Product:

Jboss_enterprise_web_server

(Redhat)
Repositories

Unknown:

This might be proprietary software.

#Vulnerabilities 35
Date Id Summary Products Score Patch Annotated
2017-09-25 CVE-2015-5184 Console: CORS headers set to allow all in Red Hat AMQ. Amq, Jboss_enterprise_web_server 7.5
2017-10-24 CVE-2017-12613 When apr_time_exp*() or apr_os_exp_time*() functions are invoked with an invalid month field value in Apache Portable Runtime APR 1.6.2 and prior, out of bounds memory may be accessed in converting this value to an apr_time_exp_t value, potentially revealing the contents of a different static heap value or resulting in program termination, and may represent an information disclosure or denial of service vulnerability to applications which call these APR functions with unvalidated external input. Portable_runtime, Debian_linux, Enterprise_linux_desktop, Enterprise_linux_eus, Enterprise_linux_server, Enterprise_linux_server_aus, Enterprise_linux_server_tus, Enterprise_linux_workstation, Jboss_core_services, Jboss_enterprise_web_server, Software_collections 7.1
2019-02-27 CVE-2019-1559 If an application encounters a fatal protocol error and then calls SSL_shutdown() twice (once to send a close_notify, and once to receive one) then OpenSSL can respond differently to the calling application if a 0 byte record is received with invalid padding compared to if a 0 byte record is received with an invalid MAC. If the application then behaves differently based on that in a way that is detectable to the remote peer, then this amounts to a padding oracle that could be used to decrypt... Ubuntu_linux, Debian_linux, Big\-Ip_access_policy_manager, Big\-Ip_advanced_firewall_manager, Big\-Ip_analytics, Big\-Ip_application_acceleration_manager, Big\-Ip_application_security_manager, Big\-Ip_domain_name_system, Big\-Ip_edge_gateway, Big\-Ip_fraud_protection_service, Big\-Ip_global_traffic_manager, Big\-Ip_link_controller, Big\-Ip_local_traffic_manager, Big\-Ip_policy_enforcement_manager, Big\-Ip_webaccelerator, Big\-Iq_centralized_management, Traffix_signaling_delivery_controller, Fedora, Agent, Data_exchange_layer, Threat_intelligence_exchange_server, Web_gateway, A220_firmware, A320_firmware, A800_firmware, Active_iq_unified_manager, Altavault, C190_firmware, Cloud_backup, Clustered_data_ontap_antivirus_connector, Cn1610_firmware, Element_software, Fas2720_firmware, Fas2750_firmware, Hci_compute_node, Hci_management_node, Hyper_converged_infrastructure, Oncommand_insight, Oncommand_unified_manager, Oncommand_unified_manager_core_package, Oncommand_workflow_automation, Ontap_select_deploy, Ontap_select_deploy_administration_utility, Santricity_smi\-S_provider, Service_processor, Smi\-S_provider, Snapcenter, Snapdrive, Snapprotect, Solidfire, Steelstore_cloud_integrated_storage, Storage_automation_store, Storagegrid, Node\.js, Openssl, Leap, Api_gateway, Business_intelligence, Communications_diameter_signaling_router, Communications_performance_intelligence_center, Communications_session_border_controller, Communications_session_router, Communications_unified_session_manager, Endeca_server, Enterprise_manager_base_platform, Enterprise_manager_ops_center, Jd_edwards_enterpriseone_tools, Jd_edwards_world_security, Mysql, Mysql_enterprise_monitor, Mysql_workbench, Peoplesoft_enterprise_peopletools, Secure_global_desktop, Services_tools_bundle, Pan\-Os, Enterprise_linux_desktop, Enterprise_linux_server, Enterprise_linux_workstation, Jboss_enterprise_web_server, Virtualization, Virtualization_host, Nessus 5.9
2019-11-01 CVE-2011-3923 Apache Struts before 2.3.1.2 allows remote attackers to bypass security protections in the ParameterInterceptor class and execute arbitrary commands. Struts, Jboss_enterprise_web_server 9.8
2019-12-19 CVE-2019-19906 cyrus-sasl (aka Cyrus SASL) 2.1.27 has an out-of-bounds write leading to unauthenticated remote denial-of-service in OpenLDAP via a malformed LDAP packet. The OpenLDAP crash is ultimately caused by an off-by-one error in _sasl_add_string in common.c in cyrus-sasl. Bookkeeper, Ipados, Iphone_os, Mac_os_x, Ubuntu_linux, Cyrus\-Sasl, Debian_linux, Fedora, Enterprise_linux, Enterprise_linux_eus, Enterprise_linux_for_ibm_z_systems, Enterprise_linux_for_ibm_z_systems_eus, Enterprise_linux_for_power_little_endian, Enterprise_linux_for_power_little_endian_eus, Enterprise_linux_server_aus, Enterprise_linux_server_for_power_little_endian_update_services_for_sap_solutions, Enterprise_linux_server_tus, Enterprise_linux_server_update_services_for_sap_solutions, Jboss_enterprise_web_server 7.5
2016-09-01 CVE-2016-2183 The DES and Triple DES ciphers, as used in the TLS, SSH, and IPSec protocols and other protocols and products, have a birthday bound of approximately four billion blocks, which makes it easier for remote attackers to obtain cleartext data via a birthday attack against a long-duration encrypted session, as demonstrated by an HTTPS session using Triple DES in CBC mode, aka a "Sweet32" attack. Content_security_management_appliance, Node\.js, Openssl, Database, Python, Enterprise_linux, Jboss_enterprise_application_platform, Jboss_enterprise_web_server, Jboss_web_server 7.5
2016-09-26 CVE-2016-3110 mod_cluster, as used in Red Hat JBoss Web Server 2.1, allows remote attackers to cause a denial of service (Apache http server crash) via an MCMP message containing a series of = (equals) characters after a legitimate element. Fedora, Jboss_enterprise_application_platform, Jboss_enterprise_web_server 7.5
2020-01-23 CVE-2012-5626 EJB method in Red Hat JBoss BRMS 5; Red Hat JBoss Enterprise Application Platform 5; Red Hat JBoss Operations Network 3.1; Red Hat JBoss Portal 4 and 5; Red Hat JBoss SOA Platform 4.2, 4.3, and 5; in Red Hat JBoss Enterprise Web Server 1 ignores roles specified using the @RunAs annotation. Jboss_brms, Jboss_enterprise_application_platform, Jboss_enterprise_web_server, Jboss_operations_network, Jboss_portal, Jboss_soa_platform N/A
2019-12-15 CVE-2014-3701 eDeploy has tmp file race condition flaws Edeploy, Jboss_enterprise_web_server N/A
2019-12-15 CVE-2014-3699 eDeploy has RCE via cPickle deserialization of untrusted data Edeploy, Jboss_enterprise_web_server N/A