Vulmon Recent Vulnerabilities Research Posts Trends Blog About Contact

redhat jboss enterprise application platform continuous delivery - vulnerabilities and exploits

(subscribe to this query)
4.9
CVSSv2
CVE-2020-1732
A flaw was found in Soteria prior to 1.0.1, in a way that multiple requests occurring concurrently causing security identity corruption across concurrent threads when using EE Security with WildFly Elytron which can lead to the possibility of being handled using the identity from...
Redhat SoteriaRedhat Jboss Enterprise Application Platform 7.0.0Redhat Openshift Application Runtimes -Redhat Jboss Enterprise Application Platform Continuous Delivery -
4
CVSSv2
CVE-2020-14307
A vulnerability was found in Wildfly's Enterprise Java Beans (EJB) versions shipped with Red Hat JBoss EAP 7, where SessionOpenInvocations are never removed from the remote InvocationTracker after a response is received in the EJB Client, as well as the server. This flaw all...
Redhat Jboss Fuse 6.0.0Redhat Single Sign-on 7.0Redhat Openshift Application Runtimes -Redhat Jboss Enterprise Application Platform Continuous Delivery -Redhat Amq 2.0
4
CVSSv2
CVE-2020-14297
A flaw exists in Wildfly's EJB Client as shipped with Red Hat JBoss EAP 7, where some specific EJB transaction objects may get accumulated over the time and can cause services to slow down and eventaully unavailable. An attacker can take advantage and cause denial of service...
Redhat Jboss Fuse 6.0.0Redhat Single Sign-on 7.0Redhat Openshift Application Runtimes -Redhat Jboss Enterprise Application Platform Continuous Delivery -Redhat Amq 2.0Redhat Jboss-ejb-client
7.5
CVSSv2
CVE-2017-7503
It was found that the Red Hat JBoss EAP 7.0.5 implementation of javax.xml.transform.TransformerFactory is vulnerable to XXE. An attacker could use this flaw to launch DoS or SSRF attacks, or read files from the server where EAP is deployed.
Redhat Jboss Enterprise Application Platform 7.0.5
4.7
CVSSv2
CVE-2019-3805
A flaw exists in wildfly versions up to 16.0.0.Final that would allow local users who are able to execute init.d script to terminate arbitrary processes on the system. An attacker could exploit this by modifying the PID file in /var/run/jboss-eap/ allowing the init.d script to te...
Redhat WildflyRedhat Jboss Enterprise Application Platform 7.0.0Redhat Jboss Enterprise Application Platform 6.0.0
4.9
CVSSv2
CVE-2020-14317
It was found that the issue for security flaw CVE-2019-3805 appeared again in a further version of JBoss Enterprise Application Platform - Continuous Delivery (EAP-CD) introducing regression. An attacker could exploit this by modifying the PID file in /var/run/jboss-eap/ allowing...
Redhat Jboss Enterprise Application Platform -Redhat Wildfly -
5
CVSSv2
CVE-2019-19343
A flaw was found in Undertow when using Remoting as shipped in Red Hat Jboss EAP before version 7.2.4. A memory leak in HttpOpenListener due to holding remote connections indefinitely may lead to denial of service. Versions before undertow 2.0.25.SP1 and jboss-remoting 5.0.14.SP1...
Redhat Jboss-remoting 5.0.14Redhat Jboss-remotingRedhat Undertow 2.0.25Redhat UndertowRedhat Jboss Enterprise Application PlatformNetapp Active Iq Unified Manager -
5
CVSSv2
CVE-2020-7238
Netty 4.1.43.Final allows HTTP Request Smuggling because it mishandles Transfer-Encoding whitespace (such as a [space]Transfer-Encoding:chunked line) and a later Content-Length header. This issue exists because of an incomplete fix for CVE-2019-16869.
Netty Netty 4.1.43Fedoraproject Fedora 33Debian Debian Linux 8.0Debian Debian Linux 9.0Debian Debian Linux 10.0Redhat Jboss Enterprise Application Platform 7.2Redhat Jboss Enterprise Application Platform Text-only Advisories -Redhat Jboss Enterprise Application Platform 7.3Redhat Openshift Application Runtimes Text-only Advisories -Redhat Jboss Enterprise Application Platform 7.4
5
CVSSv2
CVE-2020-10705
A flaw exists in Undertow in versions before Undertow 2.1.1.Final where certain requests to the "Expect: 100-continue" header may cause an out of memory error. This flaw may potentially lead to a denial of service.
Redhat UndertowNetapp Oncommand Insight -Redhat Jboss Enterprise Application Platform -Redhat Openshift Application Runtimes -Redhat Jboss Enterprise Application Platform 7.2
4.3
CVSSv2
CVE-2020-10688
A cross-site scripting (XSS) flaw was found in RESTEasy in versions prior to 3.11.1.Final and prior to 4.5.3.Final, where it did not properly handle URL encoding when the RESTEASY003870 exception occurs. An attacker could use this flaw to launch a reflected XSS attack.
Redhat Jboss Enterprise Application Platform -Redhat Openshift Application Runtimes -Redhat ResteasyRedhat Fuse 1.0Redhat Jboss Enterprise Application Platform 7.3Redhat Jboss Enterprise Application Platform 7.4
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
path traversalCVE-2024-26978CVE-2024-26982wirelessCVE-2023-6949CVE-2024-26980CVE-2024-32766CVE-2024-26939cache poisoning
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started

Vulmon Search

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

About

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Products

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Connect

Twitter Reddit Linkedin Facebook