Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
jboss enterprise web platform vulnerabilities and exploits
(subscribe to this query)
5.3
CVSSv3
CVE-2023-26049
Jetty is a java based web server and servlet engine. Nonstandard cookie parsing in Jetty may allow an malicious user to smuggle cookies within other cookies, or otherwise perform unintended behavior by tampering with the cookie parsing mechanism. If Jetty sees a cookie VALUE that...
Eclipse Jetty
Eclipse Jetty 12.0.0
Debian Debian Linux 10.0
Debian Debian Linux 11.0
Debian Debian Linux 12.0
Netapp E-series Santricity Web Services -
Netapp E-series Santricity Unified Manager -
Netapp Active Iq Unified Manager -
Netapp E-series Santricity Os Controller
NA
CVE-2012-3546
org/apache/catalina/realm/RealmBase.java in Apache Tomcat 6.x prior to 6.0.36 and 7.x prior to 7.0.30, when FORM authentication is used, allows remote malicious users to bypass security-constraint checks by leveraging a previous setUserPrincipal call and then placing /j_security_...
Apache Tomcat 6.0
Apache Tomcat 6.0.14
Apache Tomcat 6.0.29
Apache Tomcat 6.0.33
Apache Tomcat 6.0.18
Apache Tomcat 6.0.1
Apache Tomcat 6.0.32
Apache Tomcat 6.0.9
Apache Tomcat 6.0.8
Apache Tomcat 6.0.2
Apache Tomcat 6.0.4
Apache Tomcat 6.0.27
Apache Tomcat 6.0.3
Apache Tomcat 6.0.12
Apache Tomcat 6.0.11
Apache Tomcat 6.0.6
Apache Tomcat 6.0.7
Apache Tomcat 6.0.28
Apache Tomcat 6.0.0
Apache Tomcat 6.0.5
Apache Tomcat 6.0.24
Apache Tomcat 6.0.31
7.5
CVSSv3
CVE-2020-13934
An h2c direct connection to Apache Tomcat 10.0.0-M1 to 10.0.0-M6, 9.0.0.M5 to 9.0.36 and 8.5.1 to 8.5.56 did not release the HTTP/1.1 processor after the upgrade to HTTP/2. If a sufficient number of such requests were made, an OutOfMemoryException could occur leading to a denial ...
Apache Tomcat 9.0.0
Apache Tomcat 10.0.0
Apache Tomcat
Debian Debian Linux 9.0
Debian Debian Linux 10.0
Netapp Oncommand System Manager
Opensuse Leap 15.1
Opensuse Leap 15.2
Canonical Ubuntu Linux 20.04
Oracle Managed File Transfer 12.2.1.3.0
Oracle Instantis Enterprisetrack 17.1
Oracle Instantis Enterprisetrack 17.2
Oracle Instantis Enterprisetrack 17.3
Oracle Agile Plm 9.3.3
Oracle Agile Plm 9.3.5
Oracle Agile Plm 9.3.6
Oracle Workload Manager 18c
Oracle Workload Manager 19c
Oracle Workload Manager 12.2.0.1
Oracle Agile Engineering Data Management 6.2.1.0
Oracle Siebel Ui Framework
Oracle Mysql Enterprise Monitor
NA
CVE-2012-0876
The XML parser (xmlparse.c) in expat prior to 2.1.0 computes hash values without restricting the ability to trigger hash collisions predictably, which allows context-dependent malicious users to cause a denial of service (CPU consumption) via an XML file with many identifiers wit...
Libexpat Project Libexpat
Python Python
Debian Debian Linux 7.0
Debian Debian Linux 6.0
Canonical Ubuntu Linux 11.04
Canonical Ubuntu Linux 11.10
Canonical Ubuntu Linux 8.04
Canonical Ubuntu Linux 10.04
Canonical Ubuntu Linux 12.04
Oracle Solaris 11.3
Redhat Enterprise Linux Server 5.0
Redhat Enterprise Linux Server Aus 6.2
Redhat Enterprise Linux Workstation 5.0
Redhat Enterprise Linux Desktop 6.0
Redhat Enterprise Linux Server 6.0
Redhat Enterprise Linux Workstation 6.0
Redhat Enterprise Linux Desktop 5.0
Redhat Storage 2.0
Redhat Enterprise Linux Eus 6.2
6.5
CVSSv3
CVE-2017-2666
It exists in Undertow that the code that parsed the HTTP request line permitted invalid characters. This could be exploited, in conjunction with a proxy that also permitted the invalid characters but with a different interpretation, to inject data into the HTTP response. By manip...
