Lucene search

K
RedhatJboss Enterprise Application Platform

7 matches found

CVE
CVE
added 2012/11/23 8:55 p.m.65 views

CVE-2011-4085

The servlets invoked by httpha-invoker in JBoss Enterprise Application Platform before 5.1.2, SOA Platform before 5.2.0, BRMS Platform before 5.3.0, and Portal Platform before 4.3 CP07 perform access control only for the GET and POST methods, which allow remote attackers to bypass authentication by...

6.8CVSS9.3AI score0.91331EPSS
CVE
CVE
added 2012/11/23 8:55 p.m.61 views

CVE-2011-4605

The (1) JNDI service, (2) HA-JNDI service, and (3) HAJNDIFactory invoker servlet in JBoss Enterprise Application Platform 4.3.0 CP10 and 5.1.2, Web Platform 5.1.2, SOA Platform 4.2.0.CP05 and 4.3.0.CP05, Portal Platform 4.3 CP07 and 5.2.x before 5.2.2, and BRMS Platform before 5.3.0 do not properly...

7.5CVSS6.5AI score0.02416EPSS
CVE
CVE
added 2012/08/13 8:55 p.m.57 views

CVE-2009-5066

twiddle.sh in JBoss AS 5.0 and EAP 5.0 and earlier accepts credentials as command-line arguments, which allows local users to read the credentials by listing the process and its arguments.

2.1CVSS5.2AI score0.00072EPSS
CVE
CVE
added 2012/01/27 3:55 p.m.53 views

CVE-2011-4314

message/ax/AxMessage.java in OpenID4Java before 0.9.6 final, as used in JBoss Enterprise Application Platform 5.1 before 5.1.2, Step2, Kay Framework before 1.0.2, and possibly other products does not verify that Attribute Exchange (AX) information is signed, which allows remote attackers to modify ...

5.8CVSS6.1AI score0.01288EPSS
CVE
CVE
added 2012/01/27 3:55 p.m.47 views

CVE-2011-4608

mod_cluster in JBoss Enterprise Application Platform 5.1.2 for Red Hat Linux allows worker nodes to register with arbitrary virtual hosts, which allows remote attackers to bypass intended access restrictions and provide malicious content, hijack sessions, and steal credentials by registering from a...

7.5CVSS6.9AI score0.00742EPSS
CVE
CVE
added 2012/10/22 11:55 p.m.46 views

CVE-2012-1154

mod_cluster 1.0.10 before 1.0.10 CP03 and 1.1.x before 1.1.4, as used in JBoss Enterprise Application Platform 5.1.2, when "ROOT" is set to excludedContexts, exposes the root context of the server, which allows remote attackers to bypass access restrictions and gain access to applications deployed ...

4.3CVSS6.7AI score0.00335EPSS
CVE
CVE
added 2012/11/23 8:55 p.m.44 views

CVE-2012-1167

The JBoss Server in JBoss Enterprise Application Platform 5.1.x before 5.1.2 and 5.2.x before 5.2.2, Web Platform before 5.1.2, BRMS Platform before 5.3.0, and SOA Platform before 5.3.0, when the server is configured to use the JaccAuthorizationRealm and the ignoreBaseDecision property is set to tr...

4.6CVSS6.3AI score0.00815EPSS