CVE-2020-25710

all versions

A flaw was found in OpenLDAP in versions before 2.4.56. This flaw allows an attacker who sends a malicious packet processed by Ope

7.5HIGH

CVE-2012-5626

all versions

EJB method in Red Hat JBoss BRMS 5; Red Hat JBoss Enterprise Application Platform 5; Red Hat JBoss Operations Network 3.1; Red Hat

7.5HIGH

CVE-2019-19906

all versions

cyrus-sasl (aka Cyrus SASL) 2.1.27 has an out-of-bounds write leading to unauthenticated remote denial-of-service in OpenLDAP via

7.5HIGH

CVE-2014-3701

all versions

eDeploy has tmp file race condition flaws

8.1HIGH

CVE-2014-3699

all versions

eDeploy has RCE via cPickle deserialization of untrusted data

9.8CRITICAL

CVE-2012-2148

all versions

An issue exists in the property replacements feature in any descriptor in JBoxx AS 7.1.1 ignores java security policies

3.3LOW

CVE-2014-3700

all versions

eDeploy through at least 2014-10-14 has remote code execution due to eval() of untrusted data

9.8CRITICAL

CVE-2014-3655

all versions

JBoss KeyCloak is vulnerable to soft token deletion via CSRF

4.3MEDIUM

CVE-2011-3923

all versions

Apache Struts before 2.3.1.2 allows remote attackers to bypass security protections in the ParameterInterceptor class and execute

9.8CRITICAL

CVE-2019-1559

all versions

If an application encounters a fatal protocol error and then calls SSL_shutdown() twice (once to send a close_notify, and once to

5.9MEDIUM

CVE-2018-1336

all versions

An improper handing of overflow in the UTF-8 decoder with supplementary characters can lead to an infinite loop in the decoder cau

7.5HIGH

CVE-2018-1304

all versions

The URL pattern of "" (the empty string) which exactly maps to the context root was not correctly handled in Apache Tomcat 9.0.0.M

5.9MEDIUM

CVE-2015-7501

all versions

Red Hat JBoss A-MQ 6.x; BPM Suite (BPMS) 6.x; BRMS 6.x and 5.x; Data Grid (JDG) 6.x; Data Virtualization (JDV) 6.x and 5.x; Enterp

9.8CRITICAL

CVE-2017-12613

all versions

When apr_time_exp() or apr_os_exp_time() functions are invoked with an invalid month field value in Apache Portable Runtime APR

7.1HIGH

CVE-2017-12617

all versions

When running Apache Tomcat versions 9.0.0.M1 to 9.0.0, 8.5.0 to 8.5.22, 8.0.0.RC1 to 8.0.46 and 7.0.0 to 7.0.81 with HTTP PUTs ena

8.1HIGH

CVE-2015-5184

all versions

Console: CORS headers set to allow all in Red Hat AMQ.

7.5HIGH

CVE-2015-5183

all versions

Console: HTTPOnly and Secure attributes not set on cookies in Red Hat AMQ.

7.5HIGH

CVE-2017-12615

all versions

When running Apache Tomcat 7.0.0 to 7.0.79 on Windows with HTTP PUTs enabled (e.g. via setting the readonly initialisation paramet

8.1HIGH

CVE-2016-6796

all versions

A malicious web application running on Apache Tomcat 9.0.0.M1 to 9.0.0.M9, 8.5.0 to 8.5.4, 8.0.0.RC1 to 8.0.36, 7.0.0 to 7.0.70 an

7.5HIGH

CVE-2016-6797

all versions

The ResourceLinkFactory implementation in Apache Tomcat 9.0.0.M1 to 9.0.0.M9, 8.5.0 to 8.5.4, 8.0.0.RC1 to 8.0.36, 7.0.0 to 7.0.70

7.5HIGH

CVE-2016-6794

all versions

When a SecurityManager is configured, a web application's ability to read system properties should be controlled by the SecurityMa

5.3MEDIUM

CVE-2016-5018

all versions

In Apache Tomcat 9.0.0.M1 to 9.0.0.M9, 8.5.0 to 8.5.4, 8.0.0.RC1 to 8.0.36, 7.0.0 to 7.0.70 and 6.0.0 to 6.0.45 a malicious web ap

9.1CRITICAL

CVE-2016-0762

all versions

The Realm implementations in Apache Tomcat versions 9.0.0.M1 to 9.0.0.M9, 8.5.0 to 8.5.4, 8.0.0.RC1 to 8.0.36, 7.0.0 to 7.0.70 and

5.9MEDIUM

CVE-2017-9788

all versions

In Apache httpd before 2.2.34 and 2.4.x before 2.4.27, the value placeholder in [Proxy-]Authorization headers of type 'Digest' was

9.1CRITICAL

CVE-2016-8735

all versions

Remote code execution is possible with Apache Tomcat before 6.0.48, 7.x before 7.0.73, 8.x before 8.0.39, 8.5.x before 8.5.7, and

9.8CRITICAL

CVE-2016-3110

all versions

mod_cluster, as used in Red Hat JBoss Web Server 2.1, allows remote attackers to cause a denial of service (Apache http server cra

7.5HIGH

CVE-2016-2183

all versions

The DES and Triple DES ciphers, as used in the TLS, SSH, and IPSec protocols and other protocols and products, have a birthday bou

7.5HIGH

CVE-2016-5387

all versions

The Apache HTTP Server through 2.4.23 follows RFC 3875 section 4.1.18 and therefore does not protect applications from the presenc

8.1HIGH

CVE-2014-0224

all versions

OpenSSL before 0.9.8za, 1.0.0 before 1.0.0m, and 1.0.1 before 1.0.1h does not properly restrict processing of ChangeCipherSpec mes

7.4HIGH

CVE-2013-5704

all versions

The mod_headers module in the Apache HTTP Server 2.2.22 allows remote attackers to bypass "RequestHeader unset" directives by plac

CVE-2013-2186

all versions

The DiskFileItem class in Apache Commons FileUpload, as used in Red Hat JBoss BRMS 5.3.1; JBoss Portal 4.3 CP07, 5.2.2, and 6.0.0;

CVE-2013-1976

all versions

The (1) tomcat5, (2) tomcat6, and (3) tomcat7 init scripts, as used in the RPM distribution of Tomcat for JBoss Enterprise Web Ser

CVE-2012-0053

all versions

protocol.c in the Apache HTTP Server 2.2.x through 2.2.21 does not properly restrict header information during construction of Bad

CVE-2012-0031

all versions

scoreboard.c in the Apache HTTP Server 2.2.21 and earlier might allow local users to cause a denial of service (daemon crash durin

CVE-2011-3348

all versions

The mod_proxy_ajp module in the Apache HTTP Server before 2.2.21, when used with mod_proxy_balancer in certain configurations, all