WEB APPLICATION VULNERABILITIES Standard & Premium

Jboss EAP Permissions, Privileges, and Access Controls Vulnerability (CVE-2015-5304)

Description

Red Hat JBoss Enterprise Application Platform (EAP) before 6.4.5 does not properly authorize access to shut down the server, which allows remote authenticated users with the Monitor, Deployer, or Auditor role to cause a denial of service via unspecified vectors.

Remediation

References

Related Vulnerabilities

IBM RTC Exposure of Sensitive Information to an Unauthorized Actor Vulnerability (CVE-2017-1734)

WebLogic Deserialization of Untrusted Data Vulnerability (CVE-2022-23307)

WordPress Multiple Cross-Site Scripting Vulnerabilities (2.0 - 2.0.1)

OpenSSL Excessive Iteration Vulnerability (CVE-2023-3817)

Oracle JRE CVE-2023-22081 Vulnerability (CVE-2023-22081)

Severity

Low

Classification

CVE-2015-5304 CWE-264

Tags

Missing Update Known Vulnerabilities