Filtered by vendor Redhat
Subscriptions
Filtered by product Fuse Esb Enterprise
Subscriptions
Total
26 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2012-5575 | 2 Apache, Redhat | 8 Cxf, Fuse Esb Enterprise, Jboss Enterprise Application Platform and 5 more | 2025-04-11 | N/A |
| Apache CXF 2.5.x before 2.5.10, 2.6.x before CXF 2.6.7, and 2.7.x before CXF 2.7.4 does not verify that a specified cryptographic algorithm is allowed by the WS-SecurityPolicy AlgorithmSuite definition before decrypting, which allows remote attackers to force CXF to use weaker cryptographic algorithms than intended and makes it easier to decrypt communications, aka "XML Encryption backwards compatibility attack." | ||||
| CVE-2013-0269 | 3 Redhat, Rhel Sam, Rubygems | 6 Fuse Esb Enterprise, Jboss Enterprise Soa Platform, Jboss Fuse and 3 more | 2025-04-11 | N/A |
| The JSON gem before 1.5.5, 1.6.x before 1.6.8, and 1.7.x before 1.7.7 for Ruby allows remote attackers to cause a denial of service (resource consumption) or bypass the mass assignment protection mechanism via a crafted JSON document that triggers the creation of arbitrary Ruby symbols or certain internal objects, as demonstrated by conducting a SQL injection attack against Ruby on Rails, aka "Unsafe Object Creation Vulnerability." | ||||
| CVE-2013-0239 | 2 Apache, Redhat | 4 Cxf, Fuse Esb Enterprise, Jboss Enterprise Application Platform and 1 more | 2025-04-11 | N/A |
| Apache CXF before 2.5.9, 2.6.x before 2.6.6, and 2.7.x before 2.7.3, when the plaintext UsernameToken WS-SecurityPolicy is enabled, allows remote attackers to bypass authentication via a security header of a SOAP request containing a UsernameToken element that lacks a password child element. | ||||
| CVE-2013-2160 | 2 Apache, Redhat | 4 Cxf, Fuse Esb Enterprise, Jboss Enterprise Portal Platform and 1 more | 2025-04-11 | N/A |
| The streaming XML parser in Apache CXF 2.5.x before 2.5.10, 2.6.x before 2.6.7, and 2.7.x before 2.7.4 allows remote attackers to cause a denial of service (CPU and memory consumption) via crafted XML with a large number of (1) elements, (2) attributes, (3) nested constructs, and possibly other vectors. | ||||
| CVE-2013-2172 | 2 Apache, Redhat | 11 Santuario Xml Security For Java, Fuse Esb Enterprise, Fuse Management Console and 8 more | 2025-04-11 | N/A |
| jcp/xml/dsig/internal/dom/DOMCanonicalizationMethod.java in Apache Santuario XML Security for Java 1.4.x before 1.4.8 and 1.5.x before 1.5.5 allows context-dependent attackers to spoof an XML Signature by using the CanonicalizationMethod parameter to specify an arbitrary weak "canonicalization algorithm to apply to the SignedInfo part of the Signature." | ||||
| CVE-2011-4461 | 3 Mortbay, Oracle, Redhat | 5 Jetty, Sun Storage Common Array Manager, Fuse Esb Enterprise and 2 more | 2025-04-11 | N/A |
| Jetty 8.1.0.RC2 and earlier computes hash values for form parameters without restricting the ability to trigger hash collisions predictably, which allows remote attackers to cause a denial of service (CPU consumption) by sending many crafted parameters. | ||||