Jboss enterprise web server

This hub aggregates every CVE we track for Jboss enterprise web server, a product in the web cms plugins space. Use it to gauge the current risk picture and drill into individual advisories.

Severity distribution

Monthly trend

The 15 most recently published vulnerabilities affecting Jboss enterprise web server.

• CVE-2020-25710A flaw was found in OpenLDAP in versions before 2.4.56. This flaw allows an attacker who sends a malicious packet processed by OpenLDAP to force a failed assertion in csnNormalize23(). The highest ...7.5May 28, 2021
• CVE-2012-5626EJB method in Red Hat JBoss BRMS 5; Red Hat JBoss Enterprise Application Platform 5; Red Hat JBoss Operations Network 3.1; Red Hat JBoss Portal 4 and 5; Red Hat JBoss SOA Platform 4.2, 4.3, and 5; ...7.5Jan 23, 2020
• CVE-2019-19906cyrus-sasl (aka Cyrus SASL) 2.1.27 has an out-of-bounds write leading to unauthenticated remote denial-of-service in OpenLDAP via a malformed LDAP packet. The OpenLDAP crash is ultimately caused by...7.5Dec 19, 2019
• CVE-2014-3701eDeploy has tmp file race condition flaws8.1Dec 15, 2019
• CVE-2014-3699eDeploy has RCE via cPickle deserialization of untrusted data9.8Dec 15, 2019
• CVE-2012-2148An issue exists in the property replacements feature in any descriptor in JBoxx AS 7.1.1 ignores java security policies3.3Dec 6, 2019
• CVE-2014-3700eDeploy through at least 2014-10-14 has remote code execution due to eval() of untrusted data9.8Nov 21, 2019
• CVE-2014-3655JBoss KeyCloak is vulnerable to soft token deletion via CSRF4.3Nov 13, 2019
• CVE-2011-3923Apache Struts before 2.3.1.2 allows remote attackers to bypass security protections in the ParameterInterceptor class and execute arbitrary commands.9.8Nov 1, 2019
• CVE-2019-15590-byte record padding oracle5.9Feb 27, 2019
• CVE-2018-1336An improper handing of overflow in the UTF-8 decoder with supplementary characters can lead to an infinite loop in the decoder causing a Denial of Service. Versions Affected: Apache Tomcat 9.0.0.M9...7.5Aug 2, 2018
• CVE-2018-1304The URL pattern of "" (the empty string) which exactly maps to the context root was not correctly handled in Apache Tomcat 9.0.0.M1 to 9.0.4, 8.5.0 to 8.5.27, 8.0.0.RC1 to 8.0.49 and 7.0.0 to 7.0.8...5.9Feb 28, 2018
• CVE-2015-7501Red Hat JBoss A-MQ 6.x; BPM Suite (BPMS) 6.x; BRMS 6.x and 5.x; Data Grid (JDG) 6.x; Data Virtualization (JDV) 6.x and 5.x; Enterprise Application Platform 6.x, 5.x, and 4.3.x; Fuse 6.x; Fuse Servi...9.8Nov 9, 2017
• CVE-2017-12613When apr_time_exp*() or apr_os_exp_time*() functions are invoked with an invalid month field value in Apache Portable Runtime APR 1.6.2 and prior, out of bounds memory may be accessed in converting...7.1Oct 24, 2017
• CVE-2017-12617When running Apache Tomcat versions 9.0.0.M1 to 9.0.0, 8.5.0 to 8.5.22, 8.0.0.RC1 to 8.0.46 and 7.0.0 to 7.0.81 with HTTP PUTs enabled (e.g. via setting the readonly initialisation parameter of the...KEV8.1Oct 3, 2017