Filtered by vendor Redhat
Subscriptions
Filtered by product Jboss Enterprise Application Platform
Subscriptions
Total
569 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2014-3490 | 1 Redhat | 11 Enterprise Linux, Jboss Bpms, Jboss Brms and 8 more | 2025-04-12 | N/A |
| RESTEasy 2.3.1 before 2.3.8.SP2 and 3.x before 3.0.9, as used in Red Hat JBoss Enterprise Application Platform (EAP) 6.3.0, does not disable external entities when the resteasy.document.expand.entity.references parameter is set to false, which allows remote attackers to read arbitrary files and have other unspecified impact via unspecified vectors, related to an XML External Entity (XXE) issue. NOTE: this vulnerability exists because of an incomplete fix for CVE-2012-0818. | ||||
| CVE-2014-3481 | 1 Redhat | 6 Jboss Data Grid, Jboss Data Virtualization, Jboss Enterprise Application Platform and 3 more | 2025-04-12 | N/A |
| org.jboss.as.jaxrs.deployment.JaxrsIntegrationProcessor in Red Hat JBoss Enterprise Application Platform (JEAP) before 6.2.4 enables entity expansion, which allows remote attackers to read arbitrary files via unspecified vectors, related to an XML External Entity (XXE) issue. | ||||
| CVE-2014-3472 | 1 Redhat | 5 Jboss Bpms, Jboss Brms, Jboss Enterprise Application Platform and 2 more | 2025-04-12 | N/A |
| The isCallerInRole function in SimpleSecurityManager in JBoss Application Server (AS) 7, as used in Red Hat JBoss Enterprise Application Platform (JBEAP) 6.3.0, does not properly check caller roles, which allows remote authenticated users to bypass access restrictions via unspecified vectors. | ||||
| CVE-2014-3464 | 1 Redhat | 1 Jboss Enterprise Application Platform | 2025-04-12 | N/A |
| The EJB invocation handler implementation in Red Hat JBossWS, as used in JBoss Enterprise Application Platform (EAP) 6.2.0 and 6.3.0, does not properly enforce the method level restrictions for outbound messages, which allows remote authenticated users to access otherwise restricted JAX-WS handlers by leveraging permissions to the EJB class. NOTE: this vulnerability exists because of an incomplete fix for CVE-2013-2133. | ||||
| CVE-2014-0248 | 1 Redhat | 5 Jboss Enterprise Application Platform, Jboss Enterprise Soa Platform, Jboss Enterprise Web Framework and 2 more | 2025-04-12 | N/A |
| org.jboss.seam.web.AuthenticationFilter in Red Hat JBoss Web Framework Kit 2.5.0, JBoss Enterprise Application Platform (JBEAP) 5.2.0, and JBoss Enterprise Web Platform (JBEWP) 5.2.0 allows remote attackers to execute arbitrary code via a crafted authentication header, related to Seam logging. | ||||
| CVE-2014-0231 | 2 Apache, Redhat | 5 Http Server, Enterprise Linux, Jboss Enterprise Application Platform and 2 more | 2025-04-12 | N/A |
| The mod_cgid module in the Apache HTTP Server before 2.4.10 does not have a timeout mechanism, which allows remote attackers to cause a denial of service (process hang) via a request to a CGI script that does not read from its stdin file descriptor. | ||||
| CVE-2014-0193 | 2 Netty, Redhat | 10 Netty, Jboss Amq, Jboss Bpms and 7 more | 2025-04-12 | N/A |
| WebSocket08FrameDecoder in Netty 3.6.x before 3.6.9, 3.7.x before 3.7.1, 3.8.x before 3.8.2, 3.9.x before 3.9.1, and 4.0.x before 4.0.19 allows remote attackers to cause a denial of service (memory consumption) via a TextWebSocketFrame followed by a long stream of ContinuationWebSocketFrames. | ||||
| CVE-2014-0119 | 2 Apache, Redhat | 10 Tomcat, Enterprise Linux, Jboss Bpms and 7 more | 2025-04-12 | N/A |
| Apache Tomcat before 6.0.40, 7.x before 7.0.54, and 8.x before 8.0.6 does not properly constrain the class loader that accesses the XML parser used with an XSLT stylesheet, which allows remote attackers to (1) read arbitrary files via a crafted web application that provides an XML external entity declaration in conjunction with an entity reference, related to an XML External Entity (XXE) issue, or (2) read files associated with different web applications on a single Tomcat instance via a crafted web application. | ||||
| CVE-2014-0110 | 2 Apache, Redhat | 7 Cxf, Jboss Amq, Jboss Bpms and 4 more | 2025-04-12 | N/A |
| Apache CXF before 2.6.14 and 2.7.x before 2.7.11 allows remote attackers to cause a denial of service (/tmp disk consumption) via a large invalid SOAP message. | ||||
| CVE-2014-0109 | 2 Apache, Redhat | 7 Cxf, Jboss Amq, Jboss Bpms and 4 more | 2025-04-12 | N/A |
