VYPR

JBoss

by JBoss

CVEs (7)

  • CVE-2016-6325HigOct 13, 2016
    risk 0.51cvss 7.8epss 0.01

    The Tomcat package on Red Hat Enterprise Linux (RHEL) 5 through 7, JBoss Web Server 3.0, and JBoss EWS 2 uses weak permissions for (1) /etc/sysconfig/tomcat and (2) /etc/tomcat/tomcat.conf, which allows local users to gain privileges by leveraging membership in the tomcat group.

  • CVE-2016-8656HigMay 22, 2018
    risk 0.46cvss 7.0epss 0.00

    Jboss jbossas before versions 5.2.0-23, 6.4.13, 7.0.5 is vulnerable to an unsafe file handling in the jboss init script which could result in local privilege escalation.

  • CVE-2007-1036Feb 21, 2007
    risk 0.10cvss epss 0.82

    The default configuration of JBoss does not restrict access to the (1) console and (2) web management interfaces, which allows remote attackers to bypass authentication and gain administrative access via direct requests.

  • CVE-2005-2006Jun 17, 2005
    risk 0.04cvss epss 0.09

    JBOSS 3.2.2 through 3.2.7 and 4.0.2 allows remote attackers to obtain sensitive information via a GET request (1) with a "%." (percent dot), which reveals the installation path or (2) with a % (percent) before a filename, which reveals the contents of the file.

  • CVE-2003-0845Nov 17, 2003
    risk 0.04cvss epss 0.15

    Unknown vulnerability in the HSQLDB component in JBoss 3.2.1 and 3.0.8 on Java 1.4.x platforms, when running in the default configuration, allows remote attackers to conduct unauthorized activities and possibly execute arbitrary code via certain SQL statements to (1) TCP port…

  • CVE-2009-0027Mar 9, 2009
    risk 0.00cvss epss 0.02

    The request handler in JBossWS in JBoss Enterprise Application Platform (aka JBoss EAP or JBEAP) 4.2 before 4.2.0.CP06 and 4.3 before 4.3.0.CP04 does not properly validate the resource path during a request for a WSDL file with a custom web-service endpoint, which allows remote…

  • CVE-2007-1157Mar 2, 2007
    risk 0.00cvss epss 0.01

    Cross-site request forgery (CSRF) vulnerability in jmx-console/HtmlAdaptor in JBoss allows remote attackers to perform privileged actions as administrators via certain MBean operations, a different vulnerability than CVE-2006-3733.