Jboss Enterprise Web Server@1.0.0 Security Vulnerabilities and Issues — Jboss Enterprise Web Server@1.0.0 CVE List

Lucene search

RedhatJboss Enterprise Web Server1.0.0

13 matches found

CVE•added 2016/09/01 12:59 a.m.•1534 views

CVE-2016-2183

The DES and Triple DES ciphers, as used in the TLS, SSH, and IPSec protocols and other protocols and products, have a birthday bound of approximately four billion blocks, which makes it easier for remote attackers to obtain cleartext data via a birthday attack against a long-duration encrypted sess...

7.5CVSS6.5AI score0.38333EPSS

CVE•added 2012/01/28 4:5 a.m.•1149 views

CVE-2012-0053

protocol.c in the Apache HTTP Server 2.2.x through 2.2.21 does not properly restrict header information during construction of Bad Request (aka 400) error documents, which allows remote attackers to obtain the values of HTTPOnly cookies via vectors involving a (1) long or (2) malformed header in co...

4.3CVSS6.2AI score0.76477EPSS

CVE•added 2012/01/18 8:55 p.m.•790 views

CVE-2012-0031

scoreboard.c in the Apache HTTP Server 2.2.21 and earlier might allow local users to cause a denial of service (daemon crash during shutdown) or possibly have unspecified other impact by modifying a certain type field within a scoreboard shared memory segment, leading to an invalid call to the free...

4.6CVSS7AI score0.01617EPSS

CVE•added 2011/09/20 5:55 a.m.•672 views

CVE-2011-3348

The mod_proxy_ajp module in the Apache HTTP Server before 2.2.21, when used with mod_proxy_balancer in certain configurations, allows remote attackers to cause a denial of service (temporary "error state" in the backend server) via a malformed HTTP request.

4.3CVSS6.1AI score0.52324EPSS

CVE•added 2019/11/01 2:15 p.m.•246 views

CVE-2011-3923

Apache Struts before 2.3.1.2 allows remote attackers to bypass security protections in the ParameterInterceptor class and execute arbitrary commands.

9.8CVSS9.5AI score0.89547EPSS

CVE•added 2019/12/06 6:15 p.m.•119 views

CVE-2012-2148

An issue exists in the property replacements feature in any descriptor in JBoxx AS 7.1.1 ignores java security policies

3.3CVSS4.3AI score0.00102EPSS

CVE•added 2019/12/15 10:15 p.m.•77 views

CVE-2014-3699

eDeploy has RCE via cPickle deserialization of untrusted data

9.8CVSS9.4AI score0.0099EPSS

CVE•added 2019/12/15 10:15 p.m.•74 views

CVE-2014-3701

eDeploy has tmp file race condition flaws

9.3CVSS8.1AI score0.00453EPSS

CVE•added 2019/11/13 4:15 p.m.•68 views

CVE-2014-3655

JBoss KeyCloak is vulnerable to soft token deletion via CSRF

4.3CVSS4.6AI score0.00183EPSS

CVE•added 2017/09/25 9:29 p.m.•67 views

CVE-2015-5183

Console: HTTPOnly and Secure attributes not set on cookies in Red Hat AMQ.

7.5CVSS8.3AI score0.00396EPSS

CVE•added 2017/09/25 9:29 p.m.•61 views

CVE-2015-5184

Console: CORS headers set to allow all in Red Hat AMQ.

7.5CVSS8AI score0.00289EPSS

CVE•added 2020/01/23 7:15 p.m.•59 views

CVE-2012-5626

EJB method in Red Hat JBoss BRMS 5; Red Hat JBoss Enterprise Application Platform 5; Red Hat JBoss Operations Network 3.1; Red Hat JBoss Portal 4 and 5; Red Hat JBoss SOA Platform 4.2, 4.3, and 5; in Red Hat JBoss Enterprise Web Server 1 ignores roles specified using the @RunAs annotation.

7.5CVSS7.5AI score0.00176EPSS

CVE•added 2019/11/21 3:15 p.m.•32 views

CVE-2014-3700

eDeploy through at least 2014-10-14 has remote code execution due to eval() of untrusted data

9.8CVSS9.7AI score0.0314EPSS