Search for packages
| purl | pkg:rpm/redhat/jboss-javaee@5.0.2-2.ep5?arch=el5 |
| Next non-vulnerable version | None. |
| Latest non-vulnerable version | None. |
| Risk | 10.0 |
| Vulnerability | Summary | Fixed by |
|---|---|---|
|
VCID-1j8r-mpy8-1fca
Aliases: CVE-2011-2908 |
CSRF on jmx-console allows invocation of operations on mbeans | There are no reported fixed by versions. |
|
VCID-5spn-5yfr-hkeh
Aliases: CVE-2011-2487 GHSA-4qqf-hmv6-r6wh |
Use of a Broken or Risky Cryptographic Algorithm The implementations of PKCS#1 v1.5 key transport mechanism for XMLEncryption in JBossWS and Apache WSS4J before 1.6.5 is susceptible to a Bleichenbacher attack. | There are no reported fixed by versions. |
|
VCID-6h5q-umkt-67gx
Aliases: CVE-2011-4575 |
Console: XSS in invoke operation | There are no reported fixed by versions. |
|
VCID-6z6u-vxpb-cbam
Aliases: CVE-2012-0874 |
JBoss invoker servlets do not require authentication | There are no reported fixed by versions. |
|
VCID-8mmr-21rb-13a3
Aliases: CVE-2012-3369 |
JBoss: CallerIdentityLoginModule retaining password from previous call if a null password is provided | There are no reported fixed by versions. |
|
VCID-akb4-2b51-aqej
Aliases: CVE-2011-1096 |
jbossws: Prone to character encoding pattern attack (XML Encryption flaw) | There are no reported fixed by versions. |
|
VCID-b91g-m3nt-1bgq
Aliases: CVE-2012-2379 GHSA-2g99-c67p-56hm |
Apache CXF 2.4.x before 2.4.8, 2.5.x before 2.5.4, and 2.6.x before 2.6.1, when a Supporting Token specifies a child WS-SecurityPolicy 1.1 or 1.2 policy, does not properly ensure that an XML element is signed or encrypted, which has unspecified impact and attack vectors. | There are no reported fixed by versions. |
|
VCID-fmt1-sc17-m3hj
Aliases: CVE-2012-5478 |
JBoss: AuthorizationInterceptor allows JMX operation to proceed despite authorization failure | There are no reported fixed by versions. |
|
VCID-fpuc-fe6m-47c6
Aliases: CVE-2012-3546 GHSA-jgm2-m5cg-f66g |
org/apache/catalina/realm/RealmBase.java in Apache Tomcat 6.x before 6.0.36 and 7.x before 7.0.30, when FORM authentication is used, allows remote attackers to bypass security-constraint checks by leveraging a previous setUserPrincipal call and then placing /j_security_check at the end of a URI. | There are no reported fixed by versions. |
|
VCID-h4ys-unzb-cbhn
Aliases: CVE-2011-2730 GHSA-wv88-pf73-x22p |
VMware SpringSource Spring Framework before 2.5.6.SEC03, 2.5.7.SR023, and 3.x before 3.0.6, when a container supports Expression Language (EL), evaluates EL expressions in tags twice, which allows remote attackers to obtain sensitive information via a (1) name attribute in a (a) spring:hasBindErrors tag; (2) path attribute in a (b) spring:bind or (c) spring:nestedpath tag; (3) arguments, (4) code, (5) text, (6) var, (7) scope, or (8) message attribute in a (d) spring:message or (e) spring:theme tag; or (9) var, (10) scope, or (11) value attribute in a (f) spring:transform tag, aka "Expression Language Injection." | There are no reported fixed by versions. |
|
VCID-qjqp-pmmg-hbcn
Aliases: CVE-2012-3370 |
JBoss: SecurityAssociation.getCredential() will return the previous credential if no security context is provided | There are no reported fixed by versions. |
|
VCID-tsx9-m59a-jfgk
Aliases: CVE-2012-0034 |
Credentials Management The `NonManagedConnectionFactory` in JBoss logs the username and password in cleartext when an exception is thrown, which allows local users to obtain sensitive information by reading the log file. | There are no reported fixed by versions. |
|
VCID-xsw7-bk2r-qkcx
Aliases: CVE-2009-5066 |
JBoss: twiddle.sh accepts credentials as command line arguments, exposing them to other local users via a process listing | There are no reported fixed by versions. |
|
VCID-ya1g-e474-nfh2
Aliases: CVE-2012-2377 |
JGroups diagnostics service enabled by default with no authentication when a JGroups channel is started | There are no reported fixed by versions. |
| Vulnerability | Summary | Aliases |
|---|---|---|
| This package is not known to fix vulnerabilities. | ||