Redhat

Jboss Enterprise Application Platform

238 Schwachstellen gefunden.

Hinweis: Diese Liste kann unvollständig sein. Daten werden ohne Gewähr im Ursprungsformat bereitgestellt.
6.8

CVE-2014-0226

Exploit
  • EPSS 73.42%
  • Veröffentlicht 20.07.2014 11:12:48
  • Zuletzt bearbeitet 12.04.2025 10:46:40

Race condition in the mod_status module in the Apache HTTP Server before 2.4.10 allows remote attackers to cause a denial of service (heap-based buffer overflow), or possibly obtain sensitive credential information or execute arbitrary code, via a cr...

4.3

CVE-2014-0034

  • EPSS 1.86%
  • Veröffentlicht 07.07.2014 14:55:03
  • Zuletzt bearbeitet 12.04.2025 10:46:40

The SecurityTokenService (STS) in Apache CXF before 2.6.12 and 2.7.x before 2.7.9 does not properly validate SAML tokens when caching is enabled, which allows remote attackers to gain access via an invalid SAML token.

4.3

CVE-2014-0035

  • EPSS 0.96%
  • Veröffentlicht 07.07.2014 14:55:03
  • Zuletzt bearbeitet 12.04.2025 10:46:40

The SymmetricBinding in Apache CXF before 2.6.13 and 2.7.x before 2.7.10, when EncryptBeforeSigning is enabled and the UsernameToken policy is set to an EncryptedSupportingToken, transmits the UsernameToken in cleartext, which allows remote attackers...

6.8

CVE-2014-0248

  • EPSS 2.35%
  • Veröffentlicht 07.07.2014 14:55:03
  • Zuletzt bearbeitet 12.04.2025 10:46:40

org.jboss.seam.web.AuthenticationFilter in Red Hat JBoss Web Framework Kit 2.5.0, JBoss Enterprise Application Platform (JBEAP) 5.2.0, and JBoss Enterprise Web Platform (JBEWP) 5.2.0 allows remote attackers to execute arbitrary code via a crafted aut...

5

CVE-2014-3481

  • EPSS 1.09%
  • Veröffentlicht 07.07.2014 14:55:03
  • Zuletzt bearbeitet 12.04.2025 10:46:40

org.jboss.as.jaxrs.deployment.JaxrsIntegrationProcessor in Red Hat JBoss Enterprise Application Platform (JEAP) before 6.2.4 enables entity expansion, which allows remote attackers to read arbitrary files via unspecified vectors, related to an XML Ex...

7.4

CVE-2014-0224

Exploit
  • EPSS 92.72%
  • Veröffentlicht 05.06.2014 21:55:07
  • Zuletzt bearbeitet 12.04.2025 10:46:40

OpenSSL before 0.9.8za, 1.0.0 before 1.0.0m, and 1.0.1 before 1.0.1h does not properly restrict processing of ChangeCipherSpec messages, which allows man-in-the-middle attackers to trigger use of a zero-length master key in certain OpenSSL-to-OpenSSL...

5.8

CVE-2014-0093

  • EPSS 0.28%
  • Veröffentlicht 03.04.2014 16:15:12
  • Zuletzt bearbeitet 12.04.2025 10:46:40

Red Hat JBoss Enterprise Application Platform (JBEAP) 6.2.2, when using a Java Security Manager (JSM), does not properly apply permissions defined by a policy file, which causes applications to be granted the java.security.AllPermission permission an...

1.9

CVE-2014-0058

  • EPSS 0.06%
  • Veröffentlicht 26.02.2014 15:55:08
  • Zuletzt bearbeitet 12.04.2025 10:46:40

The security audit functionality in Red Hat JBoss Enterprise Application Platform (EAP) 6.x before 6.2.1 logs request parameters in plaintext, which might allow local users to obtain passwords by reading the log files.

1.9

CVE-2014-0018

  • EPSS 0.06%
  • Veröffentlicht 14.02.2014 15:55:05
  • Zuletzt bearbeitet 11.04.2025 00:51:21

Red Hat JBoss Enterprise Application Platform (JBEAP) 6.2.0 and JBoss WildFly Application Server, when run under a security manager, do not properly restrict access to the Modular Service Container (MSC) service registry, which allows local users to ...

5

CVE-2011-4610

  • EPSS 1.5%
  • Veröffentlicht 10.02.2014 23:55:04
  • Zuletzt bearbeitet 11.04.2025 00:51:21

JBoss Web, as used in Red Hat JBoss Communications Platform before 5.1.3, Enterprise Web Platform before 5.1.2, Enterprise Application Platform before 5.1.2, and other products, allows remote attackers to cause a denial of service (infinite loop) via...