Vulnerabilities > Jboss

DATE CVE VULNERABILITY TITLE RISK
2018-02-15 CVE-2018-1041 Infinite Loop vulnerability in multiple products
A vulnerability was found in the way RemoteMessageChannel, introduced in jboss-remoting versions 3.3.10, reads from an empty buffer.
network
low complexity
jboss redhat CWE-835
5.0
2016-05-06 CVE-2016-2094 Resource Management Errors vulnerability in Jboss Enterprise Application Platform 6.4.6
The HTTPS NIO Connector allows remote attackers to cause a denial of service (thread consumption) by opening a socket and not sending an SSL handshake, aka a read-timeout vulnerability.
network
low complexity
jboss CWE-399
5.0
2014-09-30 CVE-2014-0170 Teiid before 8.4.3 and before 8.7 and Red Hat JBoss Data Virtualization 6.0.0 before patch 3 allows remote attackers to read arbitrary files via a crafted request to a REST endpoint, related to an XML External Entity (XXE) issue.
network
redhat jboss
4.3
2012-12-20 CVE-2012-3428 Credentials Management vulnerability in Jboss Ironjacamar
The IronJacamar container before 1.0.12.Final for JBoss Application Server, when allow-multiple-users is enabled in conjunction with a security domain, does not use the credentials supplied in a getConnection function call, which allows remote attackers to obtain access to an arbitrary datasource connection in opportunistic circumstances via an invalid connection attempt.
network
jboss CWE-255
4.3
2008-08-10 CVE-2008-3273 Permissions, Privileges, and Access Controls vulnerability in Jboss Enterprise Application Platform 4.2.0.Cp01/4.2.0.Cp02
JBoss Enterprise Application Platform (aka JBossEAP or EAP) before 4.2.0.CP03, and 4.3.0 before 4.3.0.CP01, allows remote attackers to obtain sensitive information about "deployed web contexts" via a request to the status servlet, as demonstrated by a full=true query string.
network
low complexity
jboss CWE-264
5.0
2007-12-18 CVE-2007-6433 Improper Input Validation vulnerability in Jboss Seam
The getRenderedEjbql method in the org.jboss.seam.framework.Query class in JBoss Seam 2.x before 2.0.0.CR3 allows remote attackers to inject and execute arbitrary EJBQL commands via the order parameter.
network
low complexity
jboss CWE-20
7.5
2007-07-27 CVE-2007-1354 Remote Security vulnerability in Jboss Application Server
The Access Control functionality (JMXOpsAccessControlFilter) in JMX Console in JBoss Application Server 4.0.2 and 4.0.5 before 20070416 uses a member variable to store the roles of the current user, which allows remote authenticated administrators to trigger a race condition and gain privileges by logging in during a session by a more privileged administrator, as demonstrated by privilege escalation from Read Mode to Write Mode.
network
jboss
6.0
2007-03-02 CVE-2007-1157 Cross-Site Request Forgery (CSRF) vulnerability in Jboss
Cross-site request forgery (CSRF) vulnerability in jmx-console/HtmlAdaptor in JBoss allows remote attackers to perform privileged actions as administrators via certain MBean operations, a different vulnerability than CVE-2006-3733.
network
high complexity
jboss CWE-352
7.6
2007-02-21 CVE-2007-1036 Permissions, Privileges, and Access Controls vulnerability in Jboss Application Server
The default configuration of JBoss does not restrict access to the (1) console and (2) web management interfaces, which allows remote attackers to bypass authentication and gain administrative access via direct requests.
network
low complexity
jboss CWE-264
7.5
2006-11-27 CVE-2006-5750 Directory Traversal vulnerability in JBoss Java Class DeploymentFileRepository
Directory traversal vulnerability in the DeploymentFileRepository class in JBoss Application Server (jbossas) 3.2.4 through 4.0.5 allows remote authenticated users to read or modify arbitrary files, and possibly execute arbitrary code, via unspecified vectors related to the console manager.
network
low complexity
jboss
7.5