Known Vulnerabilities for products from Jboss
Listed below are 14 of the newest known vulnerabilities associated with the vendor "Jboss".
These CVEs are retrieved based on exact matches on listed vendor information (CPE data) as well as a keyword search to ensure the newest vulnerabilities with no officially listed vendor information are still displayed.
Data on known vulnerable products is also displayed based on information from known CPEs, each product links to its respective vulnerability page.
Known Vulnerabilities
| CVE | Shortened Description | Severity | Publish Date | Last Modified |
|---|---|---|---|---|
| CVE-2018-1041 | A vulnerability was found in the way RemoteMessageChannel, introduced in jboss-remoting versions 3.3.10, reads from an empty ... | 7.5 - HIGH | 2018-02-15 | 2019-10-09 |
| CVE-2016-2094 | The HTTPS NIO Connector allows remote attackers to cause a denial of service (thread consumption) by opening a socket and not... | 7.5 - HIGH | 2016-05-06 | 2016-05-10 |
| CVE-2014-0170 | Teiid before 8.4.3 and before 8.7 and Red Hat JBoss Data Virtualization 6.0.0 before patch 3 allows remote attackers to read ... | 4.3 - MEDIUM | 2014-09-30 | 2017-08-29 |
| CVE-2012-3428 | The IronJacamar container before 1.0.12.Final for JBoss Application Server, when allow-multiple-users is enabled in conjuncti... | 4.3 - MEDIUM | 2012-12-20 | 2013-01-08 |
| CVE-2008-3273 | JBoss Enterprise Application Platform (aka JBossEAP or EAP) before 4.2.0.CP03, and 4.3.0 before 4.3.0.CP01, allows remote att... | 5 - MEDIUM | 2008-08-10 | 2017-08-08 |
| CVE-2007-6433 | The getRenderedEjbql method in the org.jboss.seam.framework.Query class in JBoss Seam 2.x before 2.0.0.CR3 allows remote atta... | 7.5 - HIGH | 2007-12-18 | 2011-03-08 |
| CVE-2007-1354 | The Access Control functionality (JMXOpsAccessControlFilter) in JMX Console in JBoss Application Server 4.0.2 and 4.0.5 befor... | 6 - MEDIUM | 2007-07-27 | 2008-11-13 |
| CVE-2007-1157 | Cross-site request forgery (CSRF) vulnerability in jmx-console/HtmlAdaptor in JBoss allows remote attackers to perform privil... | 7.6 - HIGH | 2007-03-02 | 2018-10-16 |
| CVE-2007-1036 | The default configuration of JBoss does not restrict access to the (1) console and (2) web management interfaces, which allow... | 7.5 - HIGH | 2007-02-21 | 2018-10-16 |
| CVE-2006-5750 | Directory traversal vulnerability in the DeploymentFileRepository class in JBoss Application Server (jbossas) 3.2.4 through 4... | 7.5 - HIGH | 2006-11-27 | 2018-10-17 |
| CVE-2005-4709 | The popSubjectContext method in the SecurityAssociation class in JBoss Enterprise Java Beans (EJB) 3.0 RC3 maintains the thre... | 5 - MEDIUM | 2005-12-31 | 2017-07-20 |
| CVE-2005-2158 | A regression error in the embedded HSQLDB in JBoss jBPM 2.0 allows remote attackers to execute arbitrary comands, a re-introd... | 7.5 - HIGH | 2005-07-06 | 2016-10-18 |
| CVE-2005-2006 | JBOSS 3.2.2 through 3.2.7 and 4.0.2 allows remote attackers to obtain sensitive information via a GET request (1) with a "%."... | 5 - MEDIUM | 2005-06-17 | 2018-10-19 |
| CVE-2003-0845 | Unknown vulnerability in the HSQLDB component in JBoss 3.2.1 and 3.0.8 on Java 1.4.x platforms, when running in the default c... | 7.5 - HIGH | 2003-11-17 | 2020-03-24 |
Known software with vulnerabilities from Jboss
| Type | Vendor | Product | Version |
|---|---|---|---|
| Application | Jboss | Jboss | 3.0.8 |