CVE-2023-4639
- EPSS 3.74%
- Veröffentlicht 17.11.2024 11:15:05
- Zuletzt bearbeitet 07.02.2025 17:15:29
A flaw was found in Undertow, which incorrectly parses cookies with certain value-delimiting characters in incoming requests. This issue could allow an attacker to construct a cookie value to exfiltrate HttpOnly cookie values or spoof arbitrary addit...
CVE-2021-4104
- EPSS 72.2%
- Veröffentlicht 14.12.2021 12:15:12
- Zuletzt bearbeitet 21.11.2024 06:36:54
JMSAppender in Log4j 1.2 is vulnerable to deserialization of untrusted data when the attacker has write access to the Log4j configuration. The attacker can provide TopicBindingName and TopicConnectionFactoryBindingName configurations causing JMSAppen...
- EPSS 71.46%
- Veröffentlicht 09.11.2017 17:29:00
- Zuletzt bearbeitet 20.04.2025 01:37:25
Red Hat JBoss A-MQ 6.x; BPM Suite (BPMS) 6.x; BRMS 6.x and 5.x; Data Grid (JDG) 6.x; Data Virtualization (JDV) 6.x and 5.x; Enterprise Application Platform 6.x, 5.x, and 4.3.x; Fuse 6.x; Fuse Service Works (FSW) 6.x; Operations Network (JBoss ON) 3.x...
CVE-2013-6469
- EPSS 0.49%
- Veröffentlicht 22.04.2014 13:06:26
- Zuletzt bearbeitet 12.04.2025 10:46:40
JBoss Overlord Run Time Governance (RTGov) 1.0 for JBossAS allows remote authenticated users to execute arbitrary Java code via an MVFLEX Expression Language (MVEL) expression. NOTE: some of these details are obtained from third party information.