Search
Find a vulnerability
Search criteria
ⓘ
Use this form to refine search results.
Full-text search supports keyword queries with ranking and filtering.
You can combine vendor, product, and sources to narrow results.
Enable “Apply ordering” to sort by date instead of relevance.
10 vulnerabilities found for jboss_application_server by redhat
CVE-2012-1094 (GCVE-0-2012-1094)
Vulnerability from cvelistv5 – Published: 2020-03-10 16:19 – Updated: 2024-08-06 18:45
VLAI
Summary
JBoss AS 7 prior to 7.1.1 and mod_cluster do not handle default hostname in the same way, which can cause the excluded-contexts list to be mismatched and the root context to be exposed.
Severity
No CVSS data available.
CWE
- Other
Assigner
References
2 references
| URL | Tags |
|---|---|
| https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2… | x_refsource_MISC |
| https://access.redhat.com/security/cve/cve-2012-1094 | x_refsource_MISC |
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| n/a | JBoss AS 7 |
Affected:
prior to 7.1.1
|
Date Public
2012-02-04 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T18:45:27.400Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2012-1094"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://access.redhat.com/security/cve/cve-2012-1094"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "JBoss AS 7",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "prior to 7.1.1"
}
]
}
],
"datePublic": "2012-02-04T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "JBoss AS 7 prior to 7.1.1 and mod_cluster do not handle default hostname in the same way, which can cause the excluded-contexts list to be mismatched and the root context to be exposed."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Other",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2020-03-10T16:19:11.000Z",
"orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"shortName": "redhat"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2012-1094"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://access.redhat.com/security/cve/cve-2012-1094"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"assignerShortName": "redhat",
"cveId": "CVE-2012-1094",
"datePublished": "2020-03-10T16:19:11.000Z",
"dateReserved": "2012-02-14T00:00:00.000Z",
"dateUpdated": "2024-08-06T18:45:27.400Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2012-2312 (GCVE-0-2012-2312)
Vulnerability from cvelistv5 – Published: 2019-12-18 17:47 – Updated: 2024-08-06 19:26
VLAI
Summary
An Elevated Privileges issue exists in JBoss AS 7 Community Release due to the improper implementation in the security context propagation, A threat gets reused from the thread pool that still retains the security context from the process last used, which lets a local user obtain elevated privileges.
Severity
No CVSS data available.
CWE
- UNKNOWN_TYPE
Assigner
References
3 references
| URL | Tags |
|---|---|
| https://security-tracker.debian.org/tracker/CVE-2… | x_refsource_MISC |
| https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2… | x_refsource_MISC |
| https://access.redhat.com/security/cve/cve-2012-2312 | x_refsource_MISC |
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| JBoss AS 7 | JBoss |
Affected:
AS 7 Community Release
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T19:26:09.332Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://security-tracker.debian.org/tracker/CVE-2012-2312"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2012-2312"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://access.redhat.com/security/cve/cve-2012-2312"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "JBoss",
"vendor": "JBoss AS 7",
"versions": [
{
"status": "affected",
"version": "AS 7 Community Release"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "An Elevated Privileges issue exists in JBoss AS 7 Community Release due to the improper implementation in the security context propagation, A threat gets reused from the thread pool that still retains the security context from the process last used, which lets a local user obtain elevated privileges."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "UNKNOWN_TYPE",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2019-12-18T17:47:01.000Z",
"orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"shortName": "redhat"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://security-tracker.debian.org/tracker/CVE-2012-2312"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2012-2312"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://access.redhat.com/security/cve/cve-2012-2312"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"assignerShortName": "redhat",
"cveId": "CVE-2012-2312",
"datePublished": "2019-12-18T17:47:01.000Z",
"dateReserved": "2012-04-19T00:00:00.000Z",
"dateUpdated": "2024-08-06T19:26:09.332Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2011-3609 (GCVE-0-2011-3609)
Vulnerability from cvelistv5 – Published: 2019-11-26 02:03 – Updated: 2024-08-06 23:37
VLAI
Summary
A CSRF issue was found in JBoss Application Server 7 before 7.1.0. JBoss did not properly restrict access to the management console information (for example via the "Access-Control-Allow-Origin" HTTP access control flag). This can lead to unauthorized information leak if a user with admin privileges visits a specially-crafted web page provided by a remote attacker.
Severity
No CVSS data available.
