Jboss application server
This hub aggregates every CVE we track for Jboss application server, a product in the operating systems space. Use it to gauge the current risk picture and drill into individual advisories.
Operating Systemson-prem
8
CVEs tracked
0
Critical
4
High
0
In CISA KEV
Severity distribution
HIGH4MEDIUM4
Monthly trend
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
2024-082026-07
Latest CVEs
The 8 most recently published vulnerabilities affecting Jboss application server.
- CVE-2012-1094JBoss AS 7 prior to 7.1.1 and mod_cluster do not handle default hostname in the same way, which can cause the excluded-contexts list to be mismatched and the root context to be exposed.7.5
- CVE-2012-2312An Elevated Privileges issue exists in JBoss AS 7 Community Release due to the improper implementation in the security context propagation, A threat gets reused from the thread pool that still reta...7.8
- CVE-2011-3609A CSRF issue was found in JBoss Application Server 7 before 7.1.0. JBoss did not properly restrict access to the management console information (for example via the "Access-Control-Allow-Origin" HT...6.5
- CVE-2011-3606A DOM based cross-site scripting flaw was found in the JBoss Application Server 7 before 7.1.0 Beta 1 administration console. A remote attacker could provide a specially-crafted web page and trick ...5.4
- CVE-2013-3734The Embedded Jopr component in JBoss Application Server includes the cleartext datasource password in unspecified HTML responses, which might allow (1) man-in-the-middle attackers to obtain sensiti...6.6
- CVE-2007-1354The Access Control functionality (JMXOpsAccessControlFilter) in JMX Console in JBoss Application Server 4.0.2 and 4.0.5 before 20070416 uses a member variable to store the roles of the current user...6.0
- CVE-2007-1036The default configuration of JBoss does not restrict access to the (1) console and (2) web management interfaces, which allows remote attackers to bypass authentication and gain administrative acce...7.5
- CVE-2006-5750Directory traversal vulnerability in the DeploymentFileRepository class in JBoss Application Server (jbossas) 3.2.4 through 4.0.5 allows remote authenticated users to read or modify arbitrary files...7.5
Product normalization is registry-driven with AI assist and human review. How it works