Lucene search
K

13 matches found

Veracode
Veracode
added 2019/01/15 8:55 a.m.30 views

Authentication Bypass

jbosssx2 is vulnerable to authentication bypass attacks. The vulnerability exists as the default configuration of the 1 LdapLoginModule and 2 LdapExtLoginModule modules in JBoss Enterprise Application Platform EAP 4.3.0 CP10, 5.2.0, and 6.0.1, and Enterprise Web Platform EWP 5.2.0 allow remote...

7.5CVSS5.9AI score0.02344EPSS
Exploits0References26Affected Software4
Tenable Nessus
Tenable Nessus
added 2014/11/08 12:0 a.m.62 views

RHEL 4 : JBoss EWP (RHSA-2013:0197)

Updated JBoss Enterprise Web Platform 5.2.0 packages that fix multiple security issues, various bugs, and add several enhancements are now available for Red Hat Enterprise Linux 4. The Red Hat Security Response Team has rated this update as having important security impact. Common Vulnerability...

10CVSS7.8AI score0.15561EPSS
Exploits7References30
Tenable Nessus
Tenable Nessus
added 2014/11/08 12:0 a.m.46 views

RHEL 5 : JBoss Enterprise Web Platform 5.2.0 update (Important) (RHSA-2013:0196)

The remote Redhat Enterprise Linux 5 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2013:0196 advisory. An attack technique against the W3C XML Encryption Standard when block ciphers were used in CBC mode could allow a remote attacker to conduc...

10CVSS8.4AI score0.15561EPSS
Exploits7References32
Tenable Nessus
Tenable Nessus
added 2014/10/30 12:0 a.m.26 views

RHEL 5 / 6 : JBoss EWP (RHSA-2014:1728)

Updated packages for Red Hat JBoss Enterprise Web Platform 5.2.0 that fix one security issue are now available for Red Hat Enterprise Linux 4, 5, and 6. Red Hat Product Security has rated this update as having Moderate security impact. A Common Vulnerability Scoring System CVSS base score, which...

4.3CVSS7.3AI score0.08863EPSS
Exploits0References3
Tenable Nessus
Tenable Nessus
added 2014/06/28 12:0 a.m.27 views

RHEL 5 / 6 : Red Hat JBoss Enterprise Web Platform 5.2.0 (RHSA-2014:0792)

The remote Redhat Enterprise Linux 5 / 6 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2014:0792 advisory. Red Hat JBoss Enterprise Web Platform is a platform for Java applications, which integrates the JBoss Web Server with JBoss Hibernate and JBoss...

6.8CVSS6.4AI score0.03514EPSS
Exploits0References4
Tenable Nessus
Tenable Nessus
added 2014/06/28 12:0 a.m.39 views

RHEL 5 / 6 : richfaces (RHSA-2013:1043)

The remote Redhat Enterprise Linux 5 / 6 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2013:1043 advisory. RichFaces is an open source framework that adds Ajax capability into existing JavaServer Faces JSF applications. A flaw was found in the way...

7.5CVSS8.2AI score0.12662EPSS
Exploits1References5
Prion
Prion
added 2013/03/12 11:55 p.m.26 views

Authentication flaw

The default configuration of the 1 LdapLoginModule and 2 LdapExtLoginModule modules in JBoss Enterprise Application Platform EAP 4.3.0 CP10, 5.2.0, and 6.0.1, and Enterprise Web Platform EWP 5.2.0 allow remote attackers to bypass authentication via an empty password...

7.5CVSS7.3AI score0.02344EPSS
Exploits0References10Affected Software2
Cvelist
Cvelist
added 2013/03/12 10:0 p.m.36 views

CVE-2012-5629

The default configuration of the 1 LdapLoginModule and 2 LdapExtLoginModule modules in JBoss Enterprise Application Platform EAP 4.3.0 CP10, 5.2.0, and 6.0.1, and Enterprise Web Platform EWP 5.2.0 allow remote attackers to bypass authentication via an empty password...

6.7AI score0.02344EPSS
Exploits0References10
Prion
Prion
added 2013/02/05 11:55 p.m.22 views

Design/Logic Flaw

The GUI installer in JBoss Enterprise Application Platform EAP and Enterprise Web Platform EWP 5.2.0 and possibly 5.1.2 uses world-readable permissions for the auto-install XML file, which allows local users to obtain the administrator password and the sucker password by reading this file...

2.1CVSS6.9AI score0.00366EPSS
Exploits0References8Affected Software2
CVE
CVE
added 2013/02/05 11:11 p.m.84 views

CVE-2012-3370

CVE-2012-3370 affects JBoss components (EAP, EWP, BRMS, SOA) prior to the stated versions, where SecurityAssociation.getCredential() returns the previous user’s credentials when no security context is provided, enabling remote privilege escalation to a different user. Red Hat advisories (RHSA/RHB...

5.8CVSS5.7AI score0.01862EPSS
Exploits1References17Affected Software1
RedHat Linux
RedHat Linux
added 2013/01/24 6:44 p.m.111 views

Important: Red Hat Security Advisory: JBoss Enterprise Web Platform 5.2.0 update

Updated JBoss Enterprise Web Platform 5.2.0 packages that fix multiple security issues, various bugs, and add several enhancements are now available for Red Hat Enterprise Linux 5. The Red Hat Security Response Team has rated this update as having important security impact. Common Vulnerability...

10CVSS7.7AI score0.15561EPSS
Exploits7References17
Prion
Prion
added 2011/07/27 2:55 a.m.21 views

Input validation

jboss-seam.jar in the JBoss Seam 2 framework 2.2.x and earlier, as distributed in Red Hat JBoss Enterprise SOA Platform 4.3.0.CP05 and 5.1.0; JBoss Enterprise Application Platform aka JBoss EAP or JBEAP 4.3.0, 4.3.0.CP09, and 5.1.1; and JBoss Enterprise Web Platform 5.1.1, does not properly...

6.8CVSS7.5AI score0.02593EPSS
Exploits0References10Affected Software4
NVD
NVD
added 2010/12/30 9:0 p.m.41 views

CVE-2010-3862

The org.jboss.remoting.transport.bisocket.BisocketServerInvoker$SecondaryServerSocketThread.run method in JBoss Remoting 2.2.x before 2.2.3.SP4 and 2.5.x before 2.5.3.SP2 in Red Hat JBoss Enterprise Application Platform aka JBoss EAP or JBEAP 4.3 through 4.3.0.CP09, and 5.1.0; and JBoss Enterpris...

2.6CVSS6.3AI score0.02611EPSS
Exploits0References12
Rows per page
Query Builder