Filtered by vendor Redhat
Subscriptions
Filtered by product Jboss Soa Platform
Subscriptions
Total
30 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2011-1483 | 2 Hp, Redhat | 8 Network Node Manager I, Jboss Communications Platform, Jboss Enterprise Application Platform and 5 more | 2024-08-06 | N/A |
| wsf/common/DOMUtils.java in JBossWS Native in Red Hat JBoss Enterprise Application Platform 4.2.0.CP09, 4.3, and 5.1.1; JBoss Enterprise Portal Platform 4.3.CP06 and 5.1.1; JBoss Enterprise SOA Platform 4.2.CP05, 4.3.CP05, and 5.1.0; JBoss Communications Platform 1.2.11 and 5.1.1; JBoss Enterprise BRMS Platform 5.1.0; and JBoss Enterprise Web Platform 5.1.1 does not properly handle recursion during entity expansion, which allows remote attackers to cause a denial of service (memory and CPU consumption) via a crafted request containing an XML document with a DOCTYPE declaration and a large number of nested entity references, a similar issue to CVE-2003-1564. | ||||
| CVE-2011-1184 | 2 Apache, Redhat | 9 Tomcat, Enterprise Linux, Jboss Communications Platform and 6 more | 2024-08-06 | N/A |
| The HTTP Digest Access Authentication implementation in Apache Tomcat 5.5.x before 5.5.34, 6.x before 6.0.33, and 7.x before 7.0.12 does not have the expected countermeasures against replay attacks, which makes it easier for remote attackers to bypass intended access restrictions by sniffing the network for valid requests, related to lack of checking of nonce (aka server nonce) and nc (aka nonce-count or client nonce count) values. | ||||
| CVE-2011-1096 | 1 Redhat | 6 Jboss Enterprise Application Platform, Jboss Enterprise Brms Platform, Jboss Enterprise Portal Platform and 3 more | 2024-08-06 | N/A |
| The W3C XML Encryption Standard, as used in the JBoss Web Services (JBossWS) component in JBoss Enterprise Portal Platform before 5.2.2 and other products, when using block ciphers in cipher-block chaining (CBC) mode, allows remote attackers to obtain plaintext data via a chosen-ciphertext attack on SOAP responses, aka "character encoding pattern attack." | ||||
| CVE-2012-5626 | 1 Redhat | 6 Jboss Brms, Jboss Enterprise Application Platform, Jboss Enterprise Web Server and 3 more | 2024-08-06 | 7.5 High |
| EJB method in Red Hat JBoss BRMS 5; Red Hat JBoss Enterprise Application Platform 5; Red Hat JBoss Operations Network 3.1; Red Hat JBoss Portal 4 and 5; Red Hat JBoss SOA Platform 4.2, 4.3, and 5; in Red Hat JBoss Enterprise Web Server 1 ignores roles specified using the @RunAs annotation. | ||||
| CVE-2012-2377 | 1 Redhat | 6 Jboss Enterprise Application Platform, Jboss Enterprise Brms Platform, Jboss Enterprise Portal Platform and 3 more | 2024-08-06 | N/A |
| JGroups diagnostics service in JBoss Enterprise Portal Platform before 5.2.2, SOA Platform before 5.3.0, and BRMS Platform before 5.3.0, is enabled without authentication when started by the JGroups channel, which allows remote attackers in adjacent networks to read diagnostics information via a crafted IP multicast. | ||||
| CVE-2012-1167 | 1 Redhat | 6 Jboss Enterprise Application Platform, Jboss Enterprise Brms Platform, Jboss Enterprise Portal Platform and 3 more | 2024-08-06 | N/A |
| The JBoss Server in JBoss Enterprise Application Platform 5.1.x before 5.1.2 and 5.2.x before 5.2.2, Web Platform before 5.1.2, BRMS Platform before 5.3.0, and SOA Platform before 5.3.0, when the server is configured to use the JaccAuthorizationRealm and the ignoreBaseDecision property is set to true on the JBossWebRealm, does not properly check the permissions created by the WebPermissionMapping class, which allows remote authenticated users to access arbitrary applications. | ||||
| CVE-2012-0818 | 1 Redhat | 10 Jboss Bpms, Jboss Brms, Jboss Enterprise Application Platform and 7 more | 2024-08-06 | N/A |
| RESTEasy before 2.3.1 allows remote attackers to read arbitrary files via an external entity reference in a DOM document, aka an XML external entity (XXE) injection attack. | ||||
| CVE-2012-0079 | 2 Oracle, Redhat | 2 Opensso, Jboss Soa Platform | 2024-08-06 | N/A |
| Unspecified vulnerability in Oracle OpenSSO 7.1 and 8.0 allows remote attackers to affect integrity via unknown vectors related to Administration. | ||||
| CVE-2012-0022 | 2 Apache, Redhat | 10 Tomcat, Enterprise Linux, Jboss Communications Platform and 7 more | 2024-08-06 | N/A |
| Apache Tomcat 5.5.x before 5.5.35, 6.x before 6.0.34, and 7.x before 7.0.23 uses an inefficient approach for handling parameters, which allows remote attackers to cause a denial of service (CPU consumption) via a request that contains many parameters and parameter values, a different vulnerability than CVE-2011-4858. | ||||
| CVE-2020-14340 | 2 Oracle, Redhat | 16 Communications Cloud Native Core Console, Communications Cloud Native Core Network Repository Function, Communications Cloud Native Core Policy and 13 more | 2024-08-04 | 5.9 Medium |
| A vulnerability was discovered in XNIO where file descriptor leak caused by growing amounts of NIO Selector file handles between garbage collection cycles. It may allow the attacker to cause a denial of service. It affects XNIO versions 3.6.0.Beta1 through 3.8.1.Final. | ||||