Vulmon Recent Vulnerabilities Research Posts Trends Blog About Contact

redhat jboss enterprise application platform 7.1 vulnerabilities and exploits

(subscribe to this query)
4.3
CVSSv2
CVE-2012-4529
The org.apache.catalina.connector.Response.encodeURL method in Red Hat JBoss Web 7.1.x and previous versions, when the tracking mode is set to COOKIE, sends the jsessionid in the URL of the first response of a session, which allows remote malicious users to obtain the session id ...
Redhat Jboss Community Application Server 6.0.0Redhat Jboss Community Application Server 6.1.0Redhat Jboss Community Application Server 7.0.0Redhat Jboss Community Application Server 5.1.0Redhat Jboss Community Application Server 5.0.1Redhat Jboss Community Application Server 5.0.0Redhat Jboss Community Application Server 7.0.1Redhat Jboss Community Application Server 7.1.0Redhat Jboss Community Application Server 7.0.2Redhat Jboss Community Application ServerRedhat Jboss Enterprise Application Platform 6.0.0
5
CVSSv2
CVE-2016-9589
Undertow in Red Hat wildfly before version 11.0.0.Beta1 is vulnerable to a resource exhaustion resulting in a denial of service. Undertow keeps a cache of seen HTTP headers in persistent connections. It was found that this cache can easily exploited to fill memory with garbage, u...
Redhat Jboss Wildfly Application Server 11.0.0Redhat Jboss Wildfly Application Server
5
CVSSv2
CVE-2018-14642
An information leak vulnerability was found in Undertow. If all headers are not written out in the first write() call then the code that handles flushing the buffer will always write out the full contents of the writevBuffer buffer, which may contain data from previous requests.
Redhat Undertow -Redhat Jboss Enterprise Application Platform 7.1Redhat Jboss Enterprise Application Platform 7.2Redhat Jboss Enterprise Application Platform 7.3
4.4
CVSSv2
CVE-2017-7536
In Hibernate Validator 5.2.x prior to 5.2.5 final, 5.3.x, and 5.4.x, it was found that when the security manager's reflective permissions, which allows it to access the private members of the class, are granted to Hibernate Validator, a potential privilege escalation can occ...
Redhat Hibernate ValidatorRedhat Satellite 6.4Redhat Satellite Capsule 6.4Redhat Jboss Enterprise Application Platform 6.0.0Redhat Jboss Enterprise Application Platform 6.4.0Redhat Jboss Enterprise Application Platform 7.0Redhat Jboss Enterprise Application Platform 7.1Redhat Virtualization 4.0Redhat Virtualization Host 4.0
7.8
CVSSv2
CVE-2019-9517
Some HTTP/2 implementations are vulnerable to unconstrained interal data buffering, potentially leading to a denial of service. The attacker opens the HTTP/2 window so the peer can send without constraint; however, they leave the TCP window closed so the peer cannot actually writ...
Apple SwiftnioApache Traffic ServerApache Http ServerCanonical Ubuntu Linux 16.04Canonical Ubuntu Linux 18.04Canonical Ubuntu Linux 19.04Debian Debian Linux 9.0Debian Debian Linux 10.0Synology Skynas -Synology Diskstation Manager 6.2Synology Vs960hd Firmware -Fedoraproject Fedora 29Fedoraproject Fedora 30Opensuse Leap 15.0Opensuse Leap 15.1Redhat Software Collections 1.0Redhat Jboss Core Services 1.0Redhat Enterprise Linux 8.0Redhat Jboss Enterprise Application Platform 7.2.0Redhat Quay 3.0.0Redhat Openshift Service Mesh 1.0Redhat Jboss Enterprise Application Platform 7.3.0
3.5
CVSSv2
CVE-2019-3872
It was found that a SAMLRequest containing a script could be processed by Picketlink versions shipped in Jboss Application Platform 7.2.x and 7.1.x. An attacker could use this to send a malicious script to achieve cross-site scripting and obtain unauthorized information or conduc...
Redhat Jboss Enterprise Application Platform 7.2.0Redhat Single Sign-on 7.0
5
CVSSv2
CVE-2018-1000180
Bouncy Castle BC 1.54 - 1.59, BC-FJA 1.0.0, BC-FJA 1.0.1 and previous versions have a flaw in the Low-level interface to RSA key pair generator, specifically RSA Key Pairs generated in low-level API with added certainty may have less M-R tests than expected. This appears to be fi...
