Filtered by vendor Redhat
Subscriptions
Filtered by product Jboss Enterprise Web Server
Subscriptions
Total
272 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2018-1304 | 5 Apache, Canonical, Debian and 2 more | 13 Tomcat, Ubuntu Linux, Debian Linux and 10 more | 2024-11-21 | N/A |
| The URL pattern of "" (the empty string) which exactly maps to the context root was not correctly handled in Apache Tomcat 9.0.0.M1 to 9.0.4, 8.5.0 to 8.5.27, 8.0.0.RC1 to 8.0.49 and 7.0.0 to 7.0.84 when used as part of a security constraint definition. This caused the constraint to be ignored. It was, therefore, possible for unauthorised users to gain access to web application resources that should have been protected. Only security constraints with a URL pattern of the empty string were affected. | ||||
| CVE-2018-11784 | 6 Apache, Canonical, Debian and 3 more | 17 Tomcat, Ubuntu Linux, Debian Linux and 14 more | 2024-11-21 | N/A |
| When the default servlet in Apache Tomcat versions 9.0.0.M1 to 9.0.11, 8.5.0 to 8.5.33 and 7.0.23 to 7.0.90 returned a redirect to a directory (e.g. redirecting to '/foo/' when the user requested '/foo') a specially crafted URL could be used to cause the redirect to be generated to any URI of the attackers choice. | ||||
| CVE-2018-0739 | 4 Canonical, Debian, Openssl and 1 more | 6 Ubuntu Linux, Debian Linux, Openssl and 3 more | 2024-11-21 | N/A |
| Constructed ASN.1 types with a recursive definition (such as can be found in PKCS7) could eventually exceed the stack given malicious input with excessive recursion. This could result in a Denial Of Service attack. There are no such structures used within SSL/TLS that come from untrusted sources so this is considered safe. Fixed in OpenSSL 1.1.0h (Affected 1.1.0-1.1.0g). Fixed in OpenSSL 1.0.2o (Affected 1.0.2b-1.0.2n). | ||||
| CVE-2017-15698 | 3 Apache, Debian, Redhat | 3 Tomcat Native, Debian Linux, Jboss Enterprise Web Server | 2024-11-21 | N/A |
| When parsing the AIA-Extension field of a client certificate, Apache Tomcat Native Connector 1.2.0 to 1.2.14 and 1.1.23 to 1.1.34 did not correctly handle fields longer than 127 bytes. The result of the parsing error was to skip the OCSP check. It was therefore possible for client certificates that should have been rejected (if the OCSP check had been made) to be accepted. Users not using OCSP checks are not affected by this vulnerability. | ||||
| CVE-2016-7056 | 4 Canonical, Debian, Openssl and 1 more | 6 Ubuntu Linux, Debian Linux, Openssl and 3 more | 2024-11-21 | N/A |
| A timing attack flaw was found in OpenSSL 1.0.1u and before that could allow a malicious user with local access to recover ECDSA P-256 private keys. | ||||
| CVE-2014-3701 | 1 Redhat | 2 Edeploy, Jboss Enterprise Web Server | 2024-11-21 | 8.1 High |
| eDeploy has tmp file race condition flaws | ||||
| CVE-2014-3700 | 1 Redhat | 2 Edeploy, Jboss Enterprise Web Server | 2024-11-21 | 9.8 Critical |
| eDeploy through at least 2014-10-14 has remote code execution due to eval() of untrusted data | ||||
| CVE-2014-3699 | 1 Redhat | 2 Edeploy, Jboss Enterprise Web Server | 2024-11-21 | 9.8 Critical |
| eDeploy has RCE via cPickle deserialization of untrusted data | ||||
| CVE-2014-3655 | 1 Redhat | 2 Jboss Enterprise Web Server, Keycloak | 2024-11-21 | 4.3 Medium |
| JBoss KeyCloak is vulnerable to soft token deletion via CSRF | ||||
| CVE-2012-5626 | 1 Redhat | 6 Jboss Brms, Jboss Enterprise Application Platform, Jboss Enterprise Web Server and 3 more | 2024-11-21 | 7.5 High |
| EJB method in Red Hat JBoss BRMS 5; Red Hat JBoss Enterprise Application Platform 5; Red Hat JBoss Operations Network 3.1; Red Hat JBoss Portal 4 and 5; Red Hat JBoss SOA Platform 4.2, 4.3, and 5; in Red Hat JBoss Enterprise Web Server 1 ignores roles specified using the @RunAs annotation. | ||||
| CVE-2012-2148 | 2 Linux, Redhat | 3 Linux Kernel, Jboss Community Application Server, Jboss Enterprise Web Server | 2024-11-21 | 3.3 Low |
| An issue exists in the property replacements feature in any descriptor in JBoxx AS 7.1.1 ignores java security policies | ||||
| CVE-2011-3923 | 2 Apache, Redhat | 2 Struts, Jboss Enterprise Web Server | 2024-11-21 | 9.8 Critical |
| Apache Struts before 2.3.1.2 allows remote attackers to bypass security protections in the ParameterInterceptor class and execute arbitrary commands. | ||||