This CPE summary could be partial or incomplete. Please contact us for a detailed listing.

Summary

Detail
Vendor Jboss First view 2013-03-15
Product Jboss Enterprise Application Server Last view 2015-03-31
Version * Type Application
Update *  
Edition *  
Language *  
Sofware Edition *  
Target Software *  
Target Hardware *  
Other *  
 
CPE Product cpe:2.3:a:jboss:jboss_enterprise_application_server

Activity : Overall

Related : CVE

  Date Alert Description
4.3 2015-03-31 CVE-2015-2808

The RC4 algorithm, as used in the TLS protocol and SSL protocol, does not properly combine state data with key data during the initialization phase, which makes it easier for remote attackers to conduct plaintext-recovery attacks against the initial bytes of a stream by sniffing network traffic that occasionally relies on keys affected by the Invariance Weakness, and then using a brute-force approach involving LSB values, aka the "Bar Mitzvah" issue.

5.9 2013-03-15 CVE-2013-2566

The RC4 algorithm, as used in the TLS protocol and SSL protocol, has many single-byte biases, which makes it easier for remote attackers to conduct plaintext-recovery attacks via statistical analysis of ciphertext in a large number of sessions that use the same plaintext.

CWE : Common Weakness Enumeration

%idName
100% (2) CWE-310 Cryptographic Issues

Information Assurance Vulnerability Management (IAVM)

id Description
2015-A-0158 Multiple Vulnerabilities in Oracle Java SE
Severity: Category I - VMSKEY: V0061089
2013-A-0220 Multiple Vulnerabilities in Mozilla Products
Severity: Category I - VMSKEY: V0042380

Snort® IPS/IDS

Date Description
2017-04-12 SSL/TLS weak RC4 cipher suite use attempt
RuleID : 41907 - Type : POLICY-OTHER - Revision : 3
2017-04-06 SSLv3 Client Hello attempt
RuleID : 41807 - Type : POLICY-OTHER - Revision : 3
2016-04-05 SSL/TLS weak RC4 cipher suite use attempt
RuleID : 37916 - Type : POLICY-OTHER - Revision : 3
2016-04-05 SSL/TLS weak RC4 cipher suite use attempt
RuleID : 37915 - Type : POLICY-OTHER - Revision : 3
2016-04-05 SSL/TLS weak RC4 cipher suite use attempt
RuleID : 37914 - Type : POLICY-OTHER - Revision : 3
2016-04-05 SSL/TLS weak RC4 cipher suite use attempt
RuleID : 37913 - Type : POLICY-OTHER - Revision : 3
2016-04-05 SSL/TLS weak RC4 cipher suite use attempt
RuleID : 37912 - Type : POLICY-OTHER - Revision : 3
2016-03-14 SSL/TLS weak RC4 cipher suite use attempt
RuleID : 37026 - Type : POLICY-OTHER - Revision : 4
2016-03-14 SSL/TLS weak RC4 cipher suite use attempt
RuleID : 37025 - Type : POLICY-OTHER - Revision : 4

Nessus® Vulnerability Scanner

This CPE have more than 25 Relations. If you want to see a complete summary for this CPE, please contact us.
id Description
2017-12-04 Name: The remote host is missing a vendor-supplied security patch.
File: check_point_gaia_sk106499.nasl - Type: ACT_GATHER_INFO
2016-07-25 Name: The remote web server is affected by multiple vulnerabilities.
File: oracle_http_server_cpu_jul_2016.nasl - Type: ACT_GATHER_INFO
2016-07-14 Name: A video conferencing application running on the remote host is affected by mu...
File: cisco_telepresence_vcs_multiple_880.nasl - Type: ACT_GATHER_INFO
2016-06-23 Name: The remote device is affected by multiple vulnerabilities.
File: juniper_space_jsa10727.nasl - Type: ACT_GATHER_INFO
2016-06-16 Name: The remote host is affected by a security feature bypass vulnerability.
File: ibm_storwize_cve_2015_2808.nasl - Type: ACT_GATHER_INFO
2016-04-29 Name: The remote host is affected by multiple vulnerabilities.
File: hp_data_protector_hpsbgn03580.nasl - Type: ACT_GATHER_INFO
2016-02-29 Name: The remote AIX host is missing a vendor-supplied security patch.
File: aix_U867669.nasl - Type: ACT_GATHER_INFO
2016-01-14 Name: The remote SUSE host is missing one or more security updates.
File: suse_SU-2016-0113-1.nasl - Type: ACT_GATHER_INFO
2016-01-06 Name: The remote database server is affected by multiple vulnerabilities.
File: db2_105fp7_nix.nasl - Type: ACT_GATHER_INFO
2016-01-06 Name: The remote database server is affected by multiple vulnerabilities.
File: db2_105fp7_win.nasl - Type: ACT_GATHER_INFO
2016-01-04 Name: The remote Gentoo host is missing one or more security-related patches.
File: gentoo_GLSA-201512-10.nasl - Type: ACT_GATHER_INFO
2015-12-21 Name: The remote web server is affected by a security feature bypass vulnerability.
File: ibm_http_server_bar_mitzvah.nasl - Type: ACT_GATHER_INFO
2015-12-07 Name: The remote web server hosts a web application that is potentially affected by...
File: jira_6_4_10.nasl - Type: ACT_GATHER_INFO
2015-12-04 Name: The remote AIX host is missing a vendor-supplied security patch.
File: aix_U863668.nasl - Type: ACT_GATHER_INFO
2015-12-03 Name: The remote SUSE host is missing one or more security updates.
File: suse_SU-2015-2166-1.nasl - Type: ACT_GATHER_INFO
2015-10-23 Name: The remote web server is affected by multiple vulnerabilities.
File: oracle_http_server_cpu_oct_2015.nasl - Type: ACT_GATHER_INFO
2015-09-18 Name: The remote device is missing a vendor-supplied security patch.
File: f5_bigip_SOL16864.nasl - Type: ACT_GATHER_INFO
2015-09-18 Name: The remote database server is affected by multiple vulnerabilities.
File: db2_105fp6.nasl - Type: ACT_GATHER_INFO
2015-09-09 Name: The remote SUSE host is missing one or more security updates.
File: suse_SU-2015-1509-1.nasl - Type: ACT_GATHER_INFO
2015-08-31 Name: The remote Debian host is missing a security update.
File: debian_DLA-303.nasl - Type: ACT_GATHER_INFO
2015-08-26 Name: The remote Amazon Linux AMI host is missing a security update.
File: ala_ALAS-2015-586.nasl - Type: ACT_GATHER_INFO
2015-08-24 Name: The remote Debian host is missing a security-related update.
File: debian_DSA-3339.nasl - Type: ACT_GATHER_INFO
2015-08-13 Name: The remote SUSE host is missing one or more security updates.
File: suse_SU-2015-1375-1.nasl - Type: ACT_GATHER_INFO
2015-08-07 Name: The remote Ubuntu host is missing one or more security-related patches.
File: ubuntu_USN-2706-1.nasl - Type: ACT_GATHER_INFO
2015-08-04 Name: The remote SUSE host is missing one or more security updates.
File: suse_SU-2015-1331-1.nasl - Type: ACT_GATHER_INFO