) or https:// means you've safely connected to the .gov website. Share sensitive information only on official, secure websites.
Search Results (Refine Search)
- Keyword (text search): cpe:2.3:a:redhat:jboss_enterprise_web_server:1.0.0:*:*:*:*:*:*:*
- CPE Name Search: true
| Vuln ID | Summary | CVSS Severity |
|---|---|---|
| CVE-2012-5626 |
EJB method in Red Hat JBoss BRMS 5; Red Hat JBoss Enterprise Application Platform 5; Red Hat JBoss Operations Network 3.1; Red Hat JBoss Portal 4 and 5; Red Hat JBoss SOA Platform 4.2, 4.3, and 5; in Red Hat JBoss Enterprise Web Server 1 ignores roles specified using the @RunAs annotation. Published: January 23, 2020; 2:15:11 PM -0500 |
V3.1: 7.5 HIGH V2.0: 5.0 MEDIUM |
| CVE-2014-3701 |
eDeploy has tmp file race condition flaws Published: December 15, 2019; 5:15:11 PM -0500 |
V3.1: 8.1 HIGH V2.0: 9.3 HIGH |
| CVE-2014-3699 |
eDeploy has RCE via cPickle deserialization of untrusted data Published: December 15, 2019; 5:15:11 PM -0500 |
V3.1: 9.8 CRITICAL V2.0: 7.5 HIGH |
| CVE-2012-2148 |
An issue exists in the property replacements feature in any descriptor in JBoxx AS 7.1.1 ignores java security policies Published: December 06, 2019; 1:15:10 PM -0500 |
V3.1: 3.3 LOW V2.0: 1.9 LOW |
| CVE-2014-3700 |
eDeploy through at least 2014-10-14 has remote code execution due to eval() of untrusted data Published: November 21, 2019; 10:15:12 AM -0500 |
V3.1: 9.8 CRITICAL V2.0: 7.5 HIGH |
| CVE-2014-3655 |
JBoss KeyCloak is vulnerable to soft token deletion via CSRF Published: November 13, 2019; 11:15:10 AM -0500 |
V3.1: 4.3 MEDIUM V2.0: 4.3 MEDIUM |
| CVE-2011-3923 |
Apache Struts before 2.3.1.2 allows remote attackers to bypass security protections in the ParameterInterceptor class and execute arbitrary commands. Published: November 01, 2019; 10:15:10 AM -0400 |
V3.1: 9.8 CRITICAL V2.0: 7.5 HIGH |
| CVE-2015-5184 |
Console: CORS headers set to allow all in Red Hat AMQ. Published: September 25, 2017; 5:29:00 PM -0400 |
V3.1: 7.5 HIGH V2.0: 5.0 MEDIUM |
| CVE-2015-5183 |
Console: HTTPOnly and Secure attributes not set on cookies in Red Hat AMQ. Published: September 25, 2017; 5:29:00 PM -0400 |
V3.1: 7.5 HIGH V2.0: 5.0 MEDIUM |
| CVE-2016-2183 |
The DES and Triple DES ciphers, as used in the TLS, SSH, and IPSec protocols and other protocols and products, have a birthday bound of approximately four billion blocks, which makes it easier for remote attackers to obtain cleartext data via a birthday attack against a long-duration encrypted session, as demonstrated by an HTTPS session using Triple DES in CBC mode, aka a "Sweet32" attack. Published: August 31, 2016; 8:59:00 PM -0400 |
V3.1: 7.5 HIGH V2.0: 5.0 MEDIUM |
| CVE-2012-0053 |
protocol.c in the Apache HTTP Server 2.2.x through 2.2.21 does not properly restrict header information during construction of Bad Request (aka 400) error documents, which allows remote attackers to obtain the values of HTTPOnly cookies via vectors involving a (1) long or (2) malformed header in conjunction with crafted web script. Published: January 27, 2012; 11:05:00 PM -0500 |
V3.x:(not available) V2.0: 4.3 MEDIUM |
| CVE-2012-0031 |
scoreboard.c in the Apache HTTP Server 2.2.21 and earlier might allow local users to cause a denial of service (daemon crash during shutdown) or possibly have unspecified other impact by modifying a certain type field within a scoreboard shared memory segment, leading to an invalid call to the free function. Published: January 18, 2012; 3:55:02 PM -0500 |
V3.x:(not available) V2.0: 4.6 MEDIUM |
| CVE-2011-3348 |
The mod_proxy_ajp module in the Apache HTTP Server before 2.2.21, when used with mod_proxy_balancer in certain configurations, allows remote attackers to cause a denial of service (temporary "error state" in the backend server) via a malformed HTTP request. Published: September 20, 2011; 1:55:02 AM -0400 |
V3.x:(not available) V2.0: 4.3 MEDIUM |