CWE
- Cross-Site Request Forgery
Assigner
References
4 references
| URL | Tags |
|---|---|
| https://security-tracker.debian.org/tracker/CVE-2… | x_refsource_MISC |
| https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2… | x_refsource_MISC |
| https://access.redhat.com/security/cve/cve-2011-3609 | x_refsource_MISC |
| https://www.securityfocus.com/bid/50888 | x_refsource_MISC |
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| JBoss Application Server | JBoss Application Server |
Affected:
7 before 7.1.0
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T23:37:48.463Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://security-tracker.debian.org/tracker/CVE-2011-3609"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2011-3609"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://access.redhat.com/security/cve/cve-2011-3609"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.securityfocus.com/bid/50888"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "JBoss Application Server",
"vendor": "JBoss Application Server",
"versions": [
{
"status": "affected",
"version": "7 before 7.1.0"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "A CSRF issue was found in JBoss Application Server 7 before 7.1.0. JBoss did not properly restrict access to the management console information (for example via the \"Access-Control-Allow-Origin\" HTTP access control flag). This can lead to unauthorized information leak if a user with admin privileges visits a specially-crafted web page provided by a remote attacker."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Cross-Site Request Forgery",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2019-11-26T02:03:48.000Z",
"orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"shortName": "redhat"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://security-tracker.debian.org/tracker/CVE-2011-3609"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2011-3609"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://access.redhat.com/security/cve/cve-2011-3609"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.securityfocus.com/bid/50888"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"assignerShortName": "redhat",
"cveId": "CVE-2011-3609",
"datePublished": "2019-11-26T02:03:48.000Z",
"dateReserved": "2011-09-21T00:00:00.000Z",
"dateUpdated": "2024-08-06T23:37:48.463Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2011-3606 (GCVE-0-2011-3606)
Vulnerability from cvelistv5 – Published: 2019-11-26 01:43 – Updated: 2024-08-06 23:37
VLAI
Summary
A DOM based cross-site scripting flaw was found in the JBoss Application Server 7 before 7.1.0 Beta 1 administration console. A remote attacker could provide a specially-crafted web page and trick the valid JBoss AS user, with the administrator privilege, to visit it, which would lead into the DOM environment modification and arbitrary HTML or web script execution.
Severity
No CVSS data available.
CWE
- Cross-Site Scripting
Assigner
References
3 references
| URL | Tags |
|---|---|
| https://security-tracker.debian.org/tracker/CVE-2… | x_refsource_MISC |
| https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2… | x_refsource_MISC |
| https://access.redhat.com/security/cve/cve-2011-3606 | x_refsource_MISC |
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| JBoss Application Server | JBoss Application Server |
Affected:
7 before 7.1.0 Beta 1
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T23:37:48.614Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://security-tracker.debian.org/tracker/CVE-2011-3606"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2011-3606"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://access.redhat.com/security/cve/cve-2011-3606"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "JBoss Application Server",
"vendor": "JBoss Application Server",
"versions": [
{
"status": "affected",
"version": "7 before 7.1.0 Beta 1"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "A DOM based cross-site scripting flaw was found in the JBoss Application Server 7 before 7.1.0 Beta 1 administration console. A remote attacker could provide a specially-crafted web page and trick the valid JBoss AS user, with the administrator privilege, to visit it, which would lead into the DOM environment modification and arbitrary HTML or web script execution."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Cross-Site Scripting",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2019-11-26T01:43:14.000Z",
"orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"shortName": "redhat"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://security-tracker.debian.org/tracker/CVE-2011-3606"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2011-3606"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://access.redhat.com/security/cve/cve-2011-3606"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"assignerShortName": "redhat",
"cveId": "CVE-2011-3606",
"datePublished": "2019-11-26T01:43:14.000Z",
"dateReserved": "2011-09-21T00:00:00.000Z",
"dateUpdated": "2024-08-06T23:37:48.614Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2013-3734 (GCVE-0-2013-3734)
Vulnerability from cvelistv5 – Published: 2017-10-24 15:00 – Updated: 2024-08-06 16:22 Disputed
VLAI
Summary
The Embedded Jopr component in JBoss Application Server includes the cleartext datasource password in unspecified HTML responses, which might allow (1) man-in-the-middle attackers to obtain sensitive information by leveraging failure to use SSL or (2) attackers to obtain sensitive information by reading the HTML source code. NOTE: the vendor says that this does not cross a trust boundary and that it is recommended best-practice that SSL is configured for the administrative console
Severity
No CVSS data available.
