Filtered by vendor Redhat
Subscribe
Filtered by product Jboss Enterprise Application Platform
Subscribe
Total
227 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2009-3554 | 1 Redhat | 1 Jboss Enterprise Application Platform | 2024-11-21 | 2.1 LOW | N/A |
| Twiddle in Red Hat JBoss Enterprise Application Platform (aka JBoss EAP or JBEAP) 4.2 before 4.2.0.CP08 and 4.3 before 4.3.0.CP07 writes the JMX password, and other command-line arguments, to the twiddle.log file, which allows local users to obtain sensitive information by reading this file. | |||||
| CVE-2009-2405 | 1 Redhat | 1 Jboss Enterprise Application Platform | 2024-11-21 | 4.3 MEDIUM | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in the Web Console in the Application Server in Red Hat JBoss Enterprise Application Platform (aka JBoss EAP or JBEAP) 4.2.0 before 4.2.0.CP08, 4.2.2GA, 4.3 before 4.3.0.CP07, and 5.1.0GA allow remote attackers to inject arbitrary web script or HTML via the (1) monitorName, (2) objectName, (3) attribute, or (4) period parameter to createSnapshot.jsp, or the (5) monitorName, (6) objectName, (7) attribute, (8) threshold, (9) period, or (10) enabled parameter to createThresholdMonitor.jsp. NOTE: some of these details are obtained from third party information. | |||||
| CVE-2009-1380 | 1 Redhat | 1 Jboss Enterprise Application Platform | 2024-11-21 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in JMX-Console in JBossAs in Red Hat JBoss Enterprise Application Platform (aka JBoss EAP or JBEAP) 4.2 before 4.2.0.CP08 and 4.3 before 4.3.0.CP07 allows remote attackers to inject arbitrary web script or HTML via the filter parameter, related to the key property and the position of quote and colon characters. | |||||
| CVE-2009-0027 | 1 Redhat | 1 Jboss Enterprise Application Platform | 2024-11-21 | 5.0 MEDIUM | N/A |
| The request handler in JBossWS in JBoss Enterprise Application Platform (aka JBoss EAP or JBEAP) 4.2 before 4.2.0.CP06 and 4.3 before 4.3.0.CP04 does not properly validate the resource path during a request for a WSDL file with a custom web-service endpoint, which allows remote attackers to read arbitrary XML files via a crafted request. | |||||
| CVE-2008-3519 | 1 Redhat | 1 Jboss Enterprise Application Platform | 2024-11-21 | 4.3 MEDIUM | N/A |
| The default configuration of the JBossAs component in Red Hat JBoss Enterprise Application Platform (aka JBossEAP or EAP), possibly 4.2 before CP04 and 4.3 before CP02, when a production environment is enabled, sets the DownloadServerClasses property to true, which allows remote attackers to obtain sensitive information (non-EJB classes) via a download request, a different vulnerability than CVE-2008-3273. | |||||
| CVE-2008-0455 | 2 Apache, Redhat | 6 Http Server, Enterprise Linux, Enterprise Linux Desktop and 3 more | 2024-11-21 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in the mod_negotiation module in the Apache HTTP Server 2.2.6 and earlier in the 2.2.x series, 2.0.61 and earlier in the 2.0.x series, and 1.3.39 and earlier in the 1.3.x series allows remote authenticated users to inject arbitrary web script or HTML by uploading a file with a name containing XSS sequences and a file extension, which leads to injection within a (1) "406 Not Acceptable" or (2) "300 Multiple Choices" HTTP response when the extension is omitted in a request for the file. | |||||
| CVE-2024-10234 | 1 Redhat | 2 Build Of Keycloak, Jboss Enterprise Application Platform | 2024-10-30 | N/A | 7.3 HIGH |
| A vulnerability was found in Wildfly, where a user may perform Cross-site scripting in the Wildfly deployment system. This flaw allows an attacker or insider to execute a deployment with a malicious payload, which could trigger undesired behavior against the server. | |||||