Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline

Jboss Application Server Security Vulnerabilities

cve
cve

CVE-2006-5750

Directory traversal vulnerability in the DeploymentFileRepository class in JBoss Application Server (jbossas) 3.2.4 through 4.0.5 allows remote authenticated users to read or modify arbitrary files, and possibly execute arbitrary code, via unspecified vectors related to the console manager.

6.7AI Score

0.432EPSS

2006-11-27 08:07 PM
30
cve
cve

CVE-2007-1036

The default configuration of JBoss does not restrict access to the (1) console and (2) web management interfaces, which allows remote attackers to bypass authentication and gain administrative access via direct requests.

6.8AI Score

0.966EPSS

2007-02-21 11:28 AM
103
In Wild
cve
cve

CVE-2007-1354

The Access Control functionality (JMXOpsAccessControlFilter) in JMX Console in JBoss Application Server 4.0.2 and 4.0.5 before 20070416 uses a member variable to store the roles of the current user, which allows remote authenticated administrators to trigger a race condition and gain privileges by ...

6.8AI Score

0.004EPSS

2007-07-27 09:30 PM
28
cve
cve

CVE-2011-3606

A DOM based cross-site scripting flaw was found in the JBoss Application Server 7 before 7.1.0 Beta 1 administration console. A remote attacker could provide a specially-crafted web page and trick the valid JBoss AS user, with the administrator privilege, to visit it, which would lead into the DOM ...

5.4CVSS

5.4AI Score

0.001EPSS

2019-11-26 02:15 AM
59
cve
cve

CVE-2011-3609

A CSRF issue was found in JBoss Application Server 7 before 7.1.0. JBoss did not properly restrict access to the management console information (for example via the "Access-Control-Allow-Origin" HTTP access control flag). This can lead to unauthorized information leak if a user with admin privilege...

6.5CVSS

6.4AI Score

0.002EPSS

2019-11-26 03:15 AM
58
cve
cve

CVE-2012-1094

JBoss AS 7 prior to 7.1.1 and mod_cluster do not handle default hostname in the same way, which can cause the excluded-contexts list to be mismatched and the root context to be exposed.

7.5CVSS

7.4AI Score

0.002EPSS

2020-03-10 05:15 PM
40
cve
cve

CVE-2012-2312

An Elevated Privileges issue exists in JBoss AS 7 Community Release due to the improper implementation in the security context propagation, A threat gets reused from the thread pool that still retains the security context from the process last used, which lets a local user obtain elevated privilege...

7.8CVSS

7.4AI Score

0.0004EPSS

2019-12-18 06:15 PM
27
cve
cve

CVE-2013-3734

The Embedded Jopr component in JBoss Application Server includes the cleartext datasource password in unspecified HTML responses, which might allow (1) man-in-the-middle attackers to obtain sensitive information by leveraging failure to use SSL or (2) attackers to obtain sensitive information by re...

6.6CVSS

6.3AI Score

0.002EPSS

2017-10-24 03:29 PM
24