Redhat

Jboss Enterprise Application Platform

238 Schwachstellen gefunden.

Hinweis: Diese Liste kann unvollständig sein. Daten werden ohne Gewähr im Ursprungsformat bereitgestellt.
7.5

CVE-2010-1428

Warnung Exploit
  • EPSS 65.34%
  • Veröffentlicht 28.04.2010 22:30:00
  • Zuletzt bearbeitet 22.10.2025 01:15:36

The Web Console (aka web-console) in JBossAs in Red Hat JBoss Enterprise Application Platform (aka JBoss EAP or JBEAP) 4.2 before 4.2.0.CP09 and 4.3 before 4.3.0.CP08 performs access control only for the GET and POST methods, which allows remote atta...

5

CVE-2010-1429

  • EPSS 27.36%
  • Veröffentlicht 28.04.2010 22:30:00
  • Zuletzt bearbeitet 11.04.2025 00:51:21

Red Hat JBoss Enterprise Application Platform (aka JBoss EAP or JBEAP) 4.2 before 4.2.0.CP09 and 4.3 before 4.3.0.CP08 allows remote attackers to obtain sensitive information about "deployed web contexts" via a request to the status servlet, as demon...

2.1

CVE-2009-3554

  • EPSS 0.07%
  • Veröffentlicht 15.12.2009 18:30:01
  • Zuletzt bearbeitet 09.04.2025 00:30:58

Twiddle in Red Hat JBoss Enterprise Application Platform (aka JBoss EAP or JBEAP) 4.2 before 4.2.0.CP08 and 4.3 before 4.3.0.CP07 writes the JMX password, and other command-line arguments, to the twiddle.log file, which allows local users to obtain s...

4.3

CVE-2009-1380

  • EPSS 0.6%
  • Veröffentlicht 15.12.2009 18:30:00
  • Zuletzt bearbeitet 09.04.2025 00:30:58

Cross-site scripting (XSS) vulnerability in JMX-Console in JBossAs in Red Hat JBoss Enterprise Application Platform (aka JBoss EAP or JBEAP) 4.2 before 4.2.0.CP08 and 4.3 before 4.3.0.CP07 allows remote attackers to inject arbitrary web script or HTM...

4.3

CVE-2009-2405

  • EPSS 0.78%
  • Veröffentlicht 15.12.2009 18:30:00
  • Zuletzt bearbeitet 09.04.2025 00:30:58

Multiple cross-site scripting (XSS) vulnerabilities in the Web Console in the Application Server in Red Hat JBoss Enterprise Application Platform (aka JBoss EAP or JBEAP) 4.2.0 before 4.2.0.CP08, 4.2.2GA, 4.3 before 4.3.0.CP07, and 5.1.0GA allow remo...

5

CVE-2009-0027

  • EPSS 0.71%
  • Veröffentlicht 09.03.2009 21:30:00
  • Zuletzt bearbeitet 09.04.2025 00:30:58

The request handler in JBossWS in JBoss Enterprise Application Platform (aka JBoss EAP or JBEAP) 4.2 before 4.2.0.CP06 and 4.3 before 4.3.0.CP04 does not properly validate the resource path during a request for a WSDL file with a custom web-service e...

4.3

CVE-2008-3519

  • EPSS 0.71%
  • Veröffentlicht 23.09.2008 15:24:43
  • Zuletzt bearbeitet 09.04.2025 00:30:58

The default configuration of the JBossAs component in Red Hat JBoss Enterprise Application Platform (aka JBossEAP or EAP), possibly 4.2 before CP04 and 4.3 before CP02, when a production environment is enabled, sets the DownloadServerClasses property...

4.3

CVE-2008-0455

Exploit
  • EPSS 18.09%
  • Veröffentlicht 25.01.2008 01:00:00
  • Zuletzt bearbeitet 09.04.2025 00:30:58

Cross-site scripting (XSS) vulnerability in the mod_negotiation module in the Apache HTTP Server 2.2.6 and earlier in the 2.2.x series, 2.0.61 and earlier in the 2.0.x series, and 1.3.39 and earlier in the 1.3.x series allows remote authenticated use...