Filtered by vendor Redhat Subscriptions
Filtered by product Jboss Soa Platform Subscriptions
Total 30 CVE
CVE Vendors Products Updated CVSS v3.1
CVE-2020-14340 2 Oracle, Redhat 16 Communications Cloud Native Core Console, Communications Cloud Native Core Network Repository Function, Communications Cloud Native Core Policy and 13 more 2024-11-21 5.9 Medium
A vulnerability was discovered in XNIO where file descriptor leak caused by growing amounts of NIO Selector file handles between garbage collection cycles. It may allow the attacker to cause a denial of service. It affects XNIO versions 3.6.0.Beta1 through 3.8.1.Final.
CVE-2012-5626 1 Redhat 6 Jboss Brms, Jboss Enterprise Application Platform, Jboss Enterprise Web Server and 3 more 2024-11-21 7.5 High
EJB method in Red Hat JBoss BRMS 5; Red Hat JBoss Enterprise Application Platform 5; Red Hat JBoss Operations Network 3.1; Red Hat JBoss Portal 4 and 5; Red Hat JBoss SOA Platform 4.2, 4.3, and 5; in Red Hat JBoss Enterprise Web Server 1 ignores roles specified using the @RunAs annotation.
CVE-2012-2377 1 Redhat 6 Jboss Enterprise Application Platform, Jboss Enterprise Brms Platform, Jboss Enterprise Portal Platform and 3 more 2024-11-21 N/A
JGroups diagnostics service in JBoss Enterprise Portal Platform before 5.2.2, SOA Platform before 5.3.0, and BRMS Platform before 5.3.0, is enabled without authentication when started by the JGroups channel, which allows remote attackers in adjacent networks to read diagnostics information via a crafted IP multicast.
CVE-2012-1167 1 Redhat 6 Jboss Enterprise Application Platform, Jboss Enterprise Brms Platform, Jboss Enterprise Portal Platform and 3 more 2024-11-21 N/A
The JBoss Server in JBoss Enterprise Application Platform 5.1.x before 5.1.2 and 5.2.x before 5.2.2, Web Platform before 5.1.2, BRMS Platform before 5.3.0, and SOA Platform before 5.3.0, when the server is configured to use the JaccAuthorizationRealm and the ignoreBaseDecision property is set to true on the JBossWebRealm, does not properly check the permissions created by the WebPermissionMapping class, which allows remote authenticated users to access arbitrary applications.
CVE-2012-0818 1 Redhat 10 Jboss Bpms, Jboss Brms, Jboss Enterprise Application Platform and 7 more 2024-11-21 N/A
RESTEasy before 2.3.1 allows remote attackers to read arbitrary files via an external entity reference in a DOM document, aka an XML external entity (XXE) injection attack.
CVE-2012-0079 2 Oracle, Redhat 2 Opensso, Jboss Soa Platform 2024-11-21 N/A
Unspecified vulnerability in Oracle OpenSSO 7.1 and 8.0 allows remote attackers to affect integrity via unknown vectors related to Administration.
CVE-2012-0022 2 Apache, Redhat 10 Tomcat, Enterprise Linux, Jboss Communications Platform and 7 more 2024-11-21 N/A
Apache Tomcat 5.5.x before 5.5.35, 6.x before 6.0.34, and 7.x before 7.0.23 uses an inefficient approach for handling parameters, which allows remote attackers to cause a denial of service (CPU consumption) via a request that contains many parameters and parameter values, a different vulnerability than CVE-2011-4858.
CVE-2011-5245 1 Redhat 9 Jboss Bpms, Jboss Brms, Jboss Enterprise Application Platform and 6 more 2024-11-21 N/A
The readFrom function in providers.jaxb.JAXBXmlTypeProvider in RESTEasy before 2.3.2 allows remote attackers to read arbitrary files via an external entity reference in a Java Architecture for XML Binding (JAXB) input, aka an XML external entity (XXE) injection attack, a similar vulnerability to CVE-2012-0818.
CVE-2011-5064 2 Apache, Redhat 9 Tomcat, Enterprise Linux, Jboss Communications Platform and 6 more 2024-11-21 N/A
DigestAuthenticator.java in the HTTP Digest Access Authentication implementation in Apache Tomcat 5.5.x before 5.5.34, 6.x before 6.0.33, and 7.x before 7.0.12 uses Catalina as the hard-coded server secret (aka private key), which makes it easier for remote attackers to bypass cryptographic protection mechanisms by leveraging knowledge of this string, a different vulnerability than CVE-2011-1184.
CVE-2011-5063 2 Apache, Redhat 9 Tomcat, Enterprise Linux, Jboss Communications Platform and 6 more 2024-11-21 N/A
The HTTP Digest Access Authentication implementation in Apache Tomcat 5.5.x before 5.5.34, 6.x before 6.0.33, and 7.x before 7.0.12 does not check realm values, which might allow remote attackers to bypass intended access restrictions by leveraging the availability of a protection space with weaker authentication or authorization requirements, a different vulnerability than CVE-2011-1184.
