Redhat

Jboss Enterprise Application Platform

236 vulnerabilities found.

Hinweis: Diese Liste kann unvollständig sein. Daten werden ohne Gewähr im Ursprungsformat bereitgestellt.
7.5

CVE-2016-2183

Media report
  • EPSS 40.02%
  • Published 01.09.2016 00:59:00
  • Last modified 12.04.2025 10:46:40

The DES and Triple DES ciphers, as used in the TLS, SSH, and IPSec protocols and other protocols and products, have a birthday bound of approximately four billion blocks, which makes it easier for remote attackers to obtain cleartext data via a birth...

9.8

CVE-2016-2141

  • EPSS 1.55%
  • Published 30.06.2016 16:59:00
  • Last modified 12.04.2025 10:46:40

It was found that JGroups did not require necessary headers for encrypt and auth protocols from new nodes joining the cluster. An attacker could use this flaw to bypass security restrictions, and use this vulnerability to send and receive messages wi...

3.5

CVE-2015-5304

  • EPSS 1.29%
  • Published 16.12.2015 21:59:00
  • Last modified 12.04.2025 10:46:40

Red Hat JBoss Enterprise Application Platform (EAP) before 6.4.5 does not properly authorize access to shut down the server, which allows remote authenticated users with the Monitor, Deployer, or Auditor role to cause a denial of service via unspecif...

5

CVE-2015-5220

  • EPSS 1.52%
  • Published 27.10.2015 16:59:05
  • Last modified 12.04.2025 10:46:40

The Web Console in Red Hat Enterprise Application Platform (EAP) before 6.4.4 and WildFly (formerly JBoss Application Server) allows remote attackers to cause a denial of service (memory consumption) via a large request header.

6.8

CVE-2015-5188

  • EPSS 0.33%
  • Published 27.10.2015 16:59:03
  • Last modified 12.04.2025 10:46:40

Cross-site request forgery (CSRF) vulnerability in the Web Console (web-console) in Red Hat Enterprise Application Platform before 6.4.4 and WildFly (formerly JBoss Application Server) before 2.0.0.CR9 allows remote attackers to hijack the authentica...

4.3

CVE-2015-5178

  • EPSS 0.51%
  • Published 27.10.2015 16:59:01
  • Last modified 12.04.2025 10:46:40

The Management Console in Red Hat Enterprise Application Platform before 6.4.4 and WildFly (formerly JBoss Application Server) does not send an X-Frame-Options HTTP header, which makes it easier for remote attackers to conduct clickjacking attacks vi...

2.1

CVE-2014-3586

  • EPSS 0.05%
  • Published 21.04.2015 17:59:00
  • Last modified 12.04.2025 10:46:40

The default configuration for the Command Line Interface in Red Hat Enterprise Application Platform before 6.4.0 and WildFly (formerly JBoss Application Server) uses weak permissions for .jboss-cli-history, which allows local users to obtain sensitiv...

3.6

CVE-2014-0005

  • EPSS 0.21%
  • Published 20.02.2015 16:59:00
  • Last modified 12.04.2025 10:46:40

PicketBox and JBossSX, as used in Red Hat JBoss Enterprise Application Platform (JBEAP) 6.2.2 and JBoss BRMS before 6.0.3 roll up patch 2, allows remote authenticated users to read and modify the application sever configuration and state by deploying...

4

CVE-2014-7853

  • EPSS 0.43%
  • Published 13.02.2015 15:59:06
  • Last modified 12.04.2025 10:46:40

The JBoss Application Server (WildFly) JacORB subsystem in Red Hat JBoss Enterprise Application Platform (EAP) before 6.3.3 does not properly assign socket-binding-ref sensitivity classification to the security-domain attribute, which allows remote a...

4

CVE-2014-7849

  • EPSS 0.4%
  • Published 13.02.2015 15:59:05
  • Last modified 12.04.2025 10:46:40

The Role Based Access Control (RBAC) implementation in JBoss Enterprise Application Platform (EAP) 6.2.0 through 6.3.2 does not properly verify authorization conditions, which allows remote authenticated users to add, modify, and undefine otherwise r...