Bouncycastle Fips Java ApiBouncycastle Legion-of-the-bouncy-castle-java-crytography-apiDebian Debian Linux 9.0Oracle Retail Xstore Point Of Service 7.1Oracle Api Gateway 11.1.2.4.0Oracle Weblogic Server 12.1.3.0.0Oracle Enterprise Repository 12.1.3.0.0Oracle Retail Xstore Point Of Service 7.0Oracle Peoplesoft Enterprise Peopletools 8.55Oracle Peoplesoft Enterprise Peopletools 8.56Oracle Webcenter Portal 12.2.1.3.0Oracle Webcenter Portal 11.1.1.9.0Oracle Business Process Management Suite 12.1.3.0.0Oracle Business Process Management Suite 12.2.1.3.0Oracle Business Process Management Suite 11.1.1.9.0Oracle Soa Suite 12.1.3.0.0Oracle Soa Suite 12.2.1.3.0Oracle Peoplesoft Enterprise Peopletools 8.57Oracle Managed File Transfer 12.2.1.3.0Oracle Communications Converged Application ServerOracle Communications Webrtc Session ControllerOracle Retail Convenience And Fuel Pos Software 2.8.1
7.5
CVSSv2
CVE-2019-14379
SubTypeValidator.java in FasterXML jackson-databind prior to 2.9.9.2 mishandles default typing when ehcache is used (because of net.sf.ehcache.transaction.manager.DefaultTransactionManagerLookup), leading to remote code execution.
Fasterxml Jackson-databindDebian Debian Linux 8.0Netapp Snapcenter -Netapp Oncommand Workflow Automation -Netapp Service Level Manager -Netapp Active Iq Unified ManagerFedoraproject Fedora 29Fedoraproject Fedora 30Fedoraproject Fedora 31Redhat Jboss Enterprise Application Platform 7.2Redhat Jboss Enterprise Application Platform 7.3Redhat Openshift Container Platform 4.1Redhat Single Sign-on 7.3Redhat Openshift Container Platform 3.11Oracle Retail Xstore Point Of Service 15.0Oracle Primavera Unifier 16.2Oracle Banking Platform 2.4.0Oracle Retail Xstore Point Of Service 7.1Oracle Jd Edwards Enterpriseone Tools 9.2Oracle Banking Platform 2.4.1Oracle Primavera Gateway 16.2Oracle Primavera Gateway 15.2
7.5
CVSSv2
CVE-2019-16335
A Polymorphic Typing issue exists in FasterXML jackson-databind prior to 2.9.10. It is related to com.zaxxer.hikari.HikariDataSource. This is a different vulnerability than CVE-2019-14540.
Fasterxml Jackson-databindFedoraproject Fedora 30Fedoraproject Fedora 31Debian Debian Linux 8.0Debian Debian Linux 9.0Debian Debian Linux 10.0Netapp Steelstore Cloud Integrated Storage -Netapp Oncommand Workflow Automation -Netapp Oncommand Api Services -Redhat Jboss Enterprise Application Platform 7.2Redhat Jboss Enterprise Application Platform 7.3Oracle Retail Xstore Point Of Service 15.0Oracle Banking Platform 2.4.0Oracle Retail Xstore Point Of Service 7.1Oracle Banking Platform 2.4.1Oracle Primavera Gateway 16.1Oracle Primavera Gateway 16.2Oracle Primavera Gateway 15.2Oracle Banking Platform 2.5.0Oracle Weblogic Server 12.2.1.3.0Oracle Retail Xstore Point Of Service 16.0Oracle Banking Platform 2.6.0
6.8
CVSSv2
CVE-2019-17531
A Polymorphic Typing issue exists in FasterXML jackson-databind 2.0.0 up to and including 2.9.10. When Default Typing is enabled (either globally or for a specific property) for an externally exposed JSON endpoint and the service has the apache-log4j-extra (version 1.2.x) jar in ...
Fasterxml Jackson-databindDebian Debian Linux 8.0Redhat Jboss Enterprise Application Platform 7.2Redhat Jboss Enterprise Application Platform 7.3Oracle Banking Platform 2.4.0Oracle Jd Edwards Enterpriseone Tools 9.2Oracle Banking Platform 2.4.1Oracle Primavera Gateway 16.1Oracle Primavera Gateway 16.2Oracle Banking Platform 2.5.0Oracle Weblogic Server 12.2.1.3.0Oracle Webcenter Portal 12.2.1.3.0Oracle Webcenter Sites 12.2.1.3.0Oracle Jd Edwards Enterpriseone Orchestrator 9.2Oracle Banking Platform 2.6.0Oracle Banking Platform 2.6.1Oracle Banking Platform 2.6.2Oracle Weblogic Server 12.2.1.4.0Oracle Webcenter Sites 12.2.1.4.0Oracle Webcenter Portal 12.2.1.4.0Oracle Communications Billing And Revenue Management 12.0.0.3.0Oracle Communications Billing And Revenue Management 7.5.0.23.0
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
blind SQL injectionfirmwareCVE-2006-4304CVE-2024-32878CVE-2024-31502XSSCVE-2024-3059CVE-2024-33692CVE-2024-3400
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started

Vulmon Search

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

About

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Products

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Connect

Twitter Reddit Linkedin Facebook