Lucene search
K

10 matches found

Tenable Nessus
Tenable Nessus
added 2025/08/20 12:0 a.m.5 views

Linux Distros Unpatched Vulnerability : CVE-2019-19343

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - A flaw was found in Undertow when using Remoting as shipped in Red Hat Jboss EAP before version 7.2.4. A memory leak in HttpOpenListener due to holding remote...

7.5CVSS6.8AI score0.0163EPSS
Exploits0References2
OSV
OSV
added 2024/09/15 11:51 p.m.28 views

RHSA-2018:0481 Red Hat Security Advisory: jboss-ec2-eap package for EAP 7.1.1

Bulletin has no description...

8.6CVSS7.9AI score0.49727EPSS
Exploits3References38
CISA KEV Catalog
CISA KEV Catalog
added 2021/12/10 12:0 a.m.36 views

Red Hat JBoss Application Server Remote Code Execution Vulnerability

The JBoss Application Server, shipped with Red Hat Enterprise Application Platform 5.2, allows an attacker to execute arbitrary code via crafted serialized data...

9.8CVSS5AI score0.90713EPSS
In wildExploits14
OSV
OSV
added 2018/07/31 7:29 p.m.8 views

CVE-2016-8657

It was discovered that EAP packages in certain versions of Red Hat Enterprise Linux use incorrect permissions for /etc/sysconfig/jbossas configuration files. The file is writable to jboss group root:jboss, 664. On systems using classic /etc/init.d init scripts i.e. on Red Hat Enterprise Linux 6 a...

7.8CVSS5.5AI score0.00423EPSS
Exploits0References7
ATTACKERKB
ATTACKERKB
added 2017/10/04 12:0 a.m.191 views

CVE-2017-12149

In Jboss Application Server as shipped with Red Hat Enterprise Application Platform 5.2, it was found that the doFilter method in the ReadOnlyAccessFilter of the HTTP Invoker does not restrict classes for which it performs deserialization and thus allowing an attacker to execute arbitrary code vi...

9.8CVSS9.7AI score0.90713EPSS
In wildExploits14References6
NVD
NVD
added 2015/10/27 4:59 p.m.25 views

CVE-2015-5220

The Web Console in Red Hat Enterprise Application Platform EAP before 6.4.4 and WildFly formerly JBoss Application Server allows remote attackers to cause a denial of service memory consumption via a large request header...

5CVSS6.4AI score0.02978EPSS
Exploits0References8
Prion
Prion
added 2015/10/27 4:59 p.m.22 views

Design/Logic Flaw

The Management Console in Red Hat Enterprise Application Platform before 6.4.4 and WildFly formerly JBoss Application Server does not send an X-Frame-Options HTTP header, which makes it easier for remote attackers to conduct clickjacking attacks via a crafted web page that contains a 1 FRAME or 2...

4.3CVSS6.8AI score0.01743EPSS
Exploits0References7Affected Software2
Prion
Prion
added 2015/10/27 4:59 p.m.17 views

Cross site request forgery (csrf)

Cross-site request forgery CSRF vulnerability in the Web Console web-console in Red Hat Enterprise Application Platform before 6.4.4 and WildFly formerly JBoss Application Server before 2.0.0.CR9 allows remote attackers to hijack the authentication of administrators for requests that make arbitra...

6.8CVSS7.5AI score0.01138EPSS
Exploits0References8Affected Software2
Prion
Prion
added 2015/10/27 4:59 p.m.15 views

Cross site request forgery (csrf)

The Web Console in Red Hat Enterprise Application Platform EAP before 6.4.4 and WildFly formerly JBoss Application Server allows remote attackers to cause a denial of service memory consumption via a large request header...

5CVSS6.9AI score0.02978EPSS
Exploits0References8Affected Software2
Positive Technologies
Positive Technologies
added 2015/10/27 12:0 a.m.2 views

PT-2015-2596 · Red Hat · Red Hat Jboss Enterprise Application Platform +1

Name of the Vulnerable Software and Affected Versions: Red Hat Enterprise Application Platform EAP versions prior to 6.4.4 WildFly formerly JBoss Application Server versions prior to 6.4.4 Description: The issue allows remote attackers to cause a denial of service memory consumption via a large...

5CVSS9.3AI score0.02978EPSS
Exploits0References11
Rows per page
Query Builder