Redhat Undertow -
Redhat Jboss Enterprise Application Platform 7.0.0
Redhat Jboss Enterprise Application Platform 7.1.0
Debian Debian Linux 9.0
Debian Debian Linux 10.0
5.9
CVSSv3
CVE-2020-1971
The X.509 GeneralName type is a generic type for representing different types of names. One of those name types is known as EDIPartyName. OpenSSL provides a function GENERAL_NAME_cmp which compares different instances of a GENERAL_NAME to see if they are equal or not. This functi...
Openssl Openssl
Debian Debian Linux 9.0
Debian Debian Linux 10.0
Fedoraproject Fedora 32
Fedoraproject Fedora 33
Oracle Api Gateway 11.1.2.4.0
Oracle Peoplesoft Enterprise Peopletools 8.56
Oracle Business Intelligence 12.2.1.3.0
Oracle Peoplesoft Enterprise Peopletools 8.57
Oracle Jd Edwards World Security A9.4
Oracle Business Intelligence 12.2.1.4.0
Oracle Enterprise Manager Base Platform 13.3.0.0
Oracle Business Intelligence 5.5.0.0.0
Oracle Peoplesoft Enterprise Peopletools 8.58
Oracle Enterprise Manager Base Platform 13.4.0.0
Oracle Http Server 12.2.1.4.0
Oracle Enterprise Manager For Storage Management 13.4.0.0
Oracle Enterprise Manager Ops Center 12.4.0.0
Oracle Mysql
Oracle Graalvm 19.3.4
Oracle Graalvm 20.3.0
Oracle Essbase 21.2
5 Github repositories
1 Article
7.5
CVSSv3
CVE-2017-2670
It was found in Undertow prior to 1.3.28 that with non-clean TCP close, the Websocket server gets into infinite loop on every IO thread, effectively causing DoS.
Redhat Undertow
Debian Debian Linux 9.0
Redhat Jboss Enterprise Application Platform 6.0.0
Redhat Jboss Enterprise Application Platform 7.0.0
Redhat Jboss Enterprise Application Platform 7.1.0
NA
CVE-2012-2687
Multiple cross-site scripting (XSS) vulnerabilities in the make_variant_list function in mod_negotiation.c in the mod_negotiation module in the Apache HTTP Server 2.4.x prior to 2.4.3, when the MultiViews option is enabled, allow remote malicious users to inject arbitrary web scr...
Apache Http Server 2.2.23
Apache Http Server 2.4.1
Apache Http Server 2.2.11
Apache Http Server 2.2.0
Apache Http Server 2.2.10
Apache Http Server 2.2.13
Apache Http Server 2.2.2
Apache Http Server 2.4.0
Apache Http Server 2.2.4
Apache Http Server 2.2.17
Apache Http Server 2.2.16
Apache Http Server 2.2.21
Apache Http Server 2.2.8
Apache Http Server 2.2.14
Apache Http Server 2.2.6
Apache Http Server 2.2.22
Apache Http Server 2.2.19
Apache Http Server 2.2.9
Apache Http Server 2.2.18
Apache Http Server 2.2.12
Apache Http Server 2.2.3
Apache Http Server 2.4.2
9.8
CVSSv3
CVE-2020-1745
A file inclusion vulnerability was found in the AJP connector enabled with a default AJP configuration port of 8009 in Undertow version 2.0.29.Final and before and was fixed in 2.0.30.Final. A remote, unauthenticated attacker could exploit this vulnerability to read web applicati...
Redhat Undertow
7.5
CVSSv3
CVE-2020-17527
While investigating bug 64830 it exists that Apache Tomcat 10.0.0-M1 to 10.0.0-M9, 9.0.0-M1 to 9.0.39 and 8.5.0 to 8.5.59 could re-use an HTTP request header value from the previous stream received on an HTTP/2 connection for the request associated with the subsequent stream. Whi...
Apache Tomcat 9.0.0
Apache Tomcat 10.0.0
Apache Tomcat 9.0.36
Apache Tomcat 9.0.37
Apache Tomcat 9.0.38
Apache Tomcat 9.0.39
Apache Tomcat 9.0.35-3.39.1
Apache Tomcat 9.0.35-3.57.3
Apache Tomcat
Netapp Oncommand System Manager
Netapp Element Plug-in -
Debian Debian Linux 9.0
Debian Debian Linux 10.0
Oracle Instantis Enterprisetrack 17.1
Oracle Instantis Enterprisetrack 17.2
Oracle Instantis Enterprisetrack 17.3
Oracle Sd-wan Edge 9.0
Oracle Workload Manager 18c
Oracle Workload Manager 19c
Oracle Mysql Enterprise Monitor
Oracle Communications Cloud Native Core Binding Support Function 1.10.0
Oracle Communications Cloud Native Core Policy 1.14.0
2 Github repositories
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2023-52710
arbitrary
CVE-2024-5272
CVE-2024-2961
brute force
remote
CVE-2024-32944
CVE-2024-36241
CVE-2024-5274
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
2
3
4
5
6
7
8
9
10
NEXT »