Redhat

Jboss Enterprise Application Platform

236 vulnerabilities found.

Hinweis: Diese Liste kann unvollständig sein. Daten werden ohne Gewähr im Ursprungsformat bereitgestellt.
9.1

CVE-2017-9788

  • EPSS 47.95%
  • Published 13.07.2017 16:29:00
  • Last modified 20.04.2025 01:37:25

In Apache httpd before 2.2.34 and 2.4.x before 2.4.27, the value placeholder in [Proxy-]Authorization headers of type 'Digest' was not initialized or reset before or between successive key=value assignments by mod_auth_digest. Providing an initial ke...

9.8

CVE-2016-3690

  • EPSS 1.89%
  • Published 08.06.2017 18:29:00
  • Last modified 20.04.2025 01:37:25

The PooledInvokerServlet in JBoss EAP 4.x and 5.x allows remote attackers to execute arbitrary code via a crafted serialized payload.

9.8

CVE-2017-7504

  • EPSS 89.66%
  • Published 19.05.2017 20:29:00
  • Last modified 20.04.2025 01:37:25

HTTPServerILServlet.java in JMS over HTTP Invocation Layer of the JbossMQ implementation, which is enabled by default in Red Hat Jboss Application Server <= Jboss 4.X does not restrict the classes for which it performs deserialization, which allows r...

9.8

CVE-2017-7503

  • EPSS 0.31%
  • Published 18.05.2017 15:29:00
  • Last modified 20.04.2025 01:37:25

It was found that the Red Hat JBoss EAP 7.0.5 implementation of javax.xml.transform.TransformerFactory is vulnerable to XXE. An attacker could use this flaw to launch DoS or SSRF attacks, or read files from the server where EAP is deployed.

8.8

CVE-2016-7065

  • EPSS 7.18%
  • Published 13.10.2016 14:59:11
  • Last modified 12.04.2025 10:46:40

The JMX servlet in Red Hat JBoss Enterprise Application Platform (EAP) 4 and 5 allows remote authenticated users to cause a denial of service and possibly execute arbitrary code via a crafted serialized Java object.

7.1

CVE-2016-7046

  • EPSS 4.06%
  • Published 03.10.2016 21:59:07
  • Last modified 12.04.2025 10:46:40

Red Hat JBoss Enterprise Application Platform (EAP) 7, when operating as a reverse-proxy with default buffer sizes, allows remote attackers to cause a denial of service (CPU and disk consumption) via a long URL.

7.2

CVE-2016-4978

  • EPSS 1.08%
  • Published 27.09.2016 15:59:01
  • Last modified 12.04.2025 10:46:40

The getObject method of the javax.jms.ObjectMessage class in the (1) JMS Core client, (2) Artemis broker, and (3) Artemis REST component in Apache ActiveMQ Artemis before 1.4.0 might allow remote authenticated users with permission to send messages t...

8.8

CVE-2016-5406

  • EPSS 1.5%
  • Published 26.09.2016 14:59:05
  • Last modified 12.04.2025 10:46:40

The domain controller in Red Hat JBoss Enterprise Application Platform (EAP) 7.x before 7.0.2 allows remote authenticated users to gain privileges by leveraging failure to propagate administrative RBAC configuration to all slaves.

6.1

CVE-2016-4993

  • EPSS 0.83%
  • Published 26.09.2016 14:59:03
  • Last modified 12.04.2025 10:46:40

CRLF injection vulnerability in the Undertow web server in WildFly 10.0.0, as used in Red Hat JBoss Enterprise Application Platform (EAP) 7.x before 7.0.2, allows remote attackers to inject arbitrary HTTP headers and conduct HTTP response splitting a...

7.5

CVE-2016-3110

  • EPSS 3.22%
  • Published 26.09.2016 14:59:00
  • Last modified 12.04.2025 10:46:40

mod_cluster, as used in Red Hat JBoss Web Server 2.1, allows remote attackers to cause a denial of service (Apache http server crash) via an MCMP message containing a series of = (equals) characters after a legitimate element.