CVSS: 7.5EPSS: 2%CPEs: 23EXPL: 0CVE-2010-4265 – jboss-remoting: missing fix for CVE-2010-3862
https://notcve.org/view.php?id=CVE-2010-4265
30 Dec 2010 — The org.jboss.remoting.transport.bisocket.BisocketServerInvoker$SecondaryServerSocketThread.run method in JBoss Remoting 2.2.x before 2.2.3.SP4 and 2.5.x before 2.5.3.SP2 in Red Hat JBoss Enterprise Application Platform (aka JBoss EAP or JBEAP) 4.3 through 4.3.0.CP09 allows remote attackers to cause a denial of service (daemon outage) by establishing a bisocket control connection TCP session, and then not sending any application data, related to a missing CVE-2010-3862 patch. NOTE: this can be considered a ... • http://securitytracker.com/id?1024840 •
CVSS: 7.5EPSS: 3%CPEs: 23EXPL: 0CVE-2010-3862 – JBoss Remoting Denial-Of-Service
https://notcve.org/view.php?id=CVE-2010-3862
30 Dec 2010 — The org.jboss.remoting.transport.bisocket.BisocketServerInvoker$SecondaryServerSocketThread.run method in JBoss Remoting 2.2.x before 2.2.3.SP4 and 2.5.x before 2.5.3.SP2 in Red Hat JBoss Enterprise Application Platform (aka JBoss EAP or JBEAP) 4.3 through 4.3.0.CP09, and 5.1.0; and JBoss Enterprise Web Platform (aka JBEWP) 5.1.0; allows remote attackers to cause a denial of service (daemon outage) by establishing a bisocket control connection TCP session, and then not sending any application data. El métod... • http://securitytracker.com/id?1024813 • CWE-20: Improper Input Validation •
CVSS: 8.8EPSS: 95%CPEs: 6EXPL: 3CVE-2010-1871 – Red Hat Linux JBoss Seam 2 Remote Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2010-1871
04 Aug 2010 — JBoss Seam 2 (jboss-seam2), as used in JBoss Enterprise Application Platform 4.3.0 for Red Hat Linux, does not properly sanitize inputs for JBoss Expression Language (EL) expressions, which allows remote attackers to execute arbitrary code via a crafted URL. NOTE: this is only a vulnerability when the Java Security Manager is not properly configured. JBoss Seam 2 (jboss-seam2), como el usado en JBoss Enterprise Application Platform v4.3.0 para Red Hat Linux, no sanea adecuadamente las entradas de de la expr... • https://packetstorm.news/files/id/180880 • CWE-917: Improper Neutralization of Special Elements used in an Expression Language Statement ('Expression Language Injection') •
CVSS: 7.5EPSS: 0%CPEs: 17EXPL: 4CVE-2010-1429 – JBossEAP status servlet info leak
https://notcve.org/view.php?id=CVE-2010-1429
28 Apr 2010 — Red Hat JBoss Enterprise Application Platform (aka JBoss EAP or JBEAP) 4.2 before 4.2.0.CP09 and 4.3 before 4.3.0.CP08 allows remote attackers to obtain sensitive information about "deployed web contexts" via a request to the status servlet, as demonstrated by a full=true query string. NOTE: this issue exists because of a CVE-2008-3273 regression. Plataforma de aplicación Red Hat JBoss Enterprise (conocido como JBoss EAP r JBEAP) v4.2 anterior v4.2.0.CP09 y v4.3 anterior v4.3.0.CP08 permite a atacantes remo... • https://packetstorm.news/files/id/181026 • CWE-264: Permissions, Privileges, and Access Controls •
CVSS: 7.5EPSS: 95%CPEs: 2EXPL: 8CVE-2010-0738 – Red Hat JBoss Authentication Bypass Vulnerability
https://notcve.org/view.php?id=CVE-2010-0738
28 Apr 2010 — The JMX-Console web application in JBossAs in Red Hat JBoss Enterprise Application Platform (aka JBoss EAP or JBEAP) 4.2 before 4.2.0.CP09 and 4.3 before 4.3.0.CP08 performs access control only for the GET and POST methods, which allows remote attackers to send requests to this application's GET handler by using a different method. La aplicación web JMX-Console en JBossAs en Red Hat JBoss Enterprise Application Platform (conocido como JBoss EAP o JBEAP) v4.2 anterior v4.2.0.CP09 y v4.3 anterior v4.3.0.CP08 ... • https://packetstorm.news/files/id/181026 • CWE-284: Improper Access Control CWE-749: Exposed Dangerous Method or Function •
