Red Hat JBOSS Enterprise SOA Platform 5.3.1

CPE Details

Red Hat JBOSS Enterprise SOA Platform 5.3.1
redhat
jboss_enterprise_soa_platform
5.3.1
2013-07-23
11h57 +00:00
2013-07-24
12h15 +00:00
CPE NVD
Alerte pour un CPE
Stay informed of any changes for a specific CPE.
Notifications manage

CPE Name: cpe:2.3:a:redhat:jboss_enterprise_soa_platform:5.3.1:*:*:*:*:*:*:*

Informations

Vendor

redhat

Product

jboss_enterprise_soa_platform

Version

5.3.1

Related CVE

Open and find in CVE List

CVE ID Published Description Score Severity
CVE-2014-3518 2014-07-22 18h00 +00:00 jmx-remoting.sar in JBoss Remoting, as used in Red Hat JBoss Enterprise Application Platform (JEAP) 5.2.0, Red Hat JBoss BRMS 5.3.1, Red Hat JBoss Portal Platform 5.2.2, and Red Hat JBoss SOA Platform 5.3.1, does not properly implement the JSR 160 specification, which allows remote attackers to execute arbitrary code via unspecified vectors.
6.8
CVE-2013-4210 2013-10-01 15h00 +00:00 The org.jboss.remoting.transport.socket.ServerThread class in Red Hat JBoss Remoting for Red Hat JBoss SOA Platform 5.3.1 GA, Web Platform 5.2.0, Enterprise Application Platform 5.2.0, and other products allows remote attackers to cause a denial of service (file descriptor consumption) via unspecified vectors.
5
CVE-2013-2165 2013-07-22 17h00 +00:00 ResourceBuilderImpl.java in the RichFaces 3.x through 5.x implementation in Red Hat JBoss Web Framework Kit before 2.3.0, Red Hat JBoss Web Platform through 5.2.0, Red Hat JBoss Enterprise Application Platform through 4.3.0 CP10 and 5.x through 5.2.0, Red Hat JBoss BRMS through 5.3.1, Red Hat JBoss SOA Platform through 4.3.0 CP05 and 5.x through 5.3.1, Red Hat JBoss Portal through 4.3 CP07 and 5.x through 5.2.2, and Red Hat JBoss Operations Network through 2.4.2 and 3.x through 3.1.2 does not restrict the classes for which deserialization methods can be called, which allows remote attackers to execute arbitrary code via crafted serialized data.
7.5