CWE
- n/a
Assigner
References
3 references
| URL | Tags |
|---|---|
| https://www.halock.com/blog/cve-2013-3734-jboss-a… | x_refsource_MISC |
| http://www.securityfocus.com/bid/60429 | vdb-entryx_refsource_BID |
| https://bugzilla.redhat.com/show_bug.cgi?id=971637 | x_refsource_MISC |
Date Public
2003-06-02 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T16:22:00.733Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.halock.com/blog/cve-2013-3734-jboss-administration-console-password-returned-response/"
},
{
"name": "60429",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/60429"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=971637"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2003-06-02T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "The Embedded Jopr component in JBoss Application Server includes the cleartext datasource password in unspecified HTML responses, which might allow (1) man-in-the-middle attackers to obtain sensitive information by leveraging failure to use SSL or (2) attackers to obtain sensitive information by reading the HTML source code. NOTE: the vendor says that this does not cross a trust boundary and that it is recommended best-practice that SSL is configured for the administrative console"
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-10-24T14:57:02.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.halock.com/blog/cve-2013-3734-jboss-administration-console-password-returned-response/"
},
{
"name": "60429",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/60429"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=971637"
}
],
"tags": [
"disputed"
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2013-3734",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** DISPUTED ** The Embedded Jopr component in JBoss Application Server includes the cleartext datasource password in unspecified HTML responses, which might allow (1) man-in-the-middle attackers to obtain sensitive information by leveraging failure to use SSL or (2) attackers to obtain sensitive information by reading the HTML source code. NOTE: the vendor says that this does not cross a trust boundary and that it is recommended best-practice that SSL is configured for the administrative console."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.halock.com/blog/cve-2013-3734-jboss-administration-console-password-returned-response/",
"refsource": "MISC",
"url": "https://www.halock.com/blog/cve-2013-3734-jboss-administration-console-password-returned-response/"
},
{
"name": "60429",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/60429"
},
{
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=971637",
"refsource": "MISC",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=971637"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2013-3734",
"datePublished": "2017-10-24T15:00:00.000Z",
"dateReserved": "2013-05-31T00:00:00.000Z",
"dateUpdated": "2024-08-06T16:22:00.733Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2012-1094 (GCVE-0-2012-1094)
Vulnerability from nvd – Published: 2020-03-10 16:19 – Updated: 2024-08-06 18:45
VLAI
Summary
JBoss AS 7 prior to 7.1.1 and mod_cluster do not handle default hostname in the same way, which can cause the excluded-contexts list to be mismatched and the root context to be exposed.
Severity
No CVSS data available.
CWE
- Other
Assigner
References
2 references
| URL | Tags |
|---|---|
| https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2… | x_refsource_MISC |
| https://access.redhat.com/security/cve/cve-2012-1094 | x_refsource_MISC |
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| n/a | JBoss AS 7 |
Affected:
prior to 7.1.1
|
Date Public
2012-02-04 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T18:45:27.400Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2012-1094"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://access.redhat.com/security/cve/cve-2012-1094"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "JBoss AS 7",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "prior to 7.1.1"
}
]
}
],
"datePublic": "2012-02-04T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "JBoss AS 7 prior to 7.1.1 and mod_cluster do not handle default hostname in the same way, which can cause the excluded-contexts list to be mismatched and the root context to be exposed."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Other",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2020-03-10T16:19:11.000Z",
"orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"shortName": "redhat"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2012-1094"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://access.redhat.com/security/cve/cve-2012-1094"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"assignerShortName": "redhat",
"cveId": "CVE-2012-1094",
"datePublished": "2020-03-10T16:19:11.000Z",
"dateReserved": "2012-02-14T00:00:00.000Z",
"dateUpdated": "2024-08-06T18:45:27.400Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2012-2312 (GCVE-0-2012-2312)
Vulnerability from nvd – Published: 2019-12-18 17:47 – Updated: 2024-08-06 19:26
VLAI
Summary
An Elevated Privileges issue exists in JBoss AS 7 Community Release due to the improper implementation in the security context propagation, A threat gets reused from the thread pool that still retains the security context from the process last used, which lets a local user obtain elevated privileges.
Severity
No CVSS data available.