CVE-2011-5062 2 Apache, Redhat 9 Tomcat, Enterprise Linux, Jboss Communications Platform and 6 more 2024-11-21 N/A
The HTTP Digest Access Authentication implementation in Apache Tomcat 5.5.x before 5.5.34, 6.x before 6.0.33, and 7.x before 7.0.12 does not check qop values, which might allow remote attackers to bypass intended integrity-protection requirements via a qop=auth value, a different vulnerability than CVE-2011-1184.
CVE-2011-4858 2 Apache, Redhat 10 Tomcat, Enterprise Linux, Jboss Communications Platform and 7 more 2024-11-21 N/A
Apache Tomcat before 5.5.35, 6.x before 6.0.35, and 7.x before 7.0.23 computes hash values for form parameters without restricting the ability to trigger hash collisions predictably, which allows remote attackers to cause a denial of service (CPU consumption) by sending many crafted parameters.
CVE-2011-4838 2 Jruby, Redhat 2 Jruby, Jboss Soa Platform 2024-11-21 N/A
JRuby before 1.6.5.1 computes hash values without restricting the ability to trigger hash collisions predictably, which allows context-dependent attackers to cause a denial of service (CPU consumption) via crafted input to an application that maintains a hash table.
CVE-2011-4610 1 Redhat 6 Jboss Communications Platform, Jboss Enterprise Application Platform, Jboss Enterprise Brms Platform and 3 more 2024-11-21 N/A
JBoss Web, as used in Red Hat JBoss Communications Platform before 5.1.3, Enterprise Web Platform before 5.1.2, Enterprise Application Platform before 5.1.2, and other products, allows remote attackers to cause a denial of service (infinite loop) via vectors related to a crafted UTF-8 and a "surrogate pair character" that is "at the boundary of an internal buffer."
CVE-2011-4605 1 Redhat 6 Jboss Enterprise Application Platform, Jboss Enterprise Brms Platform, Jboss Enterprise Portal Platform and 3 more 2024-11-21 N/A
The (1) JNDI service, (2) HA-JNDI service, and (3) HAJNDIFactory invoker servlet in JBoss Enterprise Application Platform 4.3.0 CP10 and 5.1.2, Web Platform 5.1.2, SOA Platform 4.2.0.CP05 and 4.3.0.CP05, Portal Platform 4.3 CP07 and 5.2.x before 5.2.2, and BRMS Platform before 5.3.0 do not properly restrict write access, which allows remote attackers to add, delete, or modify items in a JNDI tree via unspecified vectors.
CVE-2011-4314 3 Kay Framework Project, Openid, Redhat 7 Kay Framework, Openid4java, Jboss Enterprise Application Platform and 4 more 2024-11-21 N/A
message/ax/AxMessage.java in OpenID4Java before 0.9.6 final, as used in JBoss Enterprise Application Platform 5.1 before 5.1.2, Step2, Kay Framework before 1.0.2, and possibly other products does not verify that Attribute Exchange (AX) information is signed, which allows remote attackers to modify potentially sensitive AX information without detection via a man-in-the-middle (MITM) attack.
CVE-2011-4085 1 Redhat 5 Jboss Enterprise Application Platform, Jboss Enterprise Brms Platform, Jboss Enterprise Portal Platform and 2 more 2024-11-21 N/A
The servlets invoked by httpha-invoker in JBoss Enterprise Application Platform before 5.1.2, SOA Platform before 5.2.0, BRMS Platform before 5.3.0, and Portal Platform before 4.3 CP07 perform access control only for the GET and POST methods, which allow remote attackers to bypass authentication by sending a request with a different method. NOTE: this vulnerability exists because of a CVE-2010-0738 regression.
CVE-2011-3517 2 Oracle, Redhat 2 Sun Products Suite, Jboss Soa Platform 2024-11-21 N/A
Unspecified vulnerability in the Oracle OpenSSO component in Oracle Sun Products Suite 8.0 allows remote attackers to affect availability via unknown vectors related to Authentication.
CVE-2011-3506 2 Oracle, Redhat 2 Sun Products Suite, Jboss Soa Platform 2024-11-21 N/A
Unspecified vulnerability in the Oracle OpenSSO component in Oracle Sun Products Suite 7.1 and 8.0 allows remote attackers to affect integrity via unknown vectors related to Authentication.
CVE-2011-2908 1 Redhat 6 Jboss Enterprise Application Platform, Jboss Enterprise Brms Platform, Jboss Enterprise Portal Platform and 3 more 2024-11-21 N/A
Cross-site request forgery (CSRF) vulnerability in the JMX Console (jmx-console) in JBoss Enterprise Portal Platform before 5.2.2, BRMS Platform 5.3.0 before roll up patch1, and SOA Platform 5.3.0 allows remote authenticated users to hijack the authentication of arbitrary users for requests that perform operations on MBeans and possibly execute arbitrary code via unspecified vectors.