Vulnerabilities (CVE)

Vendor filter

Redhat Subscribe

Product filter

Jboss Enterprise Application Platform Subscribe


111 total CVE
CVE Vendors Products Updated CVSS
CVE-2018-1000873 2 Fasterxml, Redhat 2 Jackson-databind, Jboss Enterprise Application Platform 2019-04-16 4.3
Fasterxml Jackson version Before 2.9.8 contains a CWE-20: Improper Input Validation vulnerability in Jackson-Modules-Java8 that can result in Causes a denial-of-service (DoS). This attack appear to be exploitable via The victim deserializes...
CVE-2018-1336 4 Apache, Redhat, Canonical and 1 more 8 Tomcat, Jboss Enterprise Application Platform, Jboss Enterprise Web Server and 5 more 2019-04-15 5.0
An improper handing of overflow in the UTF-8 decoder with supplementary characters can lead to an infinite loop in the decoder causing a Denial of Service. Versions Affected: Apache Tomcat 9.0.0.M9 to 9.0.7, 8.5.0 to 8.5.30, 8.0.0.RC1 to 8.0.51,...
CVE-2018-1304 5 Apache, Redhat, Debian and 2 more 8 Tomcat, Jboss Enterprise Web Server, Debian Linux and 5 more 2019-04-15 4.3
The URL pattern of "" (the empty string) which exactly maps to the context root was not correctly handled in Apache Tomcat 9.0.0.M1 to 9.0.4, 8.5.0 to 8.5.27, 8.0.0.RC1 to 8.0.49 and 7.0.0 to 7.0.84 when used as part of a security constraint...
CVE-2018-10934 1 Redhat 2 Jboss Enterprise Application Platform, Single Sign-on 2019-04-08 3.5
A cross-site scripting (XSS) vulnerability was found in the JBoss Management Console versions before 7.1.6.CR1, 7.1.6.GA. Users with roles that can create objects in the application can exploit this to attack other privileged users.
CVE-2018-8088 2 Redhat, Slf4j 6 Jboss Enterprise Application Platform, Slf4j, Enterprise Linux Desktop and 3 more 2019-03-21 7.5
org.slf4j.ext.EventData in the slf4j-ext module in QOS.CH SLF4J before 1.8.0-beta2 allows remote attackers to bypass intended access restrictions via crafted data.
CVE-2014-3490 1 Redhat 2 Jboss Enterprise Application Platform, Resteasy 2019-03-21 7.5
RESTEasy 2.3.1 before 2.3.8.SP2 and 3.x before 3.0.9, as used in Red Hat JBoss Enterprise Application Platform (EAP) 6.3.0, does not disable external entities when the resteasy.document.expand.entity.references parameter is set to false, which...
CVE-2018-1047 1 Redhat 2 Jboss Wildfly Application Server, Jboss Enterprise Application Platform 2019-03-07 2.1
A flaw was found in Wildfly 9.x. A path traversal vulnerability through the org.wildfly.extension.undertow.deployment.ServletResourceManager.getResource method could lead to information disclosure of arbitrary local files.
CVE-2018-8039 2 Apache, Redhat 2 Cxf, Jboss Enterprise Application Platform 2019-02-14 6.8
It is possible to configure Apache CXF to use the implementation via 'System.setProperty("java.protocol.handler.pkgs", "");'. When this system property is set, CXF uses some reflection to try...
CVE-2017-2582 1 Redhat 2 Jboss Enterprise Application Platform, Keycloak 2019-01-23 4.0
It was found that while parsing the SAML messages the StaxParserUtil class of keycloak before 2.5.1 replaces special strings for obtaining attribute values with system property. This could allow an attacker to determine values of system...
CVE-2017-12196 1 Redhat 4 Jboss Enterprise Application Platform, Jboss Fuse, Undertow and 1 more 2018-12-18 4.3
undertow before versions 1.4.18.SP1, 2.0.2.Final, 1.4.24.Final was found vulnerable when using Digest authentication, the server does not ensure that the value of URI in the Authorization header matches the URI in HTTP request line. This allows...
CVE-2016-7061 1 Redhat 1 Jboss Enterprise Application Platform 2018-11-19 4.0
An information disclosure vulnerability was found in JBoss Enterprise Application Platform before 7.0.4. It was discovered that when configuring RBAC and marking information as sensitive, users with a Monitor role are able to view the sensitive...
CVE-2016-7066 1 Redhat 1 Jboss Enterprise Application Platform 2018-11-17 4.6
It was found that the improper default permissions on /tmp/auth directory in JBoss Enterprise Application Platform before 7.1.0 can allow any local user to connect to CLI and allow the user to execute any arbitrary operations.
CVE-2014-0224 5 Openssl, Fedoraproject, Novell and 2 more 9 Openssl, Enterprise Linux, Fedora and 6 more 2018-10-30 6.8
OpenSSL before 0.9.8za, 1.0.0 before 1.0.0m, and 1.0.1 before 1.0.1h does not properly restrict processing of ChangeCipherSpec messages, which allows man-in-the-middle attackers to trigger use of a zero-length master key in certain...
CVE-2016-2183 5 Python, Openssl, Cisco and 2 more 8 Content Security Management Appliance, Openssl, Enterprise Linux and 5 more 2018-10-23 5.0
The DES and Triple DES ciphers, as used in the TLS, SSH, and IPSec protocols and other protocols and products, have a birthday bound of approximately four billion blocks, which makes it easier for remote attackers to obtain cleartext data via a...
CVE-2015-7501 1 Redhat 15 Data Grid, Jboss A-mq, Jboss Bpm Suite and 12 more 2018-10-17 10.0
Red Hat JBoss A-MQ 6.x; BPM Suite (BPMS) 6.x; BRMS 6.x and 5.x; Data Grid (JDG) 6.x; Data Virtualization (JDV) 6.x and 5.x; Enterprise Application Platform 6.x, 5.x, and 4.3.x; Fuse 6.x; Fuse Service Works (FSW) 6.x; Operations Network (JBoss ON)...
CVE-2016-8657 1 Redhat 1 Jboss Enterprise Application Platform 2018-10-12 7.2
It was discovered that EAP packages in certain versions of Red Hat Enterprise Linux use incorrect permissions for /etc/sysconfig/jbossas configuration files. The file is writable to jboss group (root:jboss, 664). On systems using classic...
CVE-2018-10862 1 Redhat 3 Jboss Enterprise Application Platform, Virtualization, Wildfly Core 2018-10-10 4.9
WildFly Core before version 6.0.0.Alpha3 does not properly validate file paths in .war archives, allowing for the extraction of crafted .war archives to overwrite arbitrary files. This is an instance of the 'Zip Slip' vulnerability.
CVE-2017-2666 2 Redhat, Debian 3 Jboss Enterprise Application Platform, Undertow, Debian Linux 2018-10-02 6.4
It was discovered in Undertow that the code that parsed the HTTP request line permitted invalid characters. This could be exploited, in conjunction with a proxy that also permitted the invalid characters but with a different interpretation, to...
CVE-2017-7464 1 Redhat 1 Jboss Enterprise Application Platform 2018-10-02 7.5
It was found that the JAXP implementation used in JBoss EAP 7.0 for SAX and DOM parsing is vulnerable to certain XXE flaws. An attacker could use this flaw to cause DoS, SSRF, or information disclosure if they are able to provide XML content for parsing.
CVE-2017-12167 1 Redhat 1 Jboss Enterprise Application Platform 2018-10-01 2.1
It was found in EAP 7 before 7.0.9 that properties based files of the management and the application realm configuration that contain user to role mapping are world readable allowing access to users and roles information to all the users logged...