Redhat » Jboss Community Application Server : Security Vulnerabilities, CVEs,
twiddle.sh in JBoss AS 5.0 and EAP 5.0 and earlier accepts credentials as command-line arguments, which allows local users to read the credentials by listing the process and its arguments.
Max CVSS
2.1
EPSS Score
0.04%
Published
2012-08-13
Updated
2015-01-18
An issue exists in the property replacements feature in any descriptor in JBoxx AS 7.1.1 ignores java security policies
Max CVSS
3.3
EPSS Score
0.05%
Published
2019-12-06
Updated
2019-12-16
The org.apache.catalina.connector.Response.encodeURL method in Red Hat JBoss Web 7.1.x and earlier, when the tracking mode is set to COOKIE, sends the jsessionid in the URL of the first response of a session, which allows remote attackers to obtain the session id (1) via a man-in-the-middle attack or (2) by reading a log.
Max CVSS
4.3
EPSS Score
0.28%
Published
2013-10-28
Updated
2013-10-30
3 vulnerabilities found