CVE Tools

jboss

OSS Librariescommercial

15

Cumulative CVEs

10

Monthly snapshots

#25

Peak rank

Top products

jboss1 as1 jbossweb bayeux1

Latest CVEs

The 15 most recently published vulnerabilities affecting jboss.

CVE-2014-3655JBoss KeyCloak is vulnerable to soft token deletion via CSRF4.3Nov 13, 2019
CVE-2014-3649JBoss AeroGear has reflected XSS via the password field6.1Nov 4, 2019
CVE-2016-8656Jboss jbossas before versions 5.2.0-23, 6.4.13, 7.0.5 is vulnerable to an unsafe file handling in the jboss init script which could result in local privilege escalation.7.0May 22, 2018
CVE-2018-1041A vulnerability was found in the way RemoteMessageChannel, introduced in jboss-remoting versions 3.3.10, reads from an empty buffer. An attacker could use this flaw to cause denial of service via h...7.5Feb 15, 2018
CVE-2016-2094The HTTPS NIO Connector allows remote attackers to cause a denial of service (thread consumption) by opening a socket and not sending an SSL handshake, aka a read-timeout vulnerability.7.5May 6, 2016
CVE-2014-0170Teiid before 8.4.3 and before 8.7 and Red Hat JBoss Data Virtualization 6.0.0 before patch 3 allows remote attackers to read arbitrary files via a crafted request to a REST endpoint, related to an ...4.3Sep 30, 2014
CVE-2012-3428The IronJacamar container before 1.0.12.Final for JBoss Application Server, when allow-multiple-users is enabled in conjunction with a security domain, does not use the credentials supplied in a ge...4.3Dec 20, 2012
CVE-2008-3273JBoss Enterprise Application Platform (aka JBossEAP or EAP) before 4.2.0.CP03, and 4.3.0 before 4.3.0.CP01, allows remote attackers to obtain sensitive information about "deployed web contexts" via...5.0Aug 10, 2008
CVE-2007-6433The getRenderedEjbql method in the org.jboss.seam.framework.Query class in JBoss Seam 2.x before 2.0.0.CR3 allows remote attackers to inject and execute arbitrary EJBQL commands via the order param...7.5Dec 18, 2007
CVE-2007-1354The Access Control functionality (JMXOpsAccessControlFilter) in JMX Console in JBoss Application Server 4.0.2 and 4.0.5 before 20070416 uses a member variable to store the roles of the current user...6.0Jul 27, 2007
CVE-2007-1157Cross-site request forgery (CSRF) vulnerability in jmx-console/HtmlAdaptor in JBoss allows remote attackers to perform privileged actions as administrators via certain MBean operations, a different...7.6Feb 27, 2007
CVE-2007-1036The default configuration of JBoss does not restrict access to the (1) console and (2) web management interfaces, which allows remote attackers to bypass authentication and gain administrative acce...7.5Feb 21, 2007
CVE-2006-5750Directory traversal vulnerability in the DeploymentFileRepository class in JBoss Application Server (jbossas) 3.2.4 through 4.0.5 allows remote authenticated users to read or modify arbitrary files...7.5Nov 27, 2006
CVE-2005-2158A regression error in the embedded HSQLDB in JBoss jBPM 2.0 allows remote attackers to execute arbitrary comands, a re-introduction of a vulnerability that was originally identified by CVE-2003-0845.7.5Jul 6, 2005
CVE-2005-2006JBOSS 3.2.2 through 3.2.7 and 4.0.2 allows remote attackers to obtain sensitive information via a GET request (1) with a "%." (percent dot), which reveals the installation path or (2) with a % (per...5.0Jun 20, 2005