Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
jboss enterprise application platform vulnerabilities and exploits
(subscribe to this query)
7.5
CVSSv3
CVE-2016-9589
Undertow in Red Hat wildfly before version 11.0.0.Beta1 is vulnerable to a resource exhaustion resulting in a denial of service. Undertow keeps a cache of seen HTTP headers in persistent connections. It was found that this cache can easily exploited to fill memory with garbage, u...
Redhat Jboss Wildfly Application Server 11.0.0
Redhat Jboss Wildfly Application Server
8.8
CVSSv3
CVE-2019-10174
A vulnerability was found in Infinispan such that the invokeAccessibly method from the public class ReflectionUtil allows any application class to invoke private methods in any class with Infinispan's privileges. The attacker can use reflection to introduce new, malicious be...
Infinispan Infinispan
Redhat Fuse 1.0
Redhat Jboss Data Grid -
Redhat Jboss Enterprise Application Platform -
Redhat Openshift Application Runtimes -
Redhat Single Sign-on -
Redhat Jboss Enterprise Application Platform 7.2
Netapp Active Iq Unified Manager -
9.8
CVSSv3
CVE-2019-10212
A flaw was found in, all under 2.0.20, in the Undertow DEBUG log for io.undertow.request.security. If enabled, an attacker could abuse this flaw to obtain the user's credentials from the log files.
Redhat Undertow
Redhat Jboss Data Grid -
Redhat Jboss Data Grid
Redhat Jboss Enterprise Application Platform -
Redhat Jboss Fuse
Redhat Openshift Application Runtimes -
Redhat Single Sign-on
Netapp Active Iq Unified Manager -
Redhat Jboss Enterprise Application Platform 7.2
Redhat Jboss Enterprise Application Platform 7.3
Redhat Jboss Enterprise Application Platform 7.4
7.5
CVSSv3
CVE-2019-14888
A vulnerability was found in the Undertow HTTP server in versions prior to 2.0.28.SP1 when listening on HTTPS. An attacker can target the HTTPS port to carry out a Denial Of Service (DOS) to make the service unavailable on SSL.
Redhat Undertow
Redhat Jboss Data Grid -
Redhat Jboss Data Grid 7.0.0
Redhat Jboss Enterprise Application Platform 7.0.0
Redhat Jboss Fuse 6.0.0
Redhat Jboss Fuse 7.0.0
Redhat Single Sign-on 7.0
Netapp Active Iq Unified Manager -
7.5
CVSSv3
CVE-2019-10172
A flaw was found in org.codehaus.jackson:jackson-mapper-asl:1.9.x libraries. XML external entity vulnerabilities similar CVE-2016-3720 also affects codehaus jackson-mapper-asl libraries but in different classes.
Fasterxml Jackson-mapper-asl
Redhat Jboss Enterprise Application Platform 7.0
Redhat Jboss Fuse 7.0.0
Debian Debian Linux 8.0
Debian Debian Linux 9.0
Apache Spark 3.0.1
1 Github repository
7.8
CVSSv3
CVE-2021-3717
A flaw was found in Wildfly. An incorrect JBOSS_LOCAL_USER challenge location when using the elytron configuration may lead to JBOSS_LOCAL_USER access to all users on the machine. The highest threat from this vulnerability is to confidentiality, integrity, and availability. This ...
Redhat Single Sign-on -
Redhat Jboss Enterprise Application Platform -
Redhat Wildfly Core
Redhat Jboss Enterprise Application Platform 7.4
Redhat Jboss Enterprise Application Platform 7.3
8.1
CVSSv3
CVE-2020-1757
A flaw was found in all undertow-2.x.x SP1 versions prior to undertow-2.0.30.SP1, all undertow-1.x.x and undertow-2.x.x versions prior to undertow-2.1.0.Final, where the Servlet container causes servletPath to normalize incorrectly by truncating the path after semicolon which may...
Redhat Undertow 2.0.0
Redhat Undertow 2.0.25
Redhat Undertow 2.0.26
Redhat Undertow 2.0.28
Redhat Undertow
Redhat Jboss Data Grid 7.0.0
Redhat Jboss Enterprise Application Platform 7.0.0
Redhat Jboss Fuse 6.0.0
Redhat Jboss Fuse 7.0.0
Redhat Openshift Application Runtimes -
Redhat Single Sign-on 7.0
NA
CVE-2015-3244
The Portlet Bridge for JavaServer Faces in Red Hat JBoss Portal 6.2.0, when used in portlets with the default resource serving for GenericPortlet, does not properly restrict access to restricted resources, which allows remote malicious users to obtain sensitive information via a ...
Redhat Jboss Enterprise Portal Platform 6.2.0
NA
CVE-2012-5575
Apache CXF 2.5.x prior to 2.5.10, 2.6.x before CXF 2.6.7, and 2.7.x before CXF 2.7.4 does not verify that a specified cryptographic algorithm is allowed by the WS-SecurityPolicy AlgorithmSuite definition before decrypting, which allows remote malicious users to force CXF to use w...
Apache Cxf 2.5.2
Apache Cxf 2.5.9
Redhat Jboss Enterprise Web Platform 5.2.0
Redhat Jboss Enterprise Soa Platform 4.3.0
Apache Cxf 2.6.0
Apache Cxf 2.5.3
Apache Cxf 2.7.3
Apache Cxf 2.5.7
Redhat Jboss Fuse Esb Enterprise 7.1.0
Apache Cxf 2.6.2
Apache Cxf 2.5.0
Apache Cxf 2.5.1
Apache Cxf 2.5.5
Apache Cxf 2.5.8
Apache Cxf 2.6.5
Apache Cxf 2.7.0
Apache Cxf 2.6.6
Apache Cxf 2.6.3
Redhat Jboss Enterprise Portal Platform 4.3.0
Apache Cxf 2.5.6
Apache Cxf 2.6.4
Apache Cxf 2.6.1
6.5
CVSSv3
CVE-2020-25689
A memory leak flaw was found in WildFly in all versions up to 21.0.0.Final, where host-controller tries to reconnect in a loop, generating new connections which are not properly closed while not able to connect to domain-controller. This flaw allows an malicious user to cause an ...
Redhat Wildfly
Redhat Jboss Enterprise Application Platform 7.0.0
Redhat Single Sign-on 7.0
Redhat Jboss Fuse 7.0.0
Redhat Jboss Data Grid 7.0.0
Redhat Openshift Application Runtimes -
Redhat Fuse 6.0.0
Netapp Oncommand Insight -
Netapp Service Level Manager -
Netapp Active Iq Unified Manager -
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-33572
CVE-2024-24919
CVE-2024-0230
CVE-2024-32714
HTML injection
local file inclusion
CVE-2024-31098
CVE-2024-31244
privilege
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
6
7
8
9
10
NEXT »