Redhat

Jboss Enterprise Application Platform

238 Schwachstellen gefunden.

Hinweis: Diese Liste kann unvollständig sein. Daten werden ohne Gewähr im Ursprungsformat bereitgestellt.
9.8

CVE-2017-17485

  • EPSS 79.79%
  • Veröffentlicht 10.01.2018 18:29:01
  • Zuletzt bearbeitet 27.08.2025 21:15:33

FasterXML jackson-databind through 2.8.10 and 2.9.x through 2.9.3 allows unauthenticated remote code execution because of an incomplete fix for the CVE-2017-7525 deserialization flaw. This is exploitable by sending maliciously crafted JSON input to t...

7

CVE-2017-7536

  • EPSS 0.1%
  • Veröffentlicht 10.01.2018 15:29:00
  • Zuletzt bearbeitet 21.11.2024 03:32:06

In Hibernate Validator 5.2.x before 5.2.5 final, 5.3.x, and 5.4.x, it was found that when the security manager's reflective permissions, which allows it to access the private members of the class, are granted to Hibernate Validator, a potential privi...

7.5

CVE-2016-8610

  • EPSS 71.13%
  • Veröffentlicht 13.11.2017 22:29:00
  • Zuletzt bearbeitet 20.04.2025 01:37:25

A denial of service flaw was found in OpenSSL 0.9.8, 1.0.1, 1.0.2 through 1.0.2h, and 1.1.0 in the way the TLS/SSL protocol defined processing of ALERT packets during a connection handshake. A remote attacker could use this flaw to make a TLS/SSL ser...

10

CVE-2015-7501

  • EPSS 71.46%
  • Veröffentlicht 09.11.2017 17:29:00
  • Zuletzt bearbeitet 20.04.2025 01:37:25

Red Hat JBoss A-MQ 6.x; BPM Suite (BPMS) 6.x; BRMS 6.x and 5.x; Data Grid (JDG) 6.x; Data Virtualization (JDV) 6.x and 5.x; Enterprise Application Platform 6.x, 5.x, and 4.3.x; Fuse 6.x; Fuse Service Works (FSW) 6.x; Operations Network (JBoss ON) 3.x...

9.8

CVE-2017-12629

Exploit
  • EPSS 93.89%
  • Veröffentlicht 14.10.2017 23:29:00
  • Zuletzt bearbeitet 20.04.2025 01:37:25

Remote code execution occurs in Apache Solr before 7.1 with Apache Lucene before 7.1 by exploiting XXE in conjunction with use of a Config API add-listener command to reach the RunExecutableListener class. Elasticsearch, although it uses Lucene, is N...

9.8

CVE-2017-12149

Warnung
  • EPSS 94.31%
  • Veröffentlicht 04.10.2017 21:01:00
  • Zuletzt bearbeitet 22.10.2025 00:16:02

In Jboss Application Server as shipped with Red Hat Enterprise Application Platform 5.2, it was found that the doFilter method in the ReadOnlyAccessFilter of the HTTP Invoker does not restrict classes for which it performs deserialization and thus al...

8.1

CVE-2017-12617

Warnung Exploit
  • EPSS 94.37%
  • Veröffentlicht 04.10.2017 01:29:02
  • Zuletzt bearbeitet 22.10.2025 00:16:04

When running Apache Tomcat versions 9.0.0.M1 to 9.0.0, 8.5.0 to 8.5.22, 8.0.0.RC1 to 8.0.46 and 7.0.0 to 7.0.81 with HTTP PUTs enabled (e.g. via setting the readonly initialisation parameter of the Default servlet to false) it was possible to upload ...

5.9

CVE-2015-1849

Exploit
  • EPSS 0.3%
  • Veröffentlicht 19.09.2017 17:29:00
  • Zuletzt bearbeitet 20.04.2025 01:37:25

AdvancedLdapLodinMogule in Red Hat JBoss Enterprise Application Platform (EAP) before 6.4.1 allows attackers to obtain sensitive information via vectors involving logging the LDAP bind credential password when TRACE logging is enabled.

7.5

CVE-2017-7561

  • EPSS 1.07%
  • Veröffentlicht 13.09.2017 17:29:00
  • Zuletzt bearbeitet 20.04.2025 01:37:25

Red Hat JBoss EAP version 3.0.7 through before 4.0.0.Beta1 is vulnerable to a server-side cache poisoning or CORS requests in the JAX-RS component resulting in a moderate impact.

5.3

CVE-2016-6311

  • EPSS 0.67%
  • Veröffentlicht 22.08.2017 18:29:00
  • Zuletzt bearbeitet 20.04.2025 01:37:25

Get requests in JBoss Enterprise Application Platform (EAP) 7 disclose internal IP addresses to remote attackers.