SUSE CVE-2011-4085

The servlets invoked by httpha-invoker in JBoss Enterprise Application Platform before 5.1.2, SOA Platform before 5.2.0, BRMS Platform before 5.3.0, and Portal Platform before 4.3 CP07 perform access control only for the GET and POST methods, which allow remote attackers to bypass authentication ...

CVE-2012-5626

EJB method in Red Hat JBoss BRMS 5; Red Hat JBoss Enterprise Application Platform 5; Red Hat JBoss Operations Network 3.1; Red Hat JBoss Portal 4 and 5; Red Hat JBoss SOA Platform 4.2, 4.3, and 5; in Red Hat JBoss Enterprise Web Server 1 ignores roles specified using the @RunAs annotation...

CVE-2012-5626

EJB method in Red Hat JBoss BRMS 5; Red Hat JBoss Enterprise Application Platform 5; Red Hat JBoss Operations Network 3.1; Red Hat JBoss Portal 4 and 5; Red Hat JBoss SOA Platform 4.2, 4.3, and 5; in Red Hat JBoss Enterprise Web Server 1 ignores roles specified using the @RunAs annotation...

Critical: Red Hat Security Advisory: Red Hat JBoss SOA Platform security update

An update is now available for Red Hat JBoss SOA Platform 5.3.1. Red Hat Product Security has rated this update as having a security impact of Critical. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from the CVE...

Input validation

Red Hat JBoss A-MQ 6.x; BPM Suite BPMS 6.x; BRMS 6.x and 5.x; Data Grid JDG 6.x; Data Virtualization JDV 6.x and 5.x; Enterprise Application Platform 6.x, 5.x, and 4.3.x; Fuse 6.x; Fuse Service Works FSW 6.x; Operations Network JBoss ON 3.x; Portal 6.x; SOA Platform SOA-P 5.x; Web Server JWS 3.x;...

CVE-2015-7501

Red Hat JBoss A-MQ 6.x; BPM Suite BPMS 6.x; BRMS 6.x and 5.x; Data Grid JDG 6.x; Data Virtualization JDV 6.x and 5.x; Enterprise Application Platform 6.x, 5.x, and 4.3.x; Fuse 6.x; Fuse Service Works FSW 6.x; Operations Network JBoss ON 3.x; Portal 6.x; SOA Platform SOA-P 5.x; Web Server JWS 3.x;...

VulnCheck KEV: CVE-2011-2908

Cross-site request forgery CSRF vulnerability in the JMX Console jmx-console in JBoss Enterprise Portal Platform before 5.2.2, BRMS Platform 5.3.0 before roll up patch1, and SOA Platform 5.3.0 allows remote authenticated users to hijack the authentication of arbitrary users for requests...

Critical: Red Hat Security Advisory: Red Hat JBoss SOA Platform 5.3.1 commons-collections security update

An update for the Apache Commons Collections component that fixes one security issue is now available from the Red Hat Customer Portal for Red Hat JBoss SOA Platform 5.3.1. Red Hat Product Security has rated this update as having Critical security impact. A Common Vulnerability Scoring System CVS...

Important: Red Hat Security Advisory: Red Hat JBoss SOA Platform 5.3.1 security update

An update for Red Hat JBoss SOA Platform 5.3.1 which fixes multiple security issues is now available from the Red Hat Customer Portal. Red Hat Product Security has rated this update as having Important security impact. Common Vulnerability Scoring System CVSS base scores, which give detailed...

Design/Logic Flaw

jmx-remoting.sar in JBoss Remoting, as used in Red Hat JBoss Enterprise Application Platform JEAP 5.2.0, Red Hat JBoss BRMS 5.3.1, Red Hat JBoss Portal Platform 5.2.2, and Red Hat JBoss SOA Platform 5.3.1, does not properly implement the JSR 160 specification, which allows remote attackers to...

Moderate: Red Hat Security Advisory: Red Hat JBoss SOA Platform 5.3.1 update

Red Hat JBoss SOA Platform 5.3.1 2014 roll up patch 1, which fixes one security issue and various bugs, is now available from the Red Hat Customer Portal. The Red Hat Security Response Team has rated this update as having Moderate security impact. A Common Vulnerability Scoring System CVSS base...

JBoss Overlord Runtime Governance for JBossAS MVEL表达式Java代码执行漏洞

CVE ID:CVE-2013-6469 JBoss Overlord Runtime Governance for JBossAS是一款管理JBoss SOA平台的应用。 JBoss Overlord Runtime Governance for JBossAS处理部分MVEL表达式时存在未明错误，允许攻击者提交特制的表达式执行任意Java代码。 0 JBoss Overlord Runtime Governance for JBossAS 1.0 目前没有详细解决方案： https://www.jboss.org/overlord...

Moderate: Red Hat Security Advisory: Red Hat JBoss SOA Platform 5.3.1 update

Red Hat JBoss SOA Platform 5.3.1 roll up patch 4, which fixes two security issues and various bugs, is now available from the Red Hat Customer Portal. The Red Hat Security Response Team has rated this update as having Moderate security impact. Common Vulnerability Scoring System CVSS base scores,...

Design/Logic Flaw

The org.jboss.remoting.transport.socket.ServerThread class in Red Hat JBoss Remoting for Red Hat JBoss SOA Platform 5.3.1 GA, Web Platform 5.2.0, Enterprise Application Platform 5.2.0, and other products allows remote attackers to cause a denial of service file descriptor consumption via...

CVE-2013-4210

The org.jboss.remoting.transport.socket.ServerThread class in Red Hat JBoss Remoting for Red Hat JBoss SOA Platform 5.3.1 GA, Web Platform 5.2.0, Enterprise Application Platform 5.2.0, and other products allows remote attackers to cause a denial of service file descriptor consumption via...

Moderate: Red Hat Security Advisory: jboss-remoting security update

An update for the JBoss Remoting component of Red Hat JBoss SOA Platform 5.3.1 GA that fixes one security issue is now available from the Red Hat Customer Portal. The Red Hat Security Response Team has rated this update as having moderate security impact. A Common Vulnerability Scoring System CVS...

Moderate: Red Hat Security Advisory: Red Hat JBoss SOA Platform 5.3.1 update

Red Hat JBoss SOA Platform 5.3.1 roll up patch 3, which fixes three security issues and various bugs, is now available from the Red Hat Customer Portal. The Red Hat Security Response Team has rated this update as having moderate security impact. Common Vulnerability Scoring System CVSS base score...

CVE-2013-2165

ResourceBuilderImpl.java in the RichFaces 3.x through 5.x implementation in Red Hat JBoss Web Framework Kit before 2.3.0, Red Hat JBoss Web Platform through 5.2.0, Red Hat JBoss Enterprise Application Platform through 4.3.0 CP10 and 5.x through 5.2.0, Red Hat JBoss BRMS through 5.3.1, Red Hat JBo...

Important: Red Hat Security Advisory: Red Hat JBoss SOA Platform 5.3.1 update

Red Hat JBoss SOA Platform 5.3.1 roll up patch 2, which fixes one security issue and various bugs, is now available from the Red Hat Customer Portal. The Red Hat Security Response Team has rated this update as having important security impact. A Common Vulnerability Scoring System CVSS base score...

Important: Red Hat Security Advisory: JBoss Enterprise SOA Platform 5.3.1 update

JBoss Enterprise SOA Platform 5.3.1 roll up patch 1, which fixes multiple security issues and various bugs, is now available from the Red Hat Customer Portal. The Red Hat Security Response Team has rated this update as having important security impact. Common Vulnerability Scoring System CVSS bas...