Vulnerabilities > Jboss
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2018-02-15 | CVE-2018-1041 | Infinite Loop vulnerability in multiple products A vulnerability was found in the way RemoteMessageChannel, introduced in jboss-remoting versions 3.3.10, reads from an empty buffer. | 5.0 |
| 2016-05-06 | CVE-2016-2094 | Resource Management Errors vulnerability in Jboss Enterprise Application Platform 6.4.6 The HTTPS NIO Connector allows remote attackers to cause a denial of service (thread consumption) by opening a socket and not sending an SSL handshake, aka a read-timeout vulnerability. | 5.0 |
| 2014-09-30 | CVE-2014-0170 | Teiid before 8.4.3 and before 8.7 and Red Hat JBoss Data Virtualization 6.0.0 before patch 3 allows remote attackers to read arbitrary files via a crafted request to a REST endpoint, related to an XML External Entity (XXE) issue. | 4.3 |
| 2012-12-20 | CVE-2012-3428 | Credentials Management vulnerability in Jboss Ironjacamar The IronJacamar container before 1.0.12.Final for JBoss Application Server, when allow-multiple-users is enabled in conjunction with a security domain, does not use the credentials supplied in a getConnection function call, which allows remote attackers to obtain access to an arbitrary datasource connection in opportunistic circumstances via an invalid connection attempt. | 4.3 |
| 2008-08-10 | CVE-2008-3273 | Permissions, Privileges, and Access Controls vulnerability in Jboss Enterprise Application Platform 4.2.0.Cp01/4.2.0.Cp02 JBoss Enterprise Application Platform (aka JBossEAP or EAP) before 4.2.0.CP03, and 4.3.0 before 4.3.0.CP01, allows remote attackers to obtain sensitive information about "deployed web contexts" via a request to the status servlet, as demonstrated by a full=true query string. | 5.0 |
| 2007-12-18 | CVE-2007-6433 | Improper Input Validation vulnerability in Jboss Seam The getRenderedEjbql method in the org.jboss.seam.framework.Query class in JBoss Seam 2.x before 2.0.0.CR3 allows remote attackers to inject and execute arbitrary EJBQL commands via the order parameter. | 7.5 |
| 2007-07-27 | CVE-2007-1354 | Remote Security vulnerability in Jboss Application Server The Access Control functionality (JMXOpsAccessControlFilter) in JMX Console in JBoss Application Server 4.0.2 and 4.0.5 before 20070416 uses a member variable to store the roles of the current user, which allows remote authenticated administrators to trigger a race condition and gain privileges by logging in during a session by a more privileged administrator, as demonstrated by privilege escalation from Read Mode to Write Mode. network jboss | 6.0 |
| 2007-03-02 | CVE-2007-1157 | Cross-Site Request Forgery (CSRF) vulnerability in Jboss Cross-site request forgery (CSRF) vulnerability in jmx-console/HtmlAdaptor in JBoss allows remote attackers to perform privileged actions as administrators via certain MBean operations, a different vulnerability than CVE-2006-3733. | 7.6 |
| 2007-02-21 | CVE-2007-1036 | Permissions, Privileges, and Access Controls vulnerability in Jboss Application Server The default configuration of JBoss does not restrict access to the (1) console and (2) web management interfaces, which allows remote attackers to bypass authentication and gain administrative access via direct requests. | 7.5 |
| 2006-11-27 | CVE-2006-5750 | Directory Traversal vulnerability in JBoss Java Class DeploymentFileRepository Directory traversal vulnerability in the DeploymentFileRepository class in JBoss Application Server (jbossas) 3.2.4 through 4.0.5 allows remote authenticated users to read or modify arbitrary files, and possibly execute arbitrary code, via unspecified vectors related to the console manager. | 7.5 |