Vulmon Recent Vulnerabilities Research Posts Trends Blog About Contact

redhat jboss enterprise application platform 7.0.0 vulnerabilities and exploits

(subscribe to this query)
5
CVSSv2
CVE-2020-1710
The issue appears to be that JBoss EAP 6.4.21 does not parse the field-name in accordance to RFC7230[1] as it returns a 200 instead of a 400.
Redhat Jboss Data Grid -Redhat Jboss Data Grid 7.0.0Redhat Jboss Enterprise Application Platform -Redhat Jboss Enterprise Application Platform 6.4.21Redhat Jboss Enterprise Application Platform 7.0.0Redhat Jboss Enterprise Application Platform 7.2.0Redhat Jboss Enterprise Application Platform 7.3.0Redhat Openshift Application Runtimes -Redhat Single Sign-on -
4.7
CVSSv2
CVE-2019-3805
A flaw exists in wildfly versions up to 16.0.0.Final that would allow local users who are able to execute init.d script to terminate arbitrary processes on the system. An attacker could exploit this by modifying the PID file in /var/run/jboss-eap/ allowing the init.d script to te...
Redhat WildflyRedhat Jboss Enterprise Application Platform 7.0.0Redhat Jboss Enterprise Application Platform 6.0.0
4.9
CVSSv2
CVE-2020-1732
A flaw was found in Soteria prior to 1.0.1, in a way that multiple requests occurring concurrently causing security identity corruption across concurrent threads when using EE Security with WildFly Elytron which can lead to the possibility of being handled using the identity from...
Redhat SoteriaRedhat Jboss Enterprise Application Platform 7.0.0Redhat Openshift Application Runtimes -Redhat Jboss Enterprise Application Platform Continuous Delivery -
NA
CVE-2023-5379
A flaw was found in Undertow. When an AJP request is sent that exceeds the max-header-size attribute in ajp-listener, JBoss EAP is marked in an error state by mod_cluster in httpd, causing JBoss EAP to close the TCP connection without returning an AJP response. This happens becau...
Redhat Jboss Enterprise Application Platform 7.0.0Redhat Undertow -Redhat Single Sign-on 7.0Redhat Jboss Enterprise Application Platform -
4
CVSSv2
CVE-2019-14820
It was found that keycloak before version 8.0.0 exposes internal adapter endpoints in org.keycloak.constants.AdapterConstants, which can be invoked via a specially-crafted URL. This vulnerability could allow an malicious user to access unauthorized information.
Redhat KeycloakRedhat Single Sign-on 7.3Redhat Jboss Enterprise Application Platform 6.4.0Redhat Jboss Enterprise Application Platform 7.2.0Redhat Jboss Fuse 7.0.0
6.5
CVSSv2
CVE-2019-3894
It exists that the ElytronManagedThread in Wildfly's Elytron subsystem in versions from 11 to 16 stores a SecurityIdentity to run the thread as. These threads do not necessarily terminate if the keep alive time has not expired. This could allow a shared thread to use the wro...
Redhat WildflyRedhat Jboss Enterprise Application Platform 7.0.0
4
CVSSv2
CVE-2021-32029
A flaw was found in postgresql. Using an UPDATE ... RETURNING command on a purpose-crafted table, an authenticated database user could read arbitrary bytes of server memory. The highest threat from this vulnerability is to data confidentiality.
Postgresql PostgresqlRedhat Jboss Enterprise Application Platform 7.0.0
NA
CVE-2022-3143
wildfly-elytron: possible timing attacks via use of unsafe comparator. A flaw was found in Wildfly-elytron. Wildfly-elytron uses java.util.Arrays.equals in several places, which is unsafe and vulnerable to timing attacks. To compare values securely, use java.security.MessageDiges...
Redhat Wildfly Elytron 1.15.15Redhat Jboss Enterprise Application Platform 7.0.0
5
CVSSv2
CVE-2022-0853
A flaw was found in JBoss-client. The vulnerability occurs due to a memory leak on the JBoss client-side, when using UserTransaction repeatedly and leads to information leakage vulnerability.
Redhat Descision Manager 7.0Redhat Jboss Enterprise Application Platform 7.0.0Redhat Jboss Enterprise Application Platform Expansion Pack -Redhat Process Automation 7.0Redhat Single Sign-on 7.0
6.4
CVSSv2
CVE-2019-14887
A flaw was found when an OpenSSL security provider is used with Wildfly, the 'enabled-protocols' value in the Wildfly configuration isn't honored. An attacker could target the traffic sent from Wildfly and downgrade the connection to a weaker version of TLS, potent...
Redhat Jboss Data Grid 7.0.0Redhat Jboss Enterprise Application Platform 7.0.0Redhat Jboss Fuse 7.0.0Redhat Openshift Application Runtimes -Redhat Single Sign-on 7.0Redhat Wildfly 7.2.0Redhat Wildfly 7.2.3Redhat Wildfly 7.2.5
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
blind SQL injectionfirmwareCVE-2006-4304CVE-2024-32878CVE-2024-31502XSSCVE-2024-3059CVE-2024-33692CVE-2024-3400
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started

Vulmon Search

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

About

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Products

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Connect

Twitter Reddit Linkedin Facebook