Vulmon
Recent Vulnerabilities
Product List
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
jboss jboss application server vulnerabilities and exploits
(subscribe to this query)
5
CVSSv2
CVE-2017-2670
It was found in Undertow prior to 1.3.28 that with non-clean TCP close, the Websocket server gets into infinite loop on every IO thread, effectively causing DoS.
Redhat Undertow
Debian Debian Linux 9.0
Redhat Jboss Enterprise Application Platform 6.0.0
Redhat Jboss Enterprise Application Platform 7.0.0
Redhat Jboss Enterprise Application Platform 7.1.0
4
CVSSv2
CVE-2019-14838
A flaw was found in wildfly-core prior to 7.2.5.GA. The Management users with Monitor, Auditor and Deployer Roles should not be allowed to modify the runtime state of the server
Redhat Wildfly Core 7.0.0
Redhat Jboss Enterprise Application Platform 7.2.0
Redhat Jboss Enterprise Application Platform 7.2.5
Redhat Jboss Enterprise Application Platform 7.3.0
Redhat Single Sign-on 7.3.5
Redhat Data Grid 7.3.4
Redhat Jboss Enterprise Application Platform 7.2.4
1 Github repository
4
CVSSv2
CVE-2014-7853
The JBoss Application Server (WildFly) JacORB subsystem in Red Hat JBoss Enterprise Application Platform (EAP) prior to 6.3.3 does not properly assign socket-binding-ref sensitivity classification to the security-domain attribute, which allows remote authenticated users to obtain...
Redhat Jboss Operations Network 3.3.1
Redhat Jboss Enterprise Application Platform
6.8
CVSSv2
CVE-2014-3518
jmx-remoting.sar in JBoss Remoting, as used in Red Hat JBoss Enterprise Application Platform (JEAP) 5.2.0, Red Hat JBoss BRMS 5.3.1, Red Hat JBoss Portal Platform 5.2.2, and Red Hat JBoss SOA Platform 5.3.1, does not properly implement the JSR 160 specification, which allows remo...
Redhat Jboss Enterprise Portal Platform 5.2.2
Redhat Jboss Enterprise Brms Platform 5.3.1
Redhat Jboss Enterprise Application Platform 5.2.0
Redhat Jboss Enterprise Soa Platform 5.3.1
4
CVSSv2
CVE-2021-20250
A flaw was found in wildfly. The JBoss EJB client has publicly accessible privileged actions which may lead to information disclosure on the server it is deployed on. The highest threat from this vulnerability is to data confidentiality.
Redhat Jboss Enterprise Application Platform Expansion Pack -
Redhat Jboss-ejb-client
4.3
CVSSv2
CVE-2008-0455
Cross-site scripting (XSS) vulnerability in the mod_negotiation module in the Apache HTTP Server 2.2.6 and previous versions in the 2.2.x series, 2.0.61 and previous versions in the 2.0.x series, and 1.3.39 and previous versions in the 1.3.x series allows remote authenticated use...
Apache Http Server
Redhat Enterprise Linux Server 5.0
Redhat Enterprise Linux Workstation 5.0
Redhat Enterprise Linux Desktop 5.0
Redhat Jboss Enterprise Application Platform 6.0.0
Redhat Jboss Enterprise Application Platform 6.4.0
1 EDB exploit
5
CVSSv2
CVE-2020-7238
Netty 4.1.43.Final allows HTTP Request Smuggling because it mishandles Transfer-Encoding whitespace (such as a [space]Transfer-Encoding:chunked line) and a later Content-Length header. This issue exists because of an incomplete fix for CVE-2019-16869.
Netty Netty 4.1.43
Fedoraproject Fedora 33
Debian Debian Linux 8.0
Debian Debian Linux 9.0
Debian Debian Linux 10.0
Redhat Jboss Enterprise Application Platform 7.2
Redhat Jboss Enterprise Application Platform Text-only Advisories -
Redhat Jboss Enterprise Application Platform 7.3
Redhat Openshift Application Runtimes Text-only Advisories -
Redhat Jboss Enterprise Application Platform 7.4
5
CVSSv2
CVE-2019-14888
A vulnerability was found in the Undertow HTTP server in versions prior to 2.0.28.SP1 when listening on HTTPS. An attacker can target the HTTPS port to carry out a Denial Of Service (DOS) to make the service unavailable on SSL.
Redhat Undertow
Redhat Jboss Fuse 6.0.0
Redhat Jboss Enterprise Application Platform 7.0.0
Redhat Single Sign-on 7.0
Redhat Jboss Fuse 7.0.0
Redhat Jboss Data Grid 7.0.0
Redhat Jboss Data Grid -
Netapp Active Iq Unified Manager -
5
CVSSv2
CVE-2020-10693
A flaw was found in Hibernate Validator version 6.1.2.Final. A bug in the message interpolation processor enables invalid EL expressions to be evaluated as if they were valid. This flaw allows malicious users to bypass input sanitation (escaping, stripping) controls that develope...
Redhat Hibernate Validator 7.0.0
Redhat Hibernate Validator
Ibm Websphere Application Server
Redhat Jboss Enterprise Application Platform 7.2.0
Redhat Jboss Enterprise Application Platform 7.3.0
Redhat Satellite Capsule 6.8
Redhat Satellite 6.8
Quarkus Quarkus
Oracle Weblogic Server 14.1.1.0.0
3 Github repositories
7.5
CVSSv2
CVE-2017-7504
HTTPServerILServlet.java in JMS over HTTP Invocation Layer of the JbossMQ implementation, which is enabled by default in Red Hat Jboss Application Server <= Jboss 4.X does not restrict the classes for which it performs deserialization, which allows remote malicious users to ex...
Redhat Jboss Enterprise Application Platform
10 Github repositories
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-37884
CVE-2024-6003
remote
brute force
information disclosure
CVE-2024-27801
CVE-2024-30078
CVE-2024-31870
CVE-2024-6042
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2
3
4
5
6
7
8
NEXT »