4 matches found
SUSE CVE-2017-7561
Red Hat JBoss EAP version 3.0.7 through before 4.0.0.Beta1 is vulnerable to a server-side cache poisoning or CORS requests in the JAX-RS component resulting in a moderate impact...
PT-2013-1816 · Red Hat · Red Hat Jboss Enterprise Application Platform +1
Name of the Vulnerable Software and Affected Versions: JBoss Enterprise Application Platform EAP versions 4.3.0 CP10 through 6.0.1 JBoss Enterprise Web Platform EWP version 5.2.0 Description: The default configuration of the LdapLoginModule and LdapExtLoginModule modules allows remote attackers t...
JBoss: CallerIdentityLoginModule retaining password from previous call if a null password is provided
The CallerIdentityLoginModule in JBoss Enterprise Application Platform EAP before 5.2.0, Web Platform EWP before 5.2.0, BRMS Platform before 5.3.1, and SOA Platform before 5.3.1 allows remote attackers to gain privileges of the previous user via a null password, which causes the previous user's...
JBoss Remoting Denial-Of-Service
The org.jboss.remoting.transport.bisocket.BisocketServerInvoker$SecondaryServerSocketThread.run method in JBoss Remoting 2.2.x before 2.2.3.SP4 and 2.5.x before 2.5.3.SP2 in Red Hat JBoss Enterprise Application Platform aka JBoss EAP or JBEAP 4.3 through 4.3.0.CP09, and 5.1.0; and JBoss Enterpris...