CWE
- UNKNOWN_TYPE
Assigner
References
3 references
| URL | Tags |
|---|---|
| https://security-tracker.debian.org/tracker/CVE-2… | x_refsource_MISC |
| https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2… | x_refsource_MISC |
| https://access.redhat.com/security/cve/cve-2012-2312 | x_refsource_MISC |
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| JBoss AS 7 | JBoss |
Affected:
AS 7 Community Release
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T19:26:09.332Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://security-tracker.debian.org/tracker/CVE-2012-2312"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2012-2312"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://access.redhat.com/security/cve/cve-2012-2312"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "JBoss",
"vendor": "JBoss AS 7",
"versions": [
{
"status": "affected",
"version": "AS 7 Community Release"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "An Elevated Privileges issue exists in JBoss AS 7 Community Release due to the improper implementation in the security context propagation, A threat gets reused from the thread pool that still retains the security context from the process last used, which lets a local user obtain elevated privileges."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "UNKNOWN_TYPE",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2019-12-18T17:47:01.000Z",
"orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"shortName": "redhat"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://security-tracker.debian.org/tracker/CVE-2012-2312"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2012-2312"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://access.redhat.com/security/cve/cve-2012-2312"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"assignerShortName": "redhat",
"cveId": "CVE-2012-2312",
"datePublished": "2019-12-18T17:47:01.000Z",
"dateReserved": "2012-04-19T00:00:00.000Z",
"dateUpdated": "2024-08-06T19:26:09.332Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2011-3609 (GCVE-0-2011-3609)
Vulnerability from nvd – Published: 2019-11-26 02:03 – Updated: 2024-08-06 23:37
VLAI
Summary
A CSRF issue was found in JBoss Application Server 7 before 7.1.0. JBoss did not properly restrict access to the management console information (for example via the "Access-Control-Allow-Origin" HTTP access control flag). This can lead to unauthorized information leak if a user with admin privileges visits a specially-crafted web page provided by a remote attacker.
Severity
No CVSS data available.
CWE
- Cross-Site Request Forgery
Assigner
References
4 references
| URL | Tags |
|---|---|
| https://security-tracker.debian.org/tracker/CVE-2… | x_refsource_MISC |
| https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2… | x_refsource_MISC |
| https://access.redhat.com/security/cve/cve-2011-3609 | x_refsource_MISC |
| https://www.securityfocus.com/bid/50888 | x_refsource_MISC |
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| JBoss Application Server | JBoss Application Server |
Affected:
7 before 7.1.0
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T23:37:48.463Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://security-tracker.debian.org/tracker/CVE-2011-3609"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2011-3609"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://access.redhat.com/security/cve/cve-2011-3609"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.securityfocus.com/bid/50888"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "JBoss Application Server",
"vendor": "JBoss Application Server",
"versions": [
{
"status": "affected",
"version": "7 before 7.1.0"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "A CSRF issue was found in JBoss Application Server 7 before 7.1.0. JBoss did not properly restrict access to the management console information (for example via the \"Access-Control-Allow-Origin\" HTTP access control flag). This can lead to unauthorized information leak if a user with admin privileges visits a specially-crafted web page provided by a remote attacker."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Cross-Site Request Forgery",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2019-11-26T02:03:48.000Z",
"orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"shortName": "redhat"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://security-tracker.debian.org/tracker/CVE-2011-3609"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2011-3609"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://access.redhat.com/security/cve/cve-2011-3609"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.securityfocus.com/bid/50888"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"assignerShortName": "redhat",
"cveId": "CVE-2011-3609",
"datePublished": "2019-11-26T02:03:48.000Z",
"dateReserved": "2011-09-21T00:00:00.000Z",
"dateUpdated": "2024-08-06T23:37:48.463Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2011-3606 (GCVE-0-2011-3606)
Vulnerability from nvd – Published: 2019-11-26 01:43 – Updated: 2024-08-06 23:37
VLAI
Summary
A DOM based cross-site scripting flaw was found in the JBoss Application Server 7 before 7.1.0 Beta 1 administration console. A remote attacker could provide a specially-crafted web page and trick the valid JBoss AS user, with the administrator privilege, to visit it, which would lead into the DOM environment modification and arbitrary HTML or web script execution.
Severity
No CVSS data available.
