EUVD-2014-0222

Malware in sbrugna...

RHSA-2019:3048 Red Hat Security Advisory: RH-SSO 7.3.4 adapters for Enterprise Application Platform 6 security update

Bulletin has no description...

CVE-2014-0169

In JBoss EAP 6 a security domain is configured to use a cache that is shared between all applications that are in the security domain. This could allow an authenticated user in one application to access protected resources in another application without proper authorization. Although this is an...

Sql injection

In JBoss EAP 6 a security domain is configured to use a cache that is shared between all applications that are in the security domain. This could allow an authenticated user in one application to access protected resources in another application without proper authorization. Although this is an...

CVE-2014-0169

In JBoss EAP 6 a security domain is configured to use a cache that is shared between all applications that are in the security domain. This could allow an authenticated user in one application to access protected resources in another application without proper authorization. Although this is an...

CVE-2014-0169

CVE-2014-0169 affects JBoss EAP 6: a security domain uses a cache shared across all applications in the domain, enabling an authenticated user from one application to access resources in another without proper authorization. Root cause cited as lack of clear documentation on cache isolation betwe...

Red Hat JBoss Enterprise Application Platform 6.x < 6.4.22 Multiple Vulnerabilities

The version of Red Hat JBoss Enterprise Application Platform EAP installed on the remote host is 6.x prior to 6.4.22. It is therefore, affected my multiple vulnerabilities as referenced in the RHSA-2019:1162 advisory: - admin-cli: wildfly-core: Cross-site scripting XSS in JBoss Management Console...

Denial Of Service

Red Hat JBoss Enterprise Application Platform 6 is a platform for Java applications based on JBoss Application Server 7. It was discovered that sending requests containing large headers to the Web Console produced a Java OutOfMemoryError in the HTTP management interface. An attacker could use thi...

Weak Authentication

Red Hat JBoss Enterprise Application Platform 6 is a platform for Java applications based on JBoss Application Server 7. A flaw was discovered in the way authenticated connections were cached on the server by remote-naming. After a user has successfully logged in, a remote attacker could use a...

Information Disclosure

jboss-as-web is vulnerable to information disclosure attacks. The vulnerability exists as the security audit functionality in Red Hat JBoss Enterprise Application Platform EAP 6.x before 6.2.1 logs request parameters in plaintext, which might allow local users to obtain passwords by reading the l...

RHEL 5 : JBoss EAP (RHSA-2016:0595)

A Red Hat JBoss Enterprise Application Platform update is now available for Red Hat Enterprise Linux 5. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is availab...

RHEL 5 : Red Hat JBoss Enterprise Application Platform 6.2.2 update (Moderate) (RHSA-2014:0343)

The remote Redhat Enterprise Linux 5 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2014:0343 advisory. - tomcat: multiple content-length header poisoning flaws CVE-2013-4286 - PicketBox/JBossSX: Unauthorized access to and modification of...

CVE-2014-0058

The security audit functionality in Red Hat JBoss Enterprise Application Platform EAP 6.x before 6.2.1 logs request parameters in plaintext, which might allow local users to obtain passwords by reading the log files...

Input validation

The security audit functionality in Red Hat JBoss Enterprise Application Platform EAP 6.x before 6.2.1 logs request parameters in plaintext, which might allow local users to obtain passwords by reading the log files...