CVSS: 7.5EPSS: 76%CPEs: 2EXPL: 2CVE-2010-1428 – Red Hat JBoss Information Disclosure Vulnerability
https://notcve.org/view.php?id=CVE-2010-1428
28 Apr 2010 — The Web Console (aka web-console) in JBossAs in Red Hat JBoss Enterprise Application Platform (aka JBoss EAP or JBEAP) 4.2 before 4.2.0.CP09 and 4.3 before 4.3.0.CP08 performs access control only for the GET and POST methods, which allows remote attackers to obtain sensitive information via an unspecified request that uses a different method. La consola Web(también conocida como web-console) en JBossAs en Red Hat JBoss Enterprise Application Platform (también conocido como JBoss EAP o JBEAP) v4.2 anterior a... • https://packetstorm.news/files/id/181026 • CWE-749: Exposed Dangerous Method or Function •
CVSS: 6.1EPSS: 0%CPEs: 15EXPL: 0CVE-2009-1380 – jbossas JMX-Console cross-site-scripting in filter parameter
https://notcve.org/view.php?id=CVE-2009-1380
15 Dec 2009 — Cross-site scripting (XSS) vulnerability in JMX-Console in JBossAs in Red Hat JBoss Enterprise Application Platform (aka JBoss EAP or JBEAP) 4.2 before 4.2.0.CP08 and 4.3 before 4.3.0.CP07 allows remote attackers to inject arbitrary web script or HTML via the filter parameter, related to the key property and the position of quote and colon characters. Vulnerabilidad de secuencias de comandos en sitios cruzados (XSS) en JMX-Console en JBossAs en Red Hat JBoss Enterprise Application Platform (tambien conocida... • http://secunia.com/advisories/37671 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 6.1EPSS: 0%CPEs: 19EXPL: 0CVE-2009-2405 – JBoss Application Server Web Console XSS
https://notcve.org/view.php?id=CVE-2009-2405
15 Dec 2009 — Multiple cross-site scripting (XSS) vulnerabilities in the Web Console in the Application Server in Red Hat JBoss Enterprise Application Platform (aka JBoss EAP or JBEAP) 4.2.0 before 4.2.0.CP08, 4.2.2GA, 4.3 before 4.3.0.CP07, and 5.1.0GA allow remote attackers to inject arbitrary web script or HTML via the (1) monitorName, (2) objectName, (3) attribute, or (4) period parameter to createSnapshot.jsp, or the (5) monitorName, (6) objectName, (7) attribute, (8) threshold, (9) period, or (10) enabled parameter... • http://secunia.com/advisories/35680 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 5.5EPSS: 0%CPEs: 11EXPL: 0CVE-2009-3554 – JBoss EAP Twiddle logs the JMX password
https://notcve.org/view.php?id=CVE-2009-3554
15 Dec 2009 — Twiddle in Red Hat JBoss Enterprise Application Platform (aka JBoss EAP or JBEAP) 4.2 before 4.2.0.CP08 and 4.3 before 4.3.0.CP07 writes the JMX password, and other command-line arguments, to the twiddle.log file, which allows local users to obtain sensitive information by reading this file. Twiddle en Red Hat en la plataforma de aplicaciones JBoss Enterprise (tambien conocido como JBoss EAP or JBEAP) v4.2 anteriores a v4.2.0.CP08 y v4.3 anteriores a v4.3.0.CP07 escribe la contraseña JMX, y otros argumentos... • http://secunia.com/advisories/37671 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 7.5EPSS: 0%CPEs: 10EXPL: 0CVE-2009-0027 – JBoss EAP unprivileged local xml file access
https://notcve.org/view.php?id=CVE-2009-0027
09 Mar 2009 — The request handler in JBossWS in JBoss Enterprise Application Platform (aka JBoss EAP or JBEAP) 4.2 before 4.2.0.CP06 and 4.3 before 4.3.0.CP04 does not properly validate the resource path during a request for a WSDL file with a custom web-service endpoint, which allows remote attackers to read arbitrary XML files via a crafted request. El manejador de solicitudes de JBossWS en JBoss Enterprise Application Platform (alias JBoss o JBEAP PEA) 4.2 antes de 4.2.0.CP06 y 4.3 antes de 4.3.0.CP04 no valida la rut... • http://rhn.redhat.com/errata/RHSA-2009-0346.html • CWE-20: Improper Input Validation •