CVSS: 7.5EPSS: 1%CPEs: 4EXPL: 0CVE-2011-4610 – JBoss Web remote denial of service when surrogate pair character is placed at buffer boundary
https://notcve.org/view.php?id=CVE-2011-4610
10 Feb 2014 — JBoss Web, as used in Red Hat JBoss Communications Platform before 5.1.3, Enterprise Web Platform before 5.1.2, Enterprise Application Platform before 5.1.2, and other products, allows remote attackers to cause a denial of service (infinite loop) via vectors related to a crafted UTF-8 and a "surrogate pair character" that is "at the boundary of an internal buffer." JBoss Web, utilizado en Red Hat JBoss Communications Platform anterior a 5.1.3, Enterprise Web Platform anterior a 5.1.2, Enterprise Application... • http://rhn.redhat.com/errata/RHSA-2012-0074.html • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 7.5EPSS: 1%CPEs: 17EXPL: 0CVE-2011-1483 – JBossWS remote Denial of Service
https://notcve.org/view.php?id=CVE-2011-1483
25 Jul 2013 — wsf/common/DOMUtils.java in JBossWS Native in Red Hat JBoss Enterprise Application Platform 4.2.0.CP09, 4.3, and 5.1.1; JBoss Enterprise Portal Platform 4.3.CP06 and 5.1.1; JBoss Enterprise SOA Platform 4.2.CP05, 4.3.CP05, and 5.1.0; JBoss Communications Platform 1.2.11 and 5.1.1; JBoss Enterprise BRMS Platform 5.1.0; and JBoss Enterprise Web Platform 5.1.1 does not properly handle recursion during entity expansion, which allows remote attackers to cause a denial of service (memory and CPU consumption) via ... • http://source.jboss.org/changelog/JBossWS/?cs=13996 •
CVSS: 7.5EPSS: 34%CPEs: 99EXPL: 2CVE-2013-2165 – RichFaces: Remote code execution due to insecure deserialization
https://notcve.org/view.php?id=CVE-2013-2165
10 Jul 2013 — ResourceBuilderImpl.java in the RichFaces 3.x through 5.x implementation in Red Hat JBoss Web Framework Kit before 2.3.0, Red Hat JBoss Web Platform through 5.2.0, Red Hat JBoss Enterprise Application Platform through 4.3.0 CP10 and 5.x through 5.2.0, Red Hat JBoss BRMS through 5.3.1, Red Hat JBoss SOA Platform through 4.3.0 CP05 and 5.x through 5.3.1, Red Hat JBoss Portal through 4.3 CP07 and 5.x through 5.2.2, and Red Hat JBoss Operations Network through 2.4.2 and 3.x through 3.1.2 does not restrict the c... • https://packetstorm.news/files/id/156663 • CWE-264: Permissions, Privileges, and Access Controls CWE-502: Deserialization of Untrusted Data •
CVSS: 9.8EPSS: 0%CPEs: 13EXPL: 0CVE-2012-1167 – JBoss: authentication bypass when running under JACC with ignoreBaseDecision on JBossWebRealm
https://notcve.org/view.php?id=CVE-2012-1167
23 Nov 2012 — The JBoss Server in JBoss Enterprise Application Platform 5.1.x before 5.1.2 and 5.2.x before 5.2.2, Web Platform before 5.1.2, BRMS Platform before 5.3.0, and SOA Platform before 5.3.0, when the server is configured to use the JaccAuthorizationRealm and the ignoreBaseDecision property is set to true on the JBossWebRealm, does not properly check the permissions created by the WebPermissionMapping class, which allows remote authenticated users to access arbitrary applications. El JBoss Server en JBoss Enterp... • http://rhn.redhat.com/errata/RHSA-2012-1013.html • CWE-264: Permissions, Privileges, and Access Controls •
CVSS: 8.8EPSS: 1%CPEs: 37EXPL: 0CVE-2011-2196 – JBoss Seam EL interpolation in exception handling
https://notcve.org/view.php?id=CVE-2011-2196
27 Jul 2011 — jboss-seam.jar in the JBoss Seam 2 framework 2.2.x and earlier, as distributed in Red Hat JBoss Enterprise SOA Platform 4.3.0.CP05 and 5.1.0; JBoss Enterprise Application Platform (aka JBoss EAP or JBEAP) 4.3.0, 4.3.0.CP09, and 5.1.1; and JBoss Enterprise Web Platform 5.1.1, does not properly restrict use of Expression Language (EL) statements in FacesMessages during page exception handling, which allows remote attackers to execute arbitrary Java code via a crafted URL to an application. NOTE: this vulnerab... • http://www.redhat.com/support/errata/RHSA-2011-0945.html • CWE-264: Permissions, Privileges, and Access Controls •