CWE
- Cross-Site Scripting
Assigner
References
3 references
| URL | Tags |
|---|---|
| https://security-tracker.debian.org/tracker/CVE-2… | x_refsource_MISC |
| https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2… | x_refsource_MISC |
| https://access.redhat.com/security/cve/cve-2011-3606 | x_refsource_MISC |
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| JBoss Application Server | JBoss Application Server |
Affected:
7 before 7.1.0 Beta 1
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T23:37:48.614Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://security-tracker.debian.org/tracker/CVE-2011-3606"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2011-3606"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://access.redhat.com/security/cve/cve-2011-3606"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "JBoss Application Server",
"vendor": "JBoss Application Server",
"versions": [
{
"status": "affected",
"version": "7 before 7.1.0 Beta 1"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "A DOM based cross-site scripting flaw was found in the JBoss Application Server 7 before 7.1.0 Beta 1 administration console. A remote attacker could provide a specially-crafted web page and trick the valid JBoss AS user, with the administrator privilege, to visit it, which would lead into the DOM environment modification and arbitrary HTML or web script execution."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Cross-Site Scripting",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2019-11-26T01:43:14.000Z",
"orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"shortName": "redhat"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://security-tracker.debian.org/tracker/CVE-2011-3606"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2011-3606"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://access.redhat.com/security/cve/cve-2011-3606"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"assignerShortName": "redhat",
"cveId": "CVE-2011-3606",
"datePublished": "2019-11-26T01:43:14.000Z",
"dateReserved": "2011-09-21T00:00:00.000Z",
"dateUpdated": "2024-08-06T23:37:48.614Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2013-3734 (GCVE-0-2013-3734)
Vulnerability from nvd – Published: 2017-10-24 15:00 – Updated: 2024-08-06 16:22 Disputed
VLAI
Summary
The Embedded Jopr component in JBoss Application Server includes the cleartext datasource password in unspecified HTML responses, which might allow (1) man-in-the-middle attackers to obtain sensitive information by leveraging failure to use SSL or (2) attackers to obtain sensitive information by reading the HTML source code. NOTE: the vendor says that this does not cross a trust boundary and that it is recommended best-practice that SSL is configured for the administrative console
Severity
No CVSS data available.
CWE
- n/a
Assigner
References
3 references
| URL | Tags |
|---|---|
| https://www.halock.com/blog/cve-2013-3734-jboss-a… | x_refsource_MISC |
| http://www.securityfocus.com/bid/60429 | vdb-entryx_refsource_BID |
| https://bugzilla.redhat.com/show_bug.cgi?id=971637 | x_refsource_MISC |
Date Public
2003-06-02 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T16:22:00.733Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.halock.com/blog/cve-2013-3734-jboss-administration-console-password-returned-response/"
},
{
"name": "60429",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/60429"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=971637"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2003-06-02T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "The Embedded Jopr component in JBoss Application Server includes the cleartext datasource password in unspecified HTML responses, which might allow (1) man-in-the-middle attackers to obtain sensitive information by leveraging failure to use SSL or (2) attackers to obtain sensitive information by reading the HTML source code. NOTE: the vendor says that this does not cross a trust boundary and that it is recommended best-practice that SSL is configured for the administrative console"
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-10-24T14:57:02.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.halock.com/blog/cve-2013-3734-jboss-administration-console-password-returned-response/"
},
{
"name": "60429",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/60429"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=971637"
}
],
"tags": [
"disputed"
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2013-3734",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** DISPUTED ** The Embedded Jopr component in JBoss Application Server includes the cleartext datasource password in unspecified HTML responses, which might allow (1) man-in-the-middle attackers to obtain sensitive information by leveraging failure to use SSL or (2) attackers to obtain sensitive information by reading the HTML source code. NOTE: the vendor says that this does not cross a trust boundary and that it is recommended best-practice that SSL is configured for the administrative console."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.halock.com/blog/cve-2013-3734-jboss-administration-console-password-returned-response/",
"refsource": "MISC",
"url": "https://www.halock.com/blog/cve-2013-3734-jboss-administration-console-password-returned-response/"
},
{
"name": "60429",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/60429"
},
{
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=971637",
"refsource": "MISC",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=971637"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2013-3734",
"datePublished": "2017-10-24T15:00:00.000Z",
"dateReserved": "2013-05-31T00:00:00.000Z",
"dateUpdated": "2024-08-06T16:22:00.733Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}