Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
jboss wildfly application server vulnerabilities and exploits
(subscribe to this query)
5
CVSSv2
CVE-2016-9589
Undertow in Red Hat wildfly before version 11.0.0.Beta1 is vulnerable to a resource exhaustion resulting in a denial of service. Undertow keeps a cache of seen HTTP headers in persistent connections. It was found that this cache can easily exploited to fill memory with garbage, u...
Redhat Jboss Wildfly Application Server 11.0.0
Redhat Jboss Wildfly Application Server
5
CVSSv2
CVE-2015-3198
The Undertow module of WildFly 9.x prior to 9.0.0.CR2 and 10.x prior to 10.0.0.Alpha1 allows remote malicious users to obtain the source code of a JSP page via a "/" at the end of a URL.
Redhat Jboss Wildfly Application Server 9.0.0
7.1
CVSSv2
CVE-2020-27822
A flaw was found in Wildfly affecting versions 19.0.0.Final, 19.1.0.Final, 20.0.0.Final, 20.0.1.Final, and 21.0.0.Final. When an application uses the OpenTracing API's java-interceptors, there is a possibility of a memory leak. This flaw allows an malicious user to impact th...
Redhat Wildfly 19.0.0
Redhat Wildfly 19.1.0
Redhat Wildfly 20.0.0
Redhat Wildfly 20.0.1
Redhat Wildfly 21.0.0
4
CVSSv2
CVE-2019-14838
A flaw was found in wildfly-core prior to 7.2.5.GA. The Management users with Monitor, Auditor and Deployer Roles should not be allowed to modify the runtime state of the server
Redhat Wildfly Core 7.0.0
Redhat Jboss Enterprise Application Platform 7.2.0
Redhat Jboss Enterprise Application Platform 7.2.5
Redhat Jboss Enterprise Application Platform 7.3.0
Redhat Single Sign-on 7.3.5
Redhat Data Grid 7.3.4
Redhat Jboss Enterprise Application Platform 7.2.4
1 Github repository
4
CVSSv2
CVE-2014-7853
The JBoss Application Server (WildFly) JacORB subsystem in Red Hat JBoss Enterprise Application Platform (EAP) prior to 6.3.3 does not properly assign socket-binding-ref sensitivity classification to the security-domain attribute, which allows remote authenticated users to obtain...
Redhat Jboss Operations Network 3.3.1
Redhat Jboss Enterprise Application Platform
4
CVSSv2
CVE-2021-20250
A flaw was found in wildfly. The JBoss EJB client has publicly accessible privileged actions which may lead to information disclosure on the server it is deployed on. The highest threat from this vulnerability is to data confidentiality.
Redhat Jboss Enterprise Application Platform Expansion Pack -
Redhat Jboss-ejb-client
4.3
CVSSv2
CVE-2021-3629
A flaw was found in Undertow. A potential security issue in flow control handling by the browser over http/2 may potentially cause overhead or a denial of service in the server. The highest threat from this vulnerability is availability. This flaw affects Undertow versions before...
Redhat Single Sign-on -
Redhat Jboss Enterprise Application Platform -
Redhat Wildfly Core
Redhat Integration -
Redhat Undertow
Redhat Jboss Enterprise Application Platform 7.4
Redhat Jboss Enterprise Application Platform 7.3
Netapp Oncommand Workflow Automation -
Netapp Oncommand Insight -
Netapp Active Iq Unified Manager -
6.5
CVSSv2
CVE-2019-14843
A flaw was found in Wildfly Security Manager, running under JDK 11 or 8, that authorized requests for any requester. This flaw could be used by a malicious app deployed on the app server to access unauthorized information and possibly conduct further attacks. Versions shipped wit...
Redhat Single Sign-on 7.3
Redhat Jboss Enterprise Application Platform 7.2.0
Redhat Single Sign-on -
1 Github repository
5
CVSSv2
CVE-2016-0793
Incomplete blacklist vulnerability in the servlet filter restriction mechanism in WildFly (formerly JBoss Application Server) prior to 10.0.0.Final on Windows allows remote malicious users to read the sensitive files in the (1) WEB-INF or (2) META-INF directory via a request that...
Redhat Jboss Wildfly Application Server 10.0.0
1 EDB exploit
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
blind SQL injection
firmware
CVE-2006-4304
CVE-2024-32878
CVE-2024-31502
XSS
CVE-2024-3059
CVE-2024-33692
CVE-2024-3400
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started