CVE-2011-2487

all versions

The implementations of PKCS#1 v1.5 key transport mechanism for XMLEncryption in JBossWS and Apache WSS4J before 1.6.5 is susceptib

5.9MEDIUM

CVE-2014-0248

all versions

org.jboss.seam.web.AuthenticationFilter in Red Hat JBoss Web Framework Kit 2.5.0, JBoss Enterprise Application Platform (JBEAP) 5.

CVE-2014-0224

all versions

OpenSSL before 0.9.8za, 1.0.0 before 1.0.0m, and 1.0.1 before 1.0.1h does not properly restrict processing of ChangeCipherSpec mes

7.4HIGH

CVE-2011-4610

<= 5.1.2

JBoss Web, as used in Red Hat JBoss Communications Platform before 5.1.3, Enterprise Web Platform before 5.1.2, Enterprise Applica

CVE-2013-4210

all versions

The org.jboss.remoting.transport.socket.ServerThread class in Red Hat JBoss Remoting for Red Hat JBoss SOA Platform 5.3.1 GA, Web

CVE-2012-5575

all versions

Apache CXF 2.5.x before 2.5.10, 2.6.x before CXF 2.6.7, and 2.7.x before CXF 2.7.4 does not verify that a specified cryptographic

CVE-2011-1483

all versions

wsf/common/DOMUtils.java in JBossWS Native in Red Hat JBoss Enterprise Application Platform 4.2.0.CP09, 4.3, and 5.1.1; JBoss Ente

CVE-2013-2165

all versions

ResourceBuilderImpl.java in the RichFaces 3.x through 5.x implementation in Red Hat JBoss Web Framework Kit before 2.3.0, Red Hat

CVE-2012-5629

all versions

The default configuration of the (1) LdapLoginModule and (2) LdapExtLoginModule modules in JBoss Enterprise Application Platform (

CVE-2013-0218

all versions

The GUI installer in JBoss Enterprise Application Platform (EAP) and Enterprise Web Platform (EWP) 5.2.0 and possibly 5.1.2 uses w

CVE-2012-5478

all versions

The AuthorizationInterceptor in JBoss Enterprise Application Platform (EAP) before 5.2.0, Web Platform (EWP) before 5.2.0, BRMS Pl

CVE-2012-3370

all versions

The SecurityAssociation.getCredential method in JBoss Enterprise Application Platform (EAP) before 5.2.0, Web Platform (EWP) befor

CVE-2012-3369

all versions

The CallerIdentityLoginModule in JBoss Enterprise Application Platform (EAP) before 5.2.0, Web Platform (EWP) before 5.2.0, BRMS P

CVE-2012-0874

all versions

The (1) JMXInvokerHAServlet and (2) EJBInvokerHAServlet invoker servlets in JBoss Enterprise Application Platform (EAP) before 5.2

CVE-2012-0034

all versions

The NonManagedConnectionFactory in JBoss Enterprise Application Platform (EAP) 5.1.2 and 5.2.0, Web Platform (EWP) 5.1.2 and 5.2.0

CVE-2011-4575

all versions

Cross-site scripting (XSS) vulnerability in the JMX console in JBoss Enterprise Application Platform (EAP) before 5.2.0, Web Platf

CVE-2012-1167

<= 5.1.1

The JBoss Server in JBoss Enterprise Application Platform 5.1.x before 5.1.2 and 5.2.x before 5.2.2, Web Platform before 5.1.2, BR

CVE-2011-4605

all versions

The (1) JNDI service, (2) HA-JNDI service, and (3) HAJNDIFactory invoker servlet in JBoss Enterprise Application Platform 4.3.0 CP

CVE-2011-2196

all versions

jboss-seam.jar in the JBoss Seam 2 framework 2.2.x and earlier, as distributed in Red Hat JBoss Enterprise SOA Platform 4.3.0.CP05

CVE-2010-4265

all versions

The org.jboss.remoting.transport.bisocket.BisocketServerInvoker$SecondaryServerSocketThread.run method in JBoss Remoting 2.2.x bef

CVE-2010-3862

all versions

The org.jboss.remoting.transport.bisocket.BisocketServerInvoker$SecondaryServerSocketThread.run method in JBoss Remoting 2.2.x bef