Jboss Security Vulnerabilities

CVE-2016-8656

Jboss jbossas before versions 5.2.0-23, 6.4.13, 7.0.5 is vulnerable to an unsafe file handling in the jboss init script which could result in local privilege...

CVE-2011-3606

A DOM based cross-site scripting flaw was found in the JBoss Application Server 7 before 7.1.0 Beta 1 administration console. A remote attacker could provide a specially-crafted web page and trick the valid JBoss AS user, with the administrator privilege, to visit it, which would lead into the DOM....

CVE-2011-3609

A CSRF issue was found in JBoss Application Server 7 before 7.1.0. JBoss did not properly restrict access to the management console information (for example via the "Access-Control-Allow-Origin" HTTP access control flag). This can lead to unauthorized information leak if a user with admin...

CVE-2012-2312

An Elevated Privileges issue exists in JBoss AS 7 Community Release due to the improper implementation in the security context propagation, A threat gets reused from the thread pool that still retains the security context from the process last used, which lets a local user obtain elevated...

CVE-2014-3652

JBoss KeyCloak: Open redirect vulnerability via failure to validate the redirect...

CVE-2014-3656

JBoss KeyCloak: XSS in...

CVE-2014-3655

JBoss KeyCloak is vulnerable to soft token deletion via...

CVE-2010-3857

JBoss BRMS before 5.1.0 has a XSS vulnerability via asset=UUID...

CVE-2014-3649

JBoss AeroGear has reflected XSS via the password...