Redhat

Jboss Enterprise Application Platform

236 Schwachstellen gefunden.

Hinweis: Diese Liste kann unvollständig sein. Daten werden ohne Gewähr im Ursprungsformat bereitgestellt.
5.5

CVE-2013-2133

  • EPSS 0.33%
  • Veröffentlicht 06.12.2013 17:55:04
  • Zuletzt bearbeitet 11.04.2025 00:51:21

The EJB invocation handler implementation in Red Hat JBossWS, as used in JBoss Enterprise Application Platform (EAP) before 6.2.0, does not properly enforce the method level restrictions for JAX-WS Service endpoints, which allows remote authenticated...

4.3

CVE-2012-4529

  • EPSS 0.56%
  • Veröffentlicht 28.10.2013 21:55:04
  • Zuletzt bearbeitet 11.04.2025 00:51:21

The org.apache.catalina.connector.Response.encodeURL method in Red Hat JBoss Web 7.1.x and earlier, when the tracking mode is set to COOKIE, sends the jsessionid in the URL of the first response of a session, which allows remote attackers to obtain t...

3.7

CVE-2012-4572

  • EPSS 0.15%
  • Veröffentlicht 28.10.2013 21:55:04
  • Zuletzt bearbeitet 11.04.2025 00:51:21

Red Hat JBoss Enterprise Application Platform (EAP) before 6.1.0 and JBoss Portal before 6.1.0 does not load the implementation of a custom authorization module for a new application when an implementation is already loaded and the modules share clas...

5

CVE-2013-4210

  • EPSS 1.27%
  • Veröffentlicht 01.10.2013 17:55:03
  • Zuletzt bearbeitet 11.04.2025 00:51:21

The org.jboss.remoting.transport.socket.ServerThread class in Red Hat JBoss Remoting for Red Hat JBoss SOA Platform 5.3.1 GA, Web Platform 5.2.0, Enterprise Application Platform 5.2.0, and other products allows remote attackers to cause a denial of s...

5.4

CVE-2013-4112

  • EPSS 0.62%
  • Veröffentlicht 28.09.2013 19:55:03
  • Zuletzt bearbeitet 11.04.2025 00:51:21

The DiagnosticsHandler in JGroup 3.0.x, 3.1.x, 3.2.x before 3.2.9, and 3.3.x before 3.3.3 allows remote attackers to obtain sensitive information (diagnostic information) and execute arbitrary code by reusing valid credentials.

1.9

CVE-2013-1921

  • EPSS 0.05%
  • Veröffentlicht 28.09.2013 19:55:02
  • Zuletzt bearbeitet 11.04.2025 00:51:21

PicketBox, as used in Red Hat JBoss Enterprise Application Platform before 6.1.1, allows local users to obtain the admin encryption key by reading the Vault data file.

6.4

CVE-2012-5575

  • EPSS 12.29%
  • Veröffentlicht 19.08.2013 23:55:08
  • Zuletzt bearbeitet 11.04.2025 00:51:21

Apache CXF 2.5.x before 2.5.10, 2.6.x before CXF 2.6.7, and 2.7.x before CXF 2.7.4 does not verify that a specified cryptographic algorithm is allowed by the WS-SecurityPolicy AlgorithmSuite definition before decrypting, which allows remote attackers...

6.4

CVE-2013-4213

  • EPSS 0.59%
  • Veröffentlicht 16.08.2013 16:55:46
  • Zuletzt bearbeitet 11.04.2025 00:51:21

Red Hat JBoss Enterprise Application Platform (EAP) 6.1.0 does not properly cache EJB invocations by the EJB client API, which allows remote attackers to hijack sessions by using an EJB client.

6.4

CVE-2013-4128

  • EPSS 0.69%
  • Veröffentlicht 16.08.2013 16:55:03
  • Zuletzt bearbeitet 11.04.2025 00:51:21

Red Hat JBoss Enterprise Application Platform (EAP) 6.1.0 does not properly cache EJB invocations by remote-naming, which allows remote attackers to hijack sessions by using a remoting client.

5

CVE-2011-1483

  • EPSS 1.37%
  • Veröffentlicht 29.07.2013 13:59:54
  • Zuletzt bearbeitet 11.04.2025 00:51:21

wsf/common/DOMUtils.java in JBossWS Native in Red Hat JBoss Enterprise Application Platform 4.2.0.CP09, 4.3, and 5.1.1; JBoss Enterprise Portal Platform 4.3.CP06 and 5.1.1; JBoss Enterprise SOA Platform 4.2.CP05, 4.3.CP05, and 5.1.0; JBoss Communicat...