CVE-2011-4314
- EPSS 3.2%
- Veröffentlicht 27.01.2012 15:55:04
- Zuletzt bearbeitet 16.06.2026 23:34:45
message/ax/AxMessage.java in OpenID4Java before 0.9.6 final, as used in JBoss Enterprise Application Platform 5.1 before 5.1.2, Step2, Kay Framework before 1.0.2, and possibly other products does not verify that Attribute Exchange (AX) information is...
CVE-2011-4608
- EPSS 3.2%
- Veröffentlicht 27.01.2012 15:55:04
- Zuletzt bearbeitet 16.06.2026 23:35:08
mod_cluster in JBoss Enterprise Application Platform 5.1.2 for Red Hat Linux allows worker nodes to register with arbitrary virtual hosts, which allows remote attackers to bypass intended access restrictions and provide malicious content, hijack sess...
CVE-2011-2196
- EPSS 2.59%
- Veröffentlicht 27.07.2011 02:55:01
- Zuletzt bearbeitet 16.06.2026 23:30:54
jboss-seam.jar in the JBoss Seam 2 framework 2.2.x and earlier, as distributed in Red Hat JBoss Enterprise SOA Platform 4.3.0.CP05 and 5.1.0; JBoss Enterprise Application Platform (aka JBoss EAP or JBEAP) 4.3.0, 4.3.0.CP09, and 5.1.1; and JBoss Enter...
CVE-2011-1484
- EPSS 2.29%
- Veröffentlicht 27.07.2011 02:42:27
- Zuletzt bearbeitet 16.06.2026 23:29:28
jboss-seam.jar in the JBoss Seam 2 framework 2.2.x and earlier, as distributed in Red Hat JBoss Enterprise SOA Platform 4.3.0.CP04 and 5.1.0 and JBoss Enterprise Application Platform (aka JBoss EAP or JBEAP) 4.3.0.CP09 and 5.1.0, does not properly re...
CVE-2010-4265
- EPSS 2.13%
- Veröffentlicht 30.12.2010 21:00:02
- Zuletzt bearbeitet 16.06.2026 23:24:28
The org.jboss.remoting.transport.bisocket.BisocketServerInvoker$SecondaryServerSocketThread.run method in JBoss Remoting 2.2.x before 2.2.3.SP4 and 2.5.x before 2.5.3.SP2 in Red Hat JBoss Enterprise Application Platform (aka JBoss EAP or JBEAP) 4.3 t...
CVE-2010-3708
- EPSS 3.02%
- Veröffentlicht 30.12.2010 21:00:01
- Zuletzt bearbeitet 16.06.2026 23:23:22
The serialization implementation in JBoss Drools in Red Hat JBoss Enterprise Application Platform (aka JBoss EAP or JBEAP) 4.3 before 4.3.0.CP09 and JBoss Enterprise SOA Platform 4.2 and 4.3 supports the embedding of class files, which allows remote ...
CVE-2010-3862
- EPSS 2.61%
- Veröffentlicht 30.12.2010 21:00:01
- Zuletzt bearbeitet 16.06.2026 23:23:42
The org.jboss.remoting.transport.bisocket.BisocketServerInvoker$SecondaryServerSocketThread.run method in JBoss Remoting 2.2.x before 2.2.3.SP4 and 2.5.x before 2.5.3.SP2 in Red Hat JBoss Enterprise Application Platform (aka JBoss EAP or JBEAP) 4.3 t...
CVE-2010-3878
- EPSS 0.87%
- Veröffentlicht 30.12.2010 21:00:01
- Zuletzt bearbeitet 16.06.2026 23:23:44
Cross-site request forgery (CSRF) vulnerability in the JMX Console in Red Hat JBoss Enterprise Application Platform (aka JBoss EAP or JBEAP) 4.3 before 4.3.0.CP09 allows remote attackers to hijack the authentication of administrators for requests tha...
CVE-2010-1871
- EPSS 83.4%
- Veröffentlicht 05.08.2010 13:23:09
- Zuletzt bearbeitet 16.06.2026 23:19:29
JBoss Seam 2 (jboss-seam2), as used in JBoss Enterprise Application Platform 4.3.0 for Red Hat Linux, does not properly sanitize inputs for JBoss Expression Language (EL) expressions, which allows remote attackers to execute arbitrary code via a craf...
CVE-2010-0738
- EPSS 79.42%
- Veröffentlicht 28.04.2010 22:30:00
- Zuletzt bearbeitet 16.06.2026 23:16:45
The JMX-Console web application in JBossAs in Red Hat JBoss Enterprise Application Platform (aka JBoss EAP or JBEAP) 4.2 before 4.2.0.CP09 and 4.3 before 4.3.0.CP08 performs access control only for the GET and POST methods, which allows remote attack...