Vulnerabilities > Redhat > Jboss Application Server
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2020-03-10 | CVE-2012-1094 | Information Exposure vulnerability in Redhat Jboss Application Server JBoss AS 7 prior to 7.1.1 and mod_cluster do not handle default hostname in the same way, which can cause the excluded-contexts list to be mismatched and the root context to be exposed. | 5.0 |
| 2019-12-18 | CVE-2012-2312 | Improper Privilege Management vulnerability in Redhat products An Elevated Privileges issue exists in JBoss AS 7 Community Release due to the improper implementation in the security context propagation, A threat gets reused from the thread pool that still retains the security context from the process last used, which lets a local user obtain elevated privileges. | 4.6 |
| 2019-11-26 | CVE-2011-3609 | Cross-Site Request Forgery (CSRF) vulnerability in Redhat Jboss Application Server 7.0.0/7.0.1/7.0.2 A CSRF issue was found in JBoss Application Server 7 before 7.1.0. | 6.5 |
| 2019-11-26 | CVE-2011-3606 | Cross-site Scripting vulnerability in Redhat Jboss Application Server 7.0.0/7.0.1/7.0.2 A DOM based cross-site scripting flaw was found in the JBoss Application Server 7 before 7.1.0 Beta 1 administration console. | 5.4 |
| 2017-10-24 | CVE-2013-3734 | Credentials Management vulnerability in Redhat Jboss Application Server 1.2 The Embedded Jopr component in JBoss Application Server includes the cleartext datasource password in unspecified HTML responses, which might allow (1) man-in-the-middle attackers to obtain sensitive information by leveraging failure to use SSL or (2) attackers to obtain sensitive information by reading the HTML source code. | 6.6 |