Lucene search

K
RedhatJboss Application Server

5 matches found

CVE
CVE
added 2019/11/26 3:15 a.m.73 views

CVE-2011-3609

A CSRF issue was found in JBoss Application Server 7 before 7.1.0. JBoss did not properly restrict access to the management console information (for example via the "Access-Control-Allow-Origin" HTTP access control flag). This can lead to unauthorized information leak if a user with admin privilege...

6.5CVSS6.4AI score0.00509EPSS
CVE
CVE
added 2019/11/26 2:15 a.m.72 views

CVE-2011-3606

A DOM based cross-site scripting flaw was found in the JBoss Application Server 7 before 7.1.0 Beta 1 administration console. A remote attacker could provide a specially-crafted web page and trick the valid JBoss AS user, with the administrator privilege, to visit it, which would lead into the DOM ...

5.4CVSS5.4AI score0.00402EPSS
CVE
CVE
added 2020/03/10 5:15 p.m.55 views

CVE-2012-1094

JBoss AS 7 prior to 7.1.1 and mod_cluster do not handle default hostname in the same way, which can cause the excluded-contexts list to be mismatched and the root context to be exposed.

7.5CVSS7.4AI score0.00235EPSS
CVE
CVE
added 2019/12/18 6:15 p.m.46 views

CVE-2012-2312

An Elevated Privileges issue exists in JBoss AS 7 Community Release due to the improper implementation in the security context propagation, A threat gets reused from the thread pool that still retains the security context from the process last used, which lets a local user obtain elevated privilege...

7.8CVSS7.4AI score0.00042EPSS
CVE
CVE
added 2017/10/24 3:29 p.m.41 views

CVE-2013-3734

The Embedded Jopr component in JBoss Application Server includes the cleartext datasource password in unspecified HTML responses, which might allow (1) man-in-the-middle attackers to obtain sensitive information by leveraging failure to use SSL or (2) attackers to obtain sensitive information by re...

6.6CVSS6.3AI score0.00779EPSS