VUMETRIC
CYBER PORTAL
Dashboard
Security News
Latest Vulnerabilities
Browse Vulnerabilities
by Vendors
by Products
by Categories
Weekly Reports
Vulnerabilities
>
Redhat
>
Jboss Enterprise Application Platform
> 6.4
Exclude new CVEs:
DATE
CVE
VULNERABILITY TITLE
RISK
2021-03-23
CVE-2019-19343
Improper Resource Shutdown or Release vulnerability in multiple products
A flaw was found in Undertow when using Remoting as shipped in Red Hat Jboss EAP before version 7.2.4.
network
low complexity
redhat
netapp
CWE-404
5.0
5.0
2020-01-23
CVE-2019-14885
Information Exposure Through Log Files vulnerability in Redhat products
A flaw was found in the JBoss EAP Vault system in all versions before 7.2.6.GA.
network
low complexity
redhat
CWE-532
4.3
4.3
2018-09-10
CVE-2016-7061
Information Exposure vulnerability in Redhat Jboss Enterprise Application Platform
An information disclosure vulnerability was found in JBoss Enterprise Application Platform before 7.0.4.
network
low complexity
redhat
CWE-200
6.5
6.5
2018-02-28
CVE-2018-1304
The URL pattern of "" (the empty string) which exactly maps to the context root was not correctly handled in Apache Tomcat 9.0.0.M1 to 9.0.4, 8.5.0 to 8.5.27, 8.0.0.RC1 to 8.0.49 and 7.0.0 to 7.0.84 when used as part of a security constraint definition.
network
high complexity
apache
redhat
debian
canonical
oracle
5.9
5.9
2017-08-11
CVE-2016-6796
A malicious web application running on Apache Tomcat 9.0.0.M1 to 9.0.0.M9, 8.5.0 to 8.5.4, 8.0.0.RC1 to 8.0.36, 7.0.0 to 7.0.70 and 6.0.0 to 6.0.45 was able to bypass a configured SecurityManager via manipulation of the configuration parameters for the JSP Servlet.
network
low complexity
apache
debian
netapp
canonical
oracle
redhat
7.5
7.5
2017-08-10
CVE-2016-5018
In Apache Tomcat 9.0.0.M1 to 9.0.0.M9, 8.5.0 to 8.5.4, 8.0.0.RC1 to 8.0.36, 7.0.0 to 7.0.70 and 6.0.0 to 6.0.45 a malicious web application was able to bypass a configured SecurityManager via a Tomcat utility method that was accessible to web applications.
network
low complexity
apache
netapp
canonical
debian
redhat
oracle
critical
9.1
9.1
2016-06-30
CVE-2016-2141
Unspecified vulnerability in Redhat Jboss Enterprise Application Platform and Jgroups
It was found that JGroups did not require necessary headers for encrypt and auth protocols from new nodes joining the cluster.
network
low complexity
redhat
critical
9.8
9.8