Redhat

Jboss Enterprise Application Platform

247 Schwachstellen gefunden.

Hinweis: Diese Liste kann unvollständig sein. Daten werden ohne Gewähr im Ursprungsformat bereitgestellt.
7.5

CVE-2016-3110

  • EPSS 3.22%
  • Veröffentlicht 26.09.2016 14:59:00
  • Zuletzt bearbeitet 06.05.2026 22:30:45

mod_cluster, as used in Red Hat JBoss Web Server 2.1, allows remote attackers to cause a denial of service (Apache http server crash) via an MCMP message containing a series of = (equals) characters after a legitimate element.

7.5

CVE-2016-2183

Medienbericht
  • EPSS 37.75%
  • Veröffentlicht 01.09.2016 00:59:00
  • Zuletzt bearbeitet 06.05.2026 22:30:45

The DES and Triple DES ciphers, as used in the TLS, SSH, and IPSec protocols and other protocols and products, have a birthday bound of approximately four billion blocks, which makes it easier for remote attackers to obtain cleartext data via a birth...

9.8

CVE-2016-2141

  • EPSS 1.55%
  • Veröffentlicht 30.06.2016 16:59:00
  • Zuletzt bearbeitet 06.05.2026 22:30:45

It was found that JGroups did not require necessary headers for encrypt and auth protocols from new nodes joining the cluster. An attacker could use this flaw to bypass security restrictions, and use this vulnerability to send and receive messages wi...

3.5

CVE-2015-5304

  • EPSS 1.29%
  • Veröffentlicht 16.12.2015 21:59:00
  • Zuletzt bearbeitet 06.05.2026 22:30:45

Red Hat JBoss Enterprise Application Platform (EAP) before 6.4.5 does not properly authorize access to shut down the server, which allows remote authenticated users with the Monitor, Deployer, or Auditor role to cause a denial of service via unspecif...

5

CVE-2015-5220

  • EPSS 1.52%
  • Veröffentlicht 27.10.2015 16:59:05
  • Zuletzt bearbeitet 06.05.2026 22:30:45

The Web Console in Red Hat Enterprise Application Platform (EAP) before 6.4.4 and WildFly (formerly JBoss Application Server) allows remote attackers to cause a denial of service (memory consumption) via a large request header.

6.8

CVE-2015-5188

  • EPSS 0.33%
  • Veröffentlicht 27.10.2015 16:59:03
  • Zuletzt bearbeitet 06.05.2026 22:30:45

Cross-site request forgery (CSRF) vulnerability in the Web Console (web-console) in Red Hat Enterprise Application Platform before 6.4.4 and WildFly (formerly JBoss Application Server) before 2.0.0.CR9 allows remote attackers to hijack the authentica...

4.3

CVE-2015-5178

  • EPSS 0.51%
  • Veröffentlicht 27.10.2015 16:59:01
  • Zuletzt bearbeitet 06.05.2026 22:30:45

The Management Console in Red Hat Enterprise Application Platform before 6.4.4 and WildFly (formerly JBoss Application Server) does not send an X-Frame-Options HTTP header, which makes it easier for remote attackers to conduct clickjacking attacks vi...

2.1

CVE-2014-3586

  • EPSS 0.08%
  • Veröffentlicht 21.04.2015 17:59:00
  • Zuletzt bearbeitet 06.05.2026 22:30:45

The default configuration for the Command Line Interface in Red Hat Enterprise Application Platform before 6.4.0 and WildFly (formerly JBoss Application Server) uses weak permissions for .jboss-cli-history, which allows local users to obtain sensitiv...

3.6

CVE-2014-0005

  • EPSS 0.21%
  • Veröffentlicht 20.02.2015 16:59:00
  • Zuletzt bearbeitet 06.05.2026 22:30:45

PicketBox and JBossSX, as used in Red Hat JBoss Enterprise Application Platform (JBEAP) 6.2.2 and JBoss BRMS before 6.0.3 roll up patch 2, allows remote authenticated users to read and modify the application sever configuration and state by deploying...

4

CVE-2014-7853

  • EPSS 0.43%
  • Veröffentlicht 13.02.2015 15:59:06
  • Zuletzt bearbeitet 06.05.2026 22:30:45

The JBoss Application Server (WildFly) JacORB subsystem in Red Hat JBoss Enterprise Application Platform (EAP) before 6.3.3 does not properly assign socket-binding-ref sensitivity classification to the security-domain attribute, which allows remote a...