
Redhat Jboss Enterprise Application Platform 7.2
Redhat Jboss Enterprise Application Platform Text-only Advisories -
Redhat Jboss Enterprise Application Platform 7.3
Redhat Openshift Application Runtimes Text-only Advisories -
Redhat Jboss Enterprise Application Platform 7.4
NA
CVE-2010-3708
The serialization implementation in JBoss Drools in Red Hat JBoss Enterprise Application Platform (aka JBoss EAP or JBEAP) 4.3 prior to 4.3.0.CP09 and JBoss Enterprise SOA Platform 4.2 and 4.3 supports the embedding of class files, which allows remote malicious users to execute a...
Redhat Jboss Enterprise Application Platform 4.3.0
Redhat Jboss Enterprise Soa Platform 4.2.0
Redhat Jboss Enterprise Soa Platform 4.3.0
NA
CVE-2014-3518
jmx-remoting.sar in JBoss Remoting, as used in Red Hat JBoss Enterprise Application Platform (JEAP) 5.2.0, Red Hat JBoss BRMS 5.3.1, Red Hat JBoss Portal Platform 5.2.2, and Red Hat JBoss SOA Platform 5.3.1, does not properly implement the JSR 160 specification, which allows remo...
Redhat Jboss Enterprise Application Platform 5.2.0
Redhat Jboss Enterprise Portal Platform 5.2.2
Redhat Jboss Enterprise Soa Platform 5.3.1
Redhat Jboss Enterprise Brms Platform 5.3.1
NA
CVE-2007-4758
Multiple buffer overflows in the image-processing APIs in Cosminexus Developer's Kit for Java in Cosminexus 4 through 7 allow remote malicious users to cause a denial of service or execute arbitrary code via unspecified vectors.
Hitachi Ucosminexus Application Server Enterprise 07 00 01
Hitachi Ucosminexus Application Server Enterprise 07 10
Hitachi Ucosminexus Application Server Standard 07 00
Hitachi Ucosminexus Application Server Standard 07 00 03
Hitachi Ucosminexus Application Server Standard 07 10
Hitachi Ucosminexus Application Server Standard 7 10 01
Hitachi Ucosminexus Service Platform 07 00 03
Hitachi Ucosminexus Service Platform 07 10
Hitachi Ucosminexus Application Server Enterprise 07 00
Hitachi Ucosminexus Application Server Enterprise 7 20 01
Hitachi Ucosminexus Application Server Standard 07 00 01
Hitachi Ucosminexus Application Server Standard 07 00 02
Hitachi Ucosminexus Service Platform 07 00 01
Hitachi Ucosminexus Service Platform 07 00 02
Hitachi Ucosminexus Service Platform 07 20
Hitachi Ucosminexus Service Platform 7 20 01
Hitachi Ucosminexus Application Server Enterprise 07 00 02
Hitachi Ucosminexus Application Server Enterprise 07 00 03
Hitachi Ucosminexus Application Server Enterprise 07 10 01
Hitachi Ucosminexus Application Server Standard 7 20
Hitachi Ucosminexus Application Server Standard 7 20 01
Hitachi Ucosminexus Application Server Enterprise 7 20
NA
CVE-2007-4759
Multiple unspecified vulnerabilities in the image-processing APIs in Cosminexus Developer's Kit for Java in Cosminexus 4 through 7 allow remote malicious users to cause a denial of service via unspecified vectors.
Hitachi Ucosminexus Application Server Enterprise 07 00
Hitachi Ucosminexus Application Server Enterprise 07 00 01
Hitachi Ucosminexus Application Server Enterprise 07 00 02
Hitachi Ucosminexus Application Server Enterprise 07 10 01
Hitachi Ucosminexus Application Server Standard 07 00
Hitachi Ucosminexus Application Server Standard 07 10
Hitachi Ucosminexus Application Server Standard 7 20
Hitachi Ucosminexus Application Server Standard 7 20 01
Hitachi Ucosminexus Service Platform 07 10
Hitachi Ucosminexus Application Server Enterprise 07 10
Hitachi Ucosminexus Application Server Standard 07 00 02
Hitachi Ucosminexus Application Server Standard 07 00 03
Hitachi Ucosminexus Application Server Standard 7 10 01
Hitachi Ucosminexus Service Platform 07 00 02
Hitachi Ucosminexus Service Platform 07 00 03
Hitachi Ucosminexus Service Platform 7 20 01
Hitachi Ucosminexus Application Server Enterprise 07 00 03
Hitachi Ucosminexus Application Server Enterprise 7 20
Hitachi Ucosminexus Application Server Standard 07 00 01
Hitachi Ucosminexus Service Platform 07 00
Hitachi Ucosminexus Service Platform 07 10 01
Hitachi Ucosminexus Application Server Enterprise 7 20 01
9.8
CVSSv3
CVE-2017-7504
HTTPServerILServlet.java in JMS over HTTP Invocation Layer of the JbossMQ implementation, which is enabled by default in Red Hat Jboss Application Server <= Jboss 4.X does not restrict the classes for which it performs deserialization, which allows remote malicious users to ex...
Redhat Jboss Enterprise Application Platform
10 Github repositories
NA
CVE-2014-7827
The org.jboss.security.plugins.mapping.JBossMappingManager implementation in JBoss Security in Red Hat JBoss Enterprise Application Platform (EAP) prior to 6.3.3 uses the default security domain when a security domain is undefined, which allows remote authenticated users to bypas...
Redhat Jboss Enterprise Application Platform
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
SSTI
CVE-2024-35863
CVE-2024-35910
man-in-the-middle
CVE-2024-35912
CVE-2024-25742
LFI
CVE-2024-32002
CVE-2024-22120
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2
3
4
5
6
7
8
9
NEXT »