Redhat

Openshift Application Runtimes

33 vulnerabilities found.

Hinweis: Diese Liste kann unvollständig sein. Daten werden ohne Gewähr im Ursprungsformat bereitgestellt.
7.5

CVE-2023-1108

  • EPSS 2.56%
  • Published 14.09.2023 15:15:08
  • Last modified 21.11.2024 07:38:28

A flaw was found in undertow. This issue makes achieving a denial of service possible due to an unexpected handshake status updated in SslConduit, where the loop never terminates.

7.5

CVE-2022-1319

  • EPSS 0.23%
  • Published 31.08.2022 16:15:09
  • Last modified 21.11.2024 06:40:28

A flaw was found in Undertow. For an AJP 400 response, EAP 7 is improperly sending two response packets, and those packets have the reuse flag set even though JBoss EAP closes the connection. A failure occurs when the connection is reused after a 400...

7.5

CVE-2022-1259

  • EPSS 0.18%
  • Published 31.08.2022 16:15:09
  • Last modified 21.11.2024 06:40:21

A flaw was found in Undertow. A potential security issue in flow control handling by the browser over HTTP/2 may cause overhead or a denial of service in the server. This flaw exists because of an incomplete fix for CVE-2021-3629.

6.1

CVE-2021-3914

  • EPSS 0.48%
  • Published 25.08.2022 20:15:09
  • Last modified 21.11.2024 06:22:45

It was found that the smallrye health metrics UI component did not properly sanitize some user inputs. An attacker could use this flaw to conduct cross-site scripting attacks.

6.7

CVE-2021-4178

  • EPSS 0.08%
  • Published 24.08.2022 16:15:09
  • Last modified 21.11.2024 06:37:04

A arbitrary code execution flaw was found in the Fabric 8 Kubernetes client affecting versions 5.0.0-beta-1 and above. Due to an improperly configured YAML parsing, this will allow a local and privileged attacker to supply malicious YAML.

7.5

CVE-2021-3690

Exploit
  • EPSS 0.33%
  • Published 23.08.2022 16:15:09
  • Last modified 21.11.2024 06:22:09

A flaw was found in Undertow. A buffer leak on the incoming WebSocket PONG message may lead to memory exhaustion. This flaw allows an attacker to cause a denial of service. The highest threat from this vulnerability is availability.

5.9

CVE-2021-3597

  • EPSS 0.17%
  • Published 24.05.2022 19:15:09
  • Last modified 21.11.2024 06:21:56

A flaw was found in undertow. The HTTP2SourceChannel fails to write the final frame under some circumstances, resulting in a denial of service. The highest threat from this vulnerability is availability. This flaw affects Undertow versions prior to 2...

7.5

CVE-2021-4104

  • EPSS 72.2%
  • Published 14.12.2021 12:15:12
  • Last modified 21.11.2024 06:36:54

JMSAppender in Log4j 1.2 is vulnerable to deserialization of untrusted data when the attacker has write access to the Log4j configuration. The attacker can provide TopicBindingName and TopicConnectionFactoryBindingName configurations causing JMSAppen...

5.3

CVE-2021-3642

  • EPSS 0.27%
  • Published 05.08.2021 21:15:13
  • Last modified 21.11.2024 06:22:03

A flaw was found in Wildfly Elytron in versions prior to 1.10.14.Final, prior to 1.15.5.Final and prior to 1.16.1.Final where ScramServer may be susceptible to Timing Attack if enabled. The highest threat of this vulnerability is confidentiality.

6.1

CVE-2020-10688

Exploit
  • EPSS 0.22%
  • Published 27.05.2021 19:15:07
  • Last modified 21.11.2024 04:55:51

A cross-site scripting (XSS) flaw was found in RESTEasy in versions before 3.11.1.Final and before 4.5.3.Final, where it did not properly handle URL encoding when the RESTEASY003870 exception occurs. An attacker could use this flaw to launch a reflec...