Jboss Enterprise Web Platform Red Hat Jboss Enterprise Web Platform

Do you want an email whenever new security vulnerabilities are reported in Red Hat Jboss Enterprise Web Platform?

By the Year

In 2022 there have been 0 vulnerabilities in Red Hat Jboss Enterprise Web Platform . Jboss Enterprise Web Platform did not have any published security vulnerabilities last year.

Year Vulnerabilities Average Score
2022 0 0.00
2021 0 0.00
2020 1 5.90
2019 0 0.00
2018 0 0.00

It may take a day or so for new Jboss Enterprise Web Platform vulnerabilities to show up in the stats or in the list of recent security vulnerabilties. Additionally vulnerabilities may be tagged under a different product or component name.

Recent Red Hat Jboss Enterprise Web Platform Security Vulnerabilities

The implementations of PKCS#1 v1.5 key transport mechanism for XMLEncryption in JBossWS and Apache WSS4J before 1.6.5 is susceptible to a Bleichenbacher attack.

CVE-2011-2487 5.9 - Medium - March 11, 2020

The implementations of PKCS#1 v1.5 key transport mechanism for XMLEncryption in JBossWS and Apache WSS4J before 1.6.5 is susceptible to a Bleichenbacher attack.

Use of a Broken or Risky Cryptographic Algorithm

OpenSSL before 0.9.8za, 1.0.0 before 1.0.0m, and 1.0.1 before 1.0.1h does not properly restrict processing of ChangeCipherSpec messages, which

CVE-2014-0224 7.4 - High - June 05, 2014

OpenSSL before 0.9.8za, 1.0.0 before 1.0.0m, and 1.0.1 before 1.0.1h does not properly restrict processing of ChangeCipherSpec messages, which allows man-in-the-middle attackers to trigger use of a zero-length master key in certain OpenSSL-to-OpenSSL communications, and consequently hijack sessions or obtain sensitive information, via a crafted TLS handshake, aka the "CCS Injection" vulnerability.

Inadequate Encryption Strength

Apache CXF 2.5.x before 2.5.10, 2.6.x before CXF 2.6.7, and 2.7.x before CXF 2.7.4 does not verify

CVE-2012-5575 - August 19, 2013

Apache CXF 2.5.x before 2.5.10, 2.6.x before CXF 2.6.7, and 2.7.x before CXF 2.7.4 does not verify that a specified cryptographic algorithm is allowed by the WS-SecurityPolicy AlgorithmSuite definition before decrypting, which allows remote attackers to force CXF to use weaker cryptographic algorithms than intended and makes it easier to decrypt communications, aka "XML Encryption backwards compatibility attack."

Cryptographic Issues

Stay on top of Security Vulnerabilities

Want an email whenever new vulnerabilities are published for Red Hat Jboss Fuse Esb Enterprise or by Red Hat? Click the Watch button to subscribe.

Red Hat
Vendor

subscribe