| Max CVSS | 6.8 | Min CVSS | 1.9 | Total Count | 2 |
| ID | CVSS | Summary | Last (major) update | Published | |
| CVE-2013-2172 | 4.3 |
jcp/xml/dsig/internal/dom/DOMCanonicalizationMethod.java in Apache Santuario XML Security for Java 1.4.x before 1.4.8 and 1.5.x before 1.5.5 allows context-dependent attackers to spoof an XML Signature by using the CanonicalizationMethod parameter to
|
18-04-2023 - 19:06 | 20-08-2013 - 22:55 | |
| CVE-2012-5575 | 6.4 |
Apache CXF 2.5.x before 2.5.10, 2.6.x before CXF 2.6.7, and 2.7.x before CXF 2.7.4 does not verify that a specified cryptographic algorithm is allowed by the WS-SecurityPolicy AlgorithmSuite definition before decrypting, which allows remote attackers
|
13-02-2023 - 04:37 | 19-08-2013 - 23:55 | |
| CVE-2011-1096 | 5.0 |
The W3C XML Encryption Standard, as used in the JBoss Web Services (JBossWS) component in JBoss Enterprise Portal Platform before 5.2.2 and other products, when using block ciphers in cipher-block chaining (CBC) mode, allows remote attackers to obtai
|
13-02-2023 - 01:18 | 23-11-2012 - 20:55 | |
| CVE-2013-2160 | 5.0 |
The streaming XML parser in Apache CXF 2.5.x before 2.5.10, 2.6.x before 2.6.7, and 2.7.x before 2.7.4 allows remote attackers to cause a denial of service (CPU and memory consumption) via crafted XML with a large number of (1) elements, (2) attribut
|
16-06-2021 - 12:15 | 19-08-2013 - 23:55 | |
| CVE-2013-2067 | 6.8 |
java/org/apache/catalina/authenticator/FormAuthenticator.java in the form authentication feature in Apache Tomcat 6.0.21 through 6.0.36 and 7.x before 7.0.33 does not properly handle the relationships between authentication requirements and sessions,
|
15-04-2019 - 16:29 | 01-06-2013 - 14:21 | |
| CVE-2012-4431 | 4.3 |
org/apache/catalina/filters/CsrfPreventionFilter.java in Apache Tomcat 6.x before 6.0.36 and 7.x before 7.0.32 allows remote attackers to bypass the cross-site request forgery (CSRF) protection mechanism via a request that lacks a session identifier.
|
19-09-2017 - 01:35 | 19-12-2012 - 11:55 | |
| CVE-2013-4213 | 6.4 |
Red Hat JBoss Enterprise Application Platform (EAP) 6.1.0 does not properly cache EJB invocations by the EJB client API, which allows remote attackers to hijack sessions by using an EJB client.
|
29-08-2017 - 01:33 | 16-08-2013 - 16:55 | |
| CVE-2013-4128 | 6.4 |
Red Hat JBoss Enterprise Application Platform (EAP) 6.1.0 does not properly cache EJB invocations by remote-naming, which allows remote attackers to hijack sessions by using a remoting client.
|
29-08-2017 - 01:33 | 16-08-2013 - 16:55 | |
| CVE-2013-4112 | 5.4 |
The DiagnosticsHandler in JGroup 3.0.x, 3.1.x, 3.2.x before 3.2.9, and 3.3.x before 3.3.3 allows remote attackers to obtain sensitive information (diagnostic information) and execute arbitrary code by reusing valid credentials.
|
08-03-2014 - 05:09 | 28-09-2013 - 19:55 | |
| CVE-2013-1921 | 1.9 |
PicketBox, as used in Red Hat JBoss Enterprise Application Platform before 6.1.1, allows local users to obtain the admin encryption key by reading the Vault data file.
|
08-03-2014 - 05:05 | 28-09-2013 - 19:55 | |
| CVE-2012-4529 | 4.3 |
The org.apache.catalina.connector.Response.encodeURL method in Red Hat JBoss Web 7.1.x and earlier, when the tracking mode is set to COOKIE, sends the jsessionid in the URL of the first response of a session, which allows remote attackers to obtain t
|
30-10-2013 - 14:49 | 28-10-2013 - 21:55 | |
| CVE-2012-4572 | 3.7 |
Red Hat JBoss Enterprise Application Platform (EAP) before 6.1.0 and JBoss Portal before 6.1.0 does not load the implementation of a custom authorization module for a new application when an implementation is already loaded and the modules share clas
|
30-10-2013 - 14:47 | 28-10-2013 - 21:55 | |
| CVE-2013-2102 | 3.3 |
The default configuration of Red Hat JBoss Portal before 6.1.0 enables the JGroups diagnostics service with no authentication when a JGroups channel is started, which allows remote attackers to obtain sensitive information (diagnostics) by accessing
|
30-10-2013 - 14:46 | 28-10-2013 - 21:55 |