CVSS: 3.3EPSS: 0%CPEs: 4EXPL: 0CVE-2012-2148
https://notcve.org/view.php?id=CVE-2012-2148
06 Dec 2019 — An issue exists in the property replacements feature in any descriptor in JBoxx AS 7.1.1 ignores java security policies Se presenta un problema en la funcionalidad property replacements en cualquier descriptor en JBoxx AS versión 7.1.1 ignora las políticas de seguridad de Java. • https://access.redhat.com/security/cve/cve-2012-2148 • CWE-269: Improper Privilege Management •
CVSS: 4.3EPSS: 0%CPEs: 11EXPL: 0CVE-2012-4529 – Web: jsessionid exposed via encoded url when using cookie based session tracking
https://notcve.org/view.php?id=CVE-2012-4529
20 May 2013 — The org.apache.catalina.connector.Response.encodeURL method in Red Hat JBoss Web 7.1.x and earlier, when the tracking mode is set to COOKIE, sends the jsessionid in the URL of the first response of a session, which allows remote attackers to obtain the session id (1) via a man-in-the-middle attack or (2) by reading a log. El método org.apache.catalina.connector.Response.encodeURL en Red Hat JBoss Web 7.1.x y anteriores, cuando el modo de traceo está fijado a COOKIE, envia el parámetro jsessionid en la URL d... • http://ocpsoft.org/support/topic/session-id-is-appended-as-url-path-parameter-in-very-first-request •
CVSS: 7.1EPSS: 0%CPEs: 2EXPL: 0CVE-2009-5066 – JBoss: twiddle.sh accepts credentials as command line arguments, exposing them to other local users via a process listing
https://notcve.org/view.php?id=CVE-2009-5066
13 Aug 2012 — twiddle.sh in JBoss AS 5.0 and EAP 5.0 and earlier accepts credentials as command-line arguments, which allows local users to read the credentials by listing the process and its arguments. twiddle.sh en JBoss AS v5.0 y PEA v5.0 y versiones anteriores acepta credenciales como argumentos de línea de comandos, lo que permite a usuarios locales leer las credenciales al listar el proceso y sus argumentos. • http://objectopia.com/2009/10/01/securing-jmx-invoker-layer-in-jboss • CWE-255: Credentials Management Errors •