RedHat JBoss Enterprise Web Server 1.0.0

CPE Details

RedHat JBoss Enterprise Web Server 1.0.0
redhat
jboss_enterprise_web_server
1.0.0
2013-07-18
14h33 +00:00
2013-07-18
14h33 +00:00
CPE NVD
Alerte pour un CPE
Stay informed of any changes for a specific CPE.
Notifications manage

CPE Name: cpe:2.3:a:redhat:jboss_enterprise_web_server:1.0.0:*:*:*:*:*:*:*

Informations

Vendor

redhat

Product

jboss_enterprise_web_server

Version

1.0.0

Related CVE

Open and find in CVE List

CVE ID Published Description Score Severity
CVE-2012-5626 2020-01-23 17h10 +00:00 EJB method in Red Hat JBoss BRMS 5; Red Hat JBoss Enterprise Application Platform 5; Red Hat JBoss Operations Network 3.1; Red Hat JBoss Portal 4 and 5; Red Hat JBoss SOA Platform 4.2, 4.3, and 5; in Red Hat JBoss Enterprise Web Server 1 ignores roles specified using the @RunAs annotation.
7.5
High
CVE-2014-3701 2019-12-15 20h21 +00:00 eDeploy has tmp file race condition flaws
8.1
High
CVE-2014-3699 2019-12-15 20h19 +00:00 eDeploy has RCE via cPickle deserialization of untrusted data
9.8
Critical
CVE-2012-2148 2019-12-06 16h35 +00:00 An issue exists in the property replacements feature in any descriptor in JBoxx AS 7.1.1 ignores java security policies
3.3
Low
CVE-2014-3700 2019-11-21 13h31 +00:00 eDeploy through at least 2014-10-14 has remote code execution due to eval() of untrusted data
9.8
Critical
CVE-2014-3655 2019-11-13 14h45 +00:00 JBoss KeyCloak is vulnerable to soft token deletion via CSRF
4.3
Medium
CVE-2011-3923 2019-11-01 12h57 +00:00 Apache Struts before 2.3.1.2 allows remote attackers to bypass security protections in the ParameterInterceptor class and execute arbitrary commands.
9.8
Critical
CVE-2015-5183 2017-09-25 19h00 +00:00 Console: HTTPOnly and Secure attributes not set on cookies in Red Hat AMQ.
7.5
High
CVE-2015-5184 2017-09-25 19h00 +00:00 Console: CORS headers set to allow all in Red Hat AMQ.
7.5
High
CVE-2016-2183 2016-08-31 22h00 +00:00 The DES and Triple DES ciphers, as used in the TLS, SSH, and IPSec protocols and other protocols and products, have a birthday bound of approximately four billion blocks, which makes it easier for remote attackers to obtain cleartext data via a birthday attack against a long-duration encrypted session, as demonstrated by an HTTPS session using Triple DES in CBC mode, aka a "Sweet32" attack.
7.5
High
CVE-2012-0053 2012-01-28 01h00 +00:00 protocol.c in the Apache HTTP Server 2.2.x through 2.2.21 does not properly restrict header information during construction of Bad Request (aka 400) error documents, which allows remote attackers to obtain the values of HTTPOnly cookies via vectors involving a (1) long or (2) malformed header in conjunction with crafted web script.
4.3
CVE-2012-0031 2012-01-18 19h00 +00:00 scoreboard.c in the Apache HTTP Server 2.2.21 and earlier might allow local users to cause a denial of service (daemon crash during shutdown) or possibly have unspecified other impact by modifying a certain type field within a scoreboard shared memory segment, leading to an invalid call to the free function.
4.6
CVE-2011-3348 2011-09-19 13h00 +00:00 The mod_proxy_ajp module in the Apache HTTP Server before 2.2.21, when used with mod_proxy_balancer in certain configurations, allows remote attackers to cause a denial of service (temporary "error state" in the backend server) via a malformed HTTP request.
4.3