Lucene search

K
RedhatJboss Enterprise Application Platform

14 matches found

CVE
CVE
added 2017/07/13 4:29 p.m.3157 views

CVE-2017-9788

In Apache httpd before 2.2.34 and 2.4.x before 2.4.27, the value placeholder in [Proxy-]Authorization headers of type 'Digest' was not initialized or reset before or between successive key=value assignments by mod_auth_digest. Providing an initial key with no '=' assignment could reflect the stale ...

9.1CVSS8.4AI score0.57147EPSS
CVE
CVE
added 2017/10/04 1:29 a.m.1449 views

CVE-2017-12617

When running Apache Tomcat versions 9.0.0.M1 to 9.0.0, 8.5.0 to 8.5.22, 8.0.0.RC1 to 8.0.46 and 7.0.0 to 7.0.81 with HTTP PUTs enabled (e.g. via setting the readonly initialisation parameter of the Default servlet to false) it was possible to upload a JSP file to the server via a specially crafted ...

8.1CVSS7.5AI score0.94394EPSS
CVE
CVE
added 2017/10/04 9:1 p.m.1259 views

CVE-2017-12149

In Jboss Application Server as shipped with Red Hat Enterprise Application Platform 5.2, it was found that the doFilter method in the ReadOnlyAccessFilter of the HTTP Invoker does not restrict classes for which it performs deserialization and thus allowing an attacker to execute arbitrary code via ...

9.8CVSS9.7AI score0.94313EPSS
CVE
CVE
added 2017/10/14 11:29 p.m.307 views

CVE-2017-12629

Remote code execution occurs in Apache Solr before 7.1 with Apache Lucene before 7.1 by exploiting XXE in conjunction with use of a Config API add-listener command to reach the RunExecutableListener class. Elasticsearch, although it uses Lucene, is NOT vulnerable to this. Note that the XML external...

9.8CVSS9.6AI score0.93891EPSS
CVE
CVE
added 2017/08/10 4:29 p.m.251 views

CVE-2016-5018

In Apache Tomcat 9.0.0.M1 to 9.0.0.M9, 8.5.0 to 8.5.4, 8.0.0.RC1 to 8.0.36, 7.0.0 to 7.0.70 and 6.0.0 to 6.0.45 a malicious web application was able to bypass a configured SecurityManager via a Tomcat utility method that was accessible to web applications.

9.1CVSS8.3AI score0.00907EPSS
CVE
CVE
added 2017/11/13 10:29 p.m.247 views

CVE-2016-8610

A denial of service flaw was found in OpenSSL 0.9.8, 1.0.1, 1.0.2 through 1.0.2h, and 1.1.0 in the way the TLS/SSL protocol defined processing of ALERT packets during a connection handshake. A remote attacker could use this flaw to make a TLS/SSL server consume an excessive amount of CPU and fail t...

7.5CVSS7.4AI score0.70009EPSS
CVE
CVE
added 2017/11/09 5:29 p.m.235 views

CVE-2015-7501

Red Hat JBoss A-MQ 6.x; BPM Suite (BPMS) 6.x; BRMS 6.x and 5.x; Data Grid (JDG) 6.x; Data Virtualization (JDV) 6.x and 5.x; Enterprise Application Platform 6.x, 5.x, and 4.3.x; Fuse 6.x; Fuse Service Works (FSW) 6.x; Operations Network (JBoss ON) 3.x; Portal 6.x; SOA Platform (SOA-P) 5.x; Web Serve...

10CVSS9.7AI score0.74837EPSS
CVE
CVE
added 2017/08/11 2:29 a.m.152 views

CVE-2016-6796

A malicious web application running on Apache Tomcat 9.0.0.M1 to 9.0.0.M9, 8.5.0 to 8.5.4, 8.0.0.RC1 to 8.0.36, 7.0.0 to 7.0.70 and 6.0.0 to 6.0.45 was able to bypass a configured SecurityManager via manipulation of the configuration parameters for the JSP Servlet.

7.5CVSS8.4AI score0.00932EPSS
CVE
CVE
added 2017/05/19 8:29 p.m.139 views

CVE-2017-7504

HTTPServerILServlet.java in JMS over HTTP Invocation Layer of the JbossMQ implementation, which is enabled by default in Red Hat Jboss Application Server

9.8CVSS9.8AI score0.90008EPSS
CVE
CVE
added 2017/08/22 6:29 p.m.122 views

CVE-2016-6311

Get requests in JBoss Enterprise Application Platform (EAP) 7 disclose internal IP addresses to remote attackers.

5.3CVSS7AI score0.00665EPSS
CVE
CVE
added 2017/09/13 5:29 p.m.77 views

CVE-2017-7561

Red Hat JBoss EAP version 3.0.7 through before 4.0.0.Beta1 is vulnerable to a server-side cache poisoning or CORS requests in the JAX-RS component resulting in a moderate impact.

7.5CVSS7.3AI score0.01068EPSS
CVE
CVE
added 2017/05/18 3:29 p.m.65 views

CVE-2017-7503

It was found that the Red Hat JBoss EAP 7.0.5 implementation of javax.xml.transform.TransformerFactory is vulnerable to XXE. An attacker could use this flaw to launch DoS or SSRF attacks, or read files from the server where EAP is deployed.

9.8CVSS9.2AI score0.00309EPSS
CVE
CVE
added 2017/06/08 6:29 p.m.51 views

CVE-2016-3690

The PooledInvokerServlet in JBoss EAP 4.x and 5.x allows remote attackers to execute arbitrary code via a crafted serialized payload.

9.8CVSS9.6AI score0.01894EPSS
CVE
CVE
added 2017/09/19 5:29 p.m.43 views

CVE-2015-1849

AdvancedLdapLodinMogule in Red Hat JBoss Enterprise Application Platform (EAP) before 6.4.1 allows attackers to obtain sensitive information via vectors involving logging the LDAP bind credential password when TRACE logging is enabled.

5.9CVSS5.4AI score0.00303EPSS