CVE-2012-1094
- EPSS 0.24%
- Veröffentlicht 10.03.2020 17:15:12
- Zuletzt bearbeitet 21.11.2024 01:36:24
JBoss AS 7 prior to 7.1.1 and mod_cluster do not handle default hostname in the same way, which can cause the excluded-contexts list to be mismatched and the root context to be exposed.
CVE-2012-2312
- EPSS 0.04%
- Veröffentlicht 18.12.2019 18:15:15
- Zuletzt bearbeitet 21.11.2024 01:38:51
An Elevated Privileges issue exists in JBoss AS 7 Community Release due to the improper implementation in the security context propagation, A threat gets reused from the thread pool that still retains the security context from the process last used, ...
CVE-2011-3609
- EPSS 0.51%
- Veröffentlicht 26.11.2019 03:15:10
- Zuletzt bearbeitet 21.11.2024 01:30:50
A CSRF issue was found in JBoss Application Server 7 before 7.1.0. JBoss did not properly restrict access to the management console information (for example via the "Access-Control-Allow-Origin" HTTP access control flag). This can lead to unauthorize...
CVE-2011-3606
- EPSS 0.4%
- Veröffentlicht 26.11.2019 02:15:10
- Zuletzt bearbeitet 21.11.2024 01:30:50
A DOM based cross-site scripting flaw was found in the JBoss Application Server 7 before 7.1.0 Beta 1 administration console. A remote attacker could provide a specially-crafted web page and trick the valid JBoss AS user, with the administrator privi...
CVE-2013-3734
- EPSS 0.78%
- Veröffentlicht 24.10.2017 15:29:00
- Zuletzt bearbeitet 20.04.2025 01:37:25
The Embedded Jopr component in JBoss Application Server includes the cleartext datasource password in unspecified HTML responses, which might allow (1) man-in-the-middle attackers to obtain sensitive information by leveraging failure to use SSL or (2...