| Apache CXF before 2.6.14 and 2.7.x before 2.7.11 allows remote attackers to cause a denial of service (memory consumption) via a large request with the Content-Type set to text/html to a SOAP endpoint, which triggers an error. | ||||
| CVE-2014-0118 | 3 Apache, Debian, Redhat | 6 Http Server, Debian Linux, Enterprise Linux and 3 more | 2025-04-12 | N/A |
| The deflate_in_filter function in mod_deflate.c in the mod_deflate module in the Apache HTTP Server before 2.4.10, when request body decompression is enabled, allows remote attackers to cause a denial of service (resource consumption) via crafted request data that decompresses to a much larger size. | ||||
| CVE-2014-0230 | 3 Apache, Oracle, Redhat | 5 Tomcat, Virtualization, Enterprise Linux and 2 more | 2025-04-12 | N/A |
| Apache Tomcat 6.x before 6.0.44, 7.x before 7.0.55, and 8.x before 8.0.9 does not properly handle cases where an HTTP response occurs before finishing the reading of an entire request body, which allows remote attackers to cause a denial of service (thread consumption) via a series of aborted upload attempts. | ||||
| CVE-2014-0107 | 3 Apache, Oracle, Redhat | 15 Xalan-java, Webcenter Sites, Enterprise Linux and 12 more | 2025-04-12 | N/A |
| The TransformerFactory in Apache Xalan-Java before 2.7.2 does not properly restrict access to certain properties when FEATURE_SECURE_PROCESSING is enabled, which allows remote attackers to bypass expected restrictions and load arbitrary classes or access external resources via a crafted (1) xalan:content-header, (2) xalan:entities, (3) xslt:content-header, or (4) xslt:entities property, or a Java property that is bound to the XSLT 1.0 system-property function. | ||||
| CVE-2014-0099 | 2 Apache, Redhat | 11 Tomcat, Enterprise Linux, Jboss Bpms and 8 more | 2025-04-12 | N/A |
| Integer overflow in java/org/apache/tomcat/util/buf/Ascii.java in Apache Tomcat before 6.0.40, 7.x before 7.0.53, and 8.x before 8.0.4, when operated behind a reverse proxy, allows remote attackers to conduct HTTP request smuggling attacks via a crafted Content-Length HTTP header. | ||||
| CVE-2014-0096 | 2 Apache, Redhat | 10 Tomcat, Enterprise Linux, Jboss Bpms and 7 more | 2025-04-12 | N/A |
| java/org/apache/catalina/servlets/DefaultServlet.java in the default servlet in Apache Tomcat before 6.0.40, 7.x before 7.0.53, and 8.x before 8.0.4 does not properly restrict XSLT stylesheets, which allows remote attackers to bypass security-manager restrictions and read arbitrary files via a crafted web application that provides an XML external entity declaration in conjunction with an entity reference, related to an XML External Entity (XXE) issue. | ||||
| CVE-2014-0093 | 1 Redhat | 5 Jboss Bpms, Jboss Brms, Jboss Enterprise Application Platform and 2 more | 2025-04-12 | N/A |
| Red Hat JBoss Enterprise Application Platform (JBEAP) 6.2.2, when using a Java Security Manager (JSM), does not properly apply permissions defined by a policy file, which causes applications to be granted the java.security.AllPermission permission and allows remote attackers to bypass intended access restrictions. | ||||
| CVE-2014-0059 | 1 Redhat | 7 Jboss Bpms, Jboss Brms, Jboss Data Grid and 4 more | 2025-04-12 | N/A |
| JBoss SX and PicketBox, as used in Red Hat JBoss Enterprise Application Platform (EAP) before 6.2.3, use world-readable permissions on audit.log, which allows local users to obtain sensitive information by reading this file. | ||||
| CVE-2014-0058 | 1 Redhat | 8 Jboss Bpms, Jboss Brms, Jboss Data Grid and 5 more | 2025-04-12 | N/A |
| The security audit functionality in Red Hat JBoss Enterprise Application Platform (EAP) 6.x before 6.2.1 logs request parameters in plaintext, which might allow local users to obtain passwords by reading the log files. | ||||
| CVE-2014-0035 | 2 Apache, Redhat | 7 Cxf, Jboss Amq, Jboss Bpms and 4 more | 2025-04-12 | N/A |
| The SymmetricBinding in Apache CXF before 2.6.13 and 2.7.x before 2.7.10, when EncryptBeforeSigning is enabled and the UsernameToken policy is set to an EncryptedSupportingToken, transmits the UsernameToken in cleartext, which allows remote attackers to obtain sensitive information by sniffing the network. | ||||
| CVE-2014-0034 | 2 Apache, Redhat | 7 Cxf, Jboss Amq, Jboss Bpms and 4 more | 2025-04-12 | N/A |
| The SecurityTokenService (STS) in Apache CXF before 2.6.12 and 2.7.x before 2.7.9 does not properly validate SAML tokens when caching is enabled, which allows remote attackers to gain access via an invalid SAML token. | ||||