JBoss AS 7 prior to 7.1.1 and mod_cluster do not handle default hostname in the same way, which can cause the excluded-contexts li

An Elevated Privileges issue exists in JBoss AS 7 Community Release due to the improper implementation in the security context pro

A CSRF issue was found in JBoss Application Server 7 before 7.1.0. JBoss did not properly restrict access to the management consol

A DOM based cross-site scripting flaw was found in the JBoss Application Server 7 before 7.1.0 Beta 1 administration console. A re

The Embedded Jopr component in JBoss Application Server includes the cleartext datasource password in unspecified HTML responses,

The Access Control functionality (JMXOpsAccessControlFilter) in JMX Console in JBoss Application Server 4.0.2 and 4.0.5 before 200

The default configuration of JBoss does not restrict access to the (1) console and (2) web management interfaces, which allows rem

Directory traversal vulnerability in the DeploymentFileRepository class in JBoss Application Server (jbossas) 3.2.4 through 4.0.5