redhat jboss data grid 7.0.0 vulnerabilities and exploits

(subscribe to this query)

A vulnerability was found in the Undertow HTTP server in versions prior to 2.0.28.SP1 when listening on HTTPS. An attacker can target the HTTPS port to carry out a Denial Of Service (DOS) to make the service unavailable on SSL.

Redhat Undertow Redhat Jboss Data Grid -Redhat Jboss Data Grid 7.0.0 Redhat Jboss Enterprise Application Platform 7.0.0 Redhat Jboss Fuse 6.0.0 Redhat Jboss Fuse 7.0.0 Redhat Single Sign-on 7.0 Netapp Active Iq Unified Manager -

A flaw was found in Infinispan through version 9.4.14.Final. An improper implementation of the session fixation protection in the Spring Session integration can result in incorrect session handling.

Infinispan Infinispan Redhat Jboss Data Grid 7.0.0

A flaw exists in jackson-databind in versions prior to 2.9.10, 2.8.11.5 and 2.6.7.3, where it would permit polymorphic deserialization of a malicious object using commons-configuration 1 and 2 JNDI classes. An attacker could use this flaw to execute arbitrary code.

Fasterxml Jackson-databind Redhat Decision Manager 7.0 Redhat Jboss Data Grid -Redhat Jboss Data Grid 7.0.0 Redhat Jboss Enterprise Application Platform 7.0 Redhat Jboss Fuse 7.0.0 Redhat Openshift Container Platform 4.3 Redhat Process Automation 7.0 Apache Geode 1.12.0

1 Github repository

The issue appears to be that JBoss EAP 6.4.21 does not parse the field-name in accordance to RFC7230[1] as it returns a 200 instead of a 400.

Redhat Jboss Data Grid -Redhat Jboss Data Grid 7.0.0 Redhat Jboss Enterprise Application Platform -Redhat Jboss Enterprise Application Platform 6.4.21 Redhat Jboss Enterprise Application Platform 7.0.0 Redhat Jboss Enterprise Application Platform 7.2.0 Redhat Jboss Enterprise Application Platform 7.3.0 Redhat Openshift Application Runtimes -Redhat Single Sign-on -

A memory leak flaw was found in WildFly OpenSSL in versions before 1.1.3.Final, where it removes an HTTP session. It may allow the malicious user to cause OOM leading to a denial of service. The highest threat from this vulnerability is to system availability.

Redhat Wildfly Openssl Redhat Data Grid 8.0 Redhat Jboss Data Grid 7.0.0 Redhat Jboss Enterprise Application Platform 7.0.0 Redhat Jboss Fuse 7.0.0 Redhat Openshift Application Runtimes -Redhat Single Sign-on 7.0 Netapp Oncommand Insight -Netapp Oncommand Workflow Automation -Netapp Service Level Manager -

A flaw was found when an OpenSSL security provider is used with Wildfly, the 'enabled-protocols' value in the Wildfly configuration isn't honored. An attacker could target the traffic sent from Wildfly and downgrade the connection to a weaker version of TLS, potent...

Redhat Jboss Data Grid 7.0.0 Redhat Jboss Enterprise Application Platform 7.0.0 Redhat Jboss Fuse 7.0.0 Redhat Openshift Application Runtimes -Redhat Single Sign-on 7.0 Redhat Wildfly 7.2.0 Redhat Wildfly 7.2.3 Redhat Wildfly 7.2.5

An arbitrary file write vulnerability was found in GNU gzip's zgrep utility. When zgrep is applied on the attacker's chosen file name (for example, a crafted file name), this can overwrite an attacker's content to an arbitrary attacker-selected file. This flaw occu...

Gnu Gzip Redhat Jboss Data Grid 7.0.0 Debian Debian Linux 10.0 Tukaani Xz

1 Github repository

A flaw was found in all undertow-2.x.x SP1 versions prior to undertow-2.0.30.SP1, all undertow-1.x.x and undertow-2.x.x versions prior to undertow-2.1.0.Final, where the Servlet container causes servletPath to normalize incorrectly by truncating the path after semicolon which may...

Redhat Undertow Redhat Undertow 2.0.0 Redhat Undertow 2.0.25 Redhat Undertow 2.0.26 Redhat Undertow 2.0.28 Redhat Jboss Data Grid 7.0.0 Redhat Jboss Enterprise Application Platform 7.0.0 Redhat Jboss Fuse 6.0.0 Redhat Jboss Fuse 7.0.0 Redhat Openshift Application Runtimes -Redhat Single Sign-on 7.0

A memory leak flaw was found in WildFly in all versions up to 21.0.0.Final, where host-controller tries to reconnect in a loop, generating new connections which are not properly closed while not able to connect to domain-controller. This flaw allows an malicious user to cause an ...

Redhat Wildfly Redhat Fuse 6.0.0 Redhat Jboss Data Grid 7.0.0 Redhat Jboss Enterprise Application Platform 7.0.0 Redhat Jboss Fuse 7.0.0 Redhat Openshift Application Runtimes -Redhat Single Sign-on 7.0 Netapp Active Iq Unified Manager -Netapp Oncommand Insight -Netapp Service Level Manager -

A flaw was found in wildfly-core prior to 7.2.5.GA. The Management users with Monitor, Auditor and Deployer Roles should not be allowed to modify the runtime state of the server

Redhat Wildfly Core 7.0.0 Redhat Jboss Enterprise Application Platform 7.2.0 Redhat Jboss Enterprise Application Platform 7.2.5 Redhat Jboss Enterprise Application Platform 7.3.0 Redhat Single Sign-on 7.3.5 Redhat Data Grid 7.3.4 Redhat Jboss Enterprise Application Platform 7.2.4

1 2 3 NEXT »

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

Home Recent Vulnerabilities Product List Vendor List Research Posts Trends Blog About Contact

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Twitter Reddit Linkedin Facebook