Filtered by vendor Redhat
Subscriptions
Filtered by product Jboss Soa Platform
Subscriptions
Total
30 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2011-4085 | 1 Redhat | 5 Jboss Enterprise Application Platform, Jboss Enterprise Brms Platform, Jboss Enterprise Portal Platform and 2 more | 2025-04-11 | N/A |
| The servlets invoked by httpha-invoker in JBoss Enterprise Application Platform before 5.1.2, SOA Platform before 5.2.0, BRMS Platform before 5.3.0, and Portal Platform before 4.3 CP07 perform access control only for the GET and POST methods, which allow remote attackers to bypass authentication by sending a request with a different method. NOTE: this vulnerability exists because of a CVE-2010-0738 regression. | ||||
| CVE-2011-4314 | 3 Kay Framework Project, Openid, Redhat | 7 Kay Framework, Openid4java, Jboss Enterprise Application Platform and 4 more | 2025-04-11 | N/A |
| message/ax/AxMessage.java in OpenID4Java before 0.9.6 final, as used in JBoss Enterprise Application Platform 5.1 before 5.1.2, Step2, Kay Framework before 1.0.2, and possibly other products does not verify that Attribute Exchange (AX) information is signed, which allows remote attackers to modify potentially sensitive AX information without detection via a man-in-the-middle (MITM) attack. | ||||
| CVE-2011-4605 | 1 Redhat | 6 Jboss Enterprise Application Platform, Jboss Enterprise Brms Platform, Jboss Enterprise Portal Platform and 3 more | 2025-04-11 | N/A |
| The (1) JNDI service, (2) HA-JNDI service, and (3) HAJNDIFactory invoker servlet in JBoss Enterprise Application Platform 4.3.0 CP10 and 5.1.2, Web Platform 5.1.2, SOA Platform 4.2.0.CP05 and 4.3.0.CP05, Portal Platform 4.3 CP07 and 5.2.x before 5.2.2, and BRMS Platform before 5.3.0 do not properly restrict write access, which allows remote attackers to add, delete, or modify items in a JNDI tree via unspecified vectors. | ||||
| CVE-2011-4858 | 2 Apache, Redhat | 10 Tomcat, Enterprise Linux, Jboss Communications Platform and 7 more | 2025-04-11 | N/A |
| Apache Tomcat before 5.5.35, 6.x before 6.0.35, and 7.x before 7.0.23 computes hash values for form parameters without restricting the ability to trigger hash collisions predictably, which allows remote attackers to cause a denial of service (CPU consumption) by sending many crafted parameters. | ||||
| CVE-2011-5062 | 2 Apache, Redhat | 9 Tomcat, Enterprise Linux, Jboss Communications Platform and 6 more | 2025-04-11 | N/A |
| The HTTP Digest Access Authentication implementation in Apache Tomcat 5.5.x before 5.5.34, 6.x before 6.0.33, and 7.x before 7.0.12 does not check qop values, which might allow remote attackers to bypass intended integrity-protection requirements via a qop=auth value, a different vulnerability than CVE-2011-1184. | ||||
| CVE-2011-5064 | 2 Apache, Redhat | 9 Tomcat, Enterprise Linux, Jboss Communications Platform and 6 more | 2025-04-11 | N/A |
| DigestAuthenticator.java in the HTTP Digest Access Authentication implementation in Apache Tomcat 5.5.x before 5.5.34, 6.x before 6.0.33, and 7.x before 7.0.12 uses Catalina as the hard-coded server secret (aka private key), which makes it easier for remote attackers to bypass cryptographic protection mechanisms by leveraging knowledge of this string, a different vulnerability than CVE-2011-1184. | ||||
| CVE-2011-5245 | 1 Redhat | 9 Jboss Bpms, Jboss Brms, Jboss Enterprise Application Platform and 6 more | 2025-04-11 | N/A |
| The readFrom function in providers.jaxb.JAXBXmlTypeProvider in RESTEasy before 2.3.2 allows remote attackers to read arbitrary files via an external entity reference in a Java Architecture for XML Binding (JAXB) input, aka an XML external entity (XXE) injection attack, a similar vulnerability to CVE-2012-0818. | ||||
| CVE-2012-0022 | 2 Apache, Redhat | 10 Tomcat, Enterprise Linux, Jboss Communications Platform and 7 more | 2025-04-11 | N/A |
| Apache Tomcat 5.5.x before 5.5.35, 6.x before 6.0.34, and 7.x before 7.0.23 uses an inefficient approach for handling parameters, which allows remote attackers to cause a denial of service (CPU consumption) via a request that contains many parameters and parameter values, a different vulnerability than CVE-2011-4858. | ||||
| CVE-2020-14340 | 2 Oracle, Redhat | 16 Communications Cloud Native Core Console, Communications Cloud Native Core Network Repository Function, Communications Cloud Native Core Policy and 13 more | 2024-11-21 | 5.9 Medium |
| A vulnerability was discovered in XNIO where file descriptor leak caused by growing amounts of NIO Selector file handles between garbage collection cycles. It may allow the attacker to cause a denial of service. It affects XNIO versions 3.6.0.Beta1 through 3.8.1.Final. | ||||
| CVE-2012-5626 | 1 Redhat | 6 Jboss Brms, Jboss Enterprise Application Platform, Jboss Enterprise Web Server and 3 more | 2024-11-21 | 7.5 High |
| EJB method in Red Hat JBoss BRMS 5; Red Hat JBoss Enterprise Application Platform 5; Red Hat JBoss Operations Network 3.1; Red Hat JBoss Portal 4 and 5; Red Hat JBoss SOA Platform 4.2, 4.3, and 5; in Red Hat JBoss Enterprise Web Server 1 ignores roles specified using the @RunAs annotation. | ||||