MidnightBSD

Advisories for jboss

CVE-2003-0845 HIGH

Unknown vulnerability in the HSQLDB component in JBoss 3.2.1 and 3.0.8 on Java 1.4.x platforms, when running in the default configuration, allows remote attackers to conduct unauthorized activities and possibly execute arbitrary code via certain SQL statements to (1) TCP port 1701 in JBoss 3.2.1, and (2) port 1476 in JBoss 3.0.8.

CVSS 2.0

Severity: HIGH

Problem Type: CWE-89,

Products Affected

Vendor Product Version
jboss jboss 3.2.1
jboss jboss 3.0.8
CVE-2005-2006 MEDIUM

JBOSS 3.2.2 through 3.2.7 and 4.0.2 allows remote attackers to obtain sensitive information via a GET request (1) with a "%." (percent dot), which reveals the installation path or (2) with a % (percent) before a filename, which reveals the contents of the file.

CVSS 2.0

Severity: MEDIUM

Problem Type: NVD-CWE-Other,

Products Affected

Vendor Product Version
jboss jboss 3.2.6
jboss jboss 3.2.3
jboss jboss 3.2.5
jboss jboss 3.2.7
jboss jboss 3.2.2
jboss jboss 3.2.4
jboss jboss 4.0.2
CVE-2005-2158 HIGH

A regression error in the embedded HSQLDB in JBoss jBPM 2.0 allows remote attackers to execute arbitrary comands, a re-introduction of a vulnerability that was originally identified by CVE-2003-0845.

CVSS 2.0

Severity: HIGH

Problem Type: NVD-CWE-Other,

Products Affected

Vendor Product Version
jboss jbpm 2.0
CVE-2014-0170 MEDIUM

Teiid before 8.4.3 and before 8.7 and Red Hat JBoss Data Virtualization 6.0.0 before patch 3 allows remote attackers to read arbitrary files via a crafted request to a REST endpoint, related to an XML External Entity (XXE) issue.

CVSS 2.0

Severity: MEDIUM

Problem Type: NVD-CWE-Other,

Products Affected

Vendor Product Version
jboss teiid 8.4
redhat jboss_data_virtualization *
jboss teiid *
CVE-2016-2094 MEDIUM

The HTTPS NIO Connector allows remote attackers to cause a denial of service (thread consumption) by opening a socket and not sending an SSL handshake, aka a read-timeout vulnerability.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-399,

Products Affected

Vendor Product Version
jboss enterprise_application_platform 6.4.6
CVE-2018-1041 MEDIUM

A vulnerability was found in the way RemoteMessageChannel, introduced in jboss-remoting versions 3.3.10, reads from an empty buffer. An attacker could use this flaw to cause denial of service via high CPU caused by an infinite loop.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-835,CWE-835,

Products Affected

Vendor Product Version
redhat jboss_enterprise_application_platform 6.0.0
redhat jboss_enterprise_application_platform 6.4.0
jboss jboss-remoting 3.3.10