CVSS: 7.5EPSS: 0%CPEs: 1EXPL: 0CVE-2012-1094
https://notcve.org/view.php?id=CVE-2012-1094
10 Mar 2020 — JBoss AS 7 prior to 7.1.1 and mod_cluster do not handle default hostname in the same way, which can cause the excluded-contexts list to be mismatched and the root context to be exposed. JBoss AS versiones 7 anteriores a la versión 7.1.1 y mod_cluster no manejan el nombre de host predeterminado de la misma manera, lo que puede causar que la lista de contextos excluidos sea contrastada inapropiadamente y que el contexto root sea expuesto. • https://access.redhat.com/security/cve/cve-2012-1094 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 7.8EPSS: 0%CPEs: 3EXPL: 0CVE-2012-2312
https://notcve.org/view.php?id=CVE-2012-2312
18 Dec 2019 — An Elevated Privileges issue exists in JBoss AS 7 Community Release due to the improper implementation in the security context propagation, A threat gets reused from the thread pool that still retains the security context from the process last used, which lets a local user obtain elevated privileges. Se presenta un problema de privilegios elevados en JBoss AS 7 Community Release, debido a la implementación inapropiada en la propagación del contexto de seguridad. Se reutiliza una amenaza del grupo de hilos (... • https://access.redhat.com/security/cve/cve-2012-2312 • CWE-269: Improper Privilege Management •
CVSS: 6.5EPSS: 0%CPEs: 8EXPL: 0CVE-2011-3609
https://notcve.org/view.php?id=CVE-2011-3609
26 Nov 2019 — A CSRF issue was found in JBoss Application Server 7 before 7.1.0. JBoss did not properly restrict access to the management console information (for example via the "Access-Control-Allow-Origin" HTTP access control flag). This can lead to unauthorized information leak if a user with admin privileges visits a specially-crafted web page provided by a remote attacker. Se encontró un problema CSRF en JBoss Application Server 7 versiones anteriores a 7.1.0. JBoss no restringió apropiadamente el acceso a la infor... • https://access.redhat.com/security/cve/cve-2011-3609 • CWE-352: Cross-Site Request Forgery (CSRF) •
CVSS: 5.4EPSS: 0%CPEs: 8EXPL: 0CVE-2011-3606
https://notcve.org/view.php?id=CVE-2011-3606
26 Nov 2019 — A DOM based cross-site scripting flaw was found in the JBoss Application Server 7 before 7.1.0 Beta 1 administration console. A remote attacker could provide a specially-crafted web page and trick the valid JBoss AS user, with the administrator privilege, to visit it, which would lead into the DOM environment modification and arbitrary HTML or web script execution. Se encontró un fallo de tipo cross-site scripting basado en DOM en la consola de administración de JBoss Application Server 7 versiones anterior... • https://access.redhat.com/security/cve/cve-2011-3606 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •