Note:
This project will be discontinued after December 13, 2021. [more]
Product:
Jboss_community_application_server
(Redhat)| Repositories |
Unknown: This might be proprietary software. |
| #Vulnerabilities | 3 |
| Date | Id | Summary | Products | Score | Patch | Annotated |
|---|---|---|---|---|---|---|
| 2012-08-13 | CVE-2009-5066 | twiddle.sh in JBoss AS 5.0 and EAP 5.0 and earlier accepts credentials as command-line arguments, which allows local users to read the credentials by listing the process and its arguments. | Jboss_community_application_server, Jboss_enterprise_application_platform | N/A | ||
| 2019-12-06 | CVE-2012-2148 | An issue exists in the property replacements feature in any descriptor in JBoxx AS 7.1.1 ignores java security policies | Jboss_community_application_server, Jboss_enterprise_web_server | N/A | ||
| 2013-10-28 | CVE-2012-4529 | The org.apache.catalina.connector.Response.encodeURL method in Red Hat JBoss Web 7.1.x and earlier, when the tracking mode is set to COOKIE, sends the jsessionid in the URL of the first response of a session, which allows remote attackers to obtain the session id (1) via a man-in-the-middle attack or (2) by reading a log. | Jboss_community_application_server, Jboss_enterprise_application_platform | N/A |