← Back

Jboss Web Framework Kit

jboss_web_framework_kit

Vendor: Redhat • 4 CVEs

CVEs (4)

CVE
VENDORS
PRODUCTS
UPDATED
PUBLISHED
CVSS
CVE-2014-0248
1Redhat
3Jboss Enterprise Application Platform
Jboss Enterprise Web PlatformJboss Web Framework Kit
May 6, 2026
Jul 7, 2014
N/A· v4
N/A· v3
6.8 MEDIUM· v2
org.jboss.seam.web.AuthenticationFilter in Red Hat JBoss Web Framework Kit 2.5.0, JBoss Enterprise Application Platform (JBEAP) 5.2.0, and JBoss Enterprise Web Platform (JBEWP) 5.2.0 allows remote attackers to execute ar...Show more
org.jboss.seam.web.AuthenticationFilter in Red Hat JBoss Web Framework Kit 2.5.0, JBoss Enterprise Application Platform (JBEAP) 5.2.0, and JBoss Enterprise Web Platform (JBEWP) 5.2.0 allows remote attackers to execute arbitrary code via a crafted authentication header, related to Seam logging.Show less
CVE-2014-0149
1Redhat
1Jboss Web Framework Kit
May 6, 2026
May 5, 2014
N/A· v4
N/A· v3
4.3 MEDIUM· v2
Multiple cross-site scripting (XSS) vulnerabilities in Red Hat JBoss Web Framework Kit 2.5.0 allow remote attackers to inject arbitrary web script or HTML via a (1) parameter or (2) id name.
CVE-2014-0086
1Redhat
2Jboss Web Framework Kit
Richfaces
May 6, 2026
Mar 31, 2014
N/A· v4
N/A· v3
4.3 MEDIUM· v2
The doFilter function in webapp/PushHandlerFilter.java in JBoss RichFaces 4.3.4, 4.3.5, and 5.x allows remote attackers to cause a denial of service (memory consumption and out-of-memory error) via a large number of malf...Show more
The doFilter function in webapp/PushHandlerFilter.java in JBoss RichFaces 4.3.4, 4.3.5, and 5.x allows remote attackers to cause a denial of service (memory consumption and out-of-memory error) via a large number of malformed atmosphere push requests.Show less
CVE-2013-2165
1Redhat
8Jboss Enterprise Application Platform
Jboss Enterprise Brms PlatformJboss Enterprise Portal Platform+5 more
Apr 29, 2026
Jul 23, 2013
N/A· v4
N/A· v3
7.5 HIGH· v2
ResourceBuilderImpl.java in the RichFaces 3.x through 5.x implementation in Red Hat JBoss Web Framework Kit before 2.3.0, Red Hat JBoss Web Platform through 5.2.0, Red Hat JBoss Enterprise Application Platform through 4....Show more
ResourceBuilderImpl.java in the RichFaces 3.x through 5.x implementation in Red Hat JBoss Web Framework Kit before 2.3.0, Red Hat JBoss Web Platform through 5.2.0, Red Hat JBoss Enterprise Application Platform through 4.3.0 CP10 and 5.x through 5.2.0, Red Hat JBoss BRMS through 5.3.1, Red Hat JBoss SOA Platform through 4.3.0 CP05 and 5.x through 5.3.1, Red Hat JBoss Portal through 4.3 CP07 and 5.x through 5.2.2, and Red Hat JBoss Operations Network through 2.4.2 and 3.x through 3.1.2 does not restrict the classes for which deserialization methods can be called, which allows remote attackers to execute arbitrary code via crafted serialized data.Show less