Jboss Enterprise Application Platform Security Vulnerabilities and Issues — Jboss Enterprise Application Platform CVE List

Lucene search

RedhatJboss Enterprise Application Platform

8 matches found

CVE•added 2016/09/01 12:59 a.m.•1548 views

CVE-2016-2183

The DES and Triple DES ciphers, as used in the TLS, SSH, and IPSec protocols and other protocols and products, have a birthday bound of approximately four billion blocks, which makes it easier for remote attackers to obtain cleartext data via a birthday attack against a long-duration encrypted sess...

7.5CVSS6.5AI score0.30847EPSS

CVE•added 2016/09/26 2:59 p.m.•180 views

CVE-2016-4993

CRLF injection vulnerability in the Undertow web server in WildFly 10.0.0, as used in Red Hat JBoss Enterprise Application Platform (EAP) 7.x before 7.0.2, allows remote attackers to inject arbitrary HTTP headers and conduct HTTP response splitting attacks via unspecified vectors.

6.1CVSS6.3AI score0.00595EPSS

CVE•added 2016/06/30 4:59 p.m.•136 views

CVE-2016-2141

It was found that JGroups did not require necessary headers for encrypt and auth protocols from new nodes joining the cluster. An attacker could use this flaw to bypass security restrictions, and use this vulnerability to send and receive messages within the cluster, leading to information disclosu...

9.8CVSS9.1AI score0.00885EPSS

CVE•added 2016/09/27 3:59 p.m.•112 views

CVE-2016-4978

The getObject method of the javax.jms.ObjectMessage class in the (1) JMS Core client, (2) Artemis broker, and (3) Artemis REST component in Apache ActiveMQ Artemis before 1.4.0 might allow remote authenticated users with permission to send messages to the Artemis broker to deserialize arbitrary obj...

7.2CVSS7.5AI score0.01168EPSS

CVE•added 2016/10/03 9:59 p.m.•100 views

CVE-2016-7046

Red Hat JBoss Enterprise Application Platform (EAP) 7, when operating as a reverse-proxy with default buffer sizes, allows remote attackers to cause a denial of service (CPU and disk consumption) via a long URL.

7.1CVSS5.7AI score0.0548EPSS

CVE•added 2016/09/26 2:59 p.m.•71 views

CVE-2016-3110

mod_cluster, as used in Red Hat JBoss Web Server 2.1, allows remote attackers to cause a denial of service (Apache http server crash) via an MCMP message containing a series of = (equals) characters after a legitimate element.

7.5CVSS7.2AI score0.03218EPSS

CVE•added 2016/09/26 2:59 p.m.•68 views

CVE-2016-5406

The domain controller in Red Hat JBoss Enterprise Application Platform (EAP) 7.x before 7.0.2 allows remote authenticated users to gain privileges by leveraging failure to propagate administrative RBAC configuration to all slaves.

8.8CVSS8.4AI score0.01504EPSS

CVE•added 2016/10/13 2:59 p.m.•57 views

CVE-2016-7065

The JMX servlet in Red Hat JBoss Enterprise Application Platform (EAP) 4 and 5 allows remote authenticated users to cause a denial of service and possibly execute arbitrary code via a crafted serialized Java object.

8.8CVSS8.6AI score0.07175EPSS