Redhat

Jboss Enterprise Application Platform

238 Schwachstellen gefunden.

Hinweis: Diese Liste kann unvollständig sein. Daten werden ohne Gewähr im Ursprungsformat bereitgestellt.
7.5

CVE-2025-9784

  • EPSS 0.32%
  • Veröffentlicht 02.09.2025 13:37:59
  • Zuletzt bearbeitet 07.11.2025 22:15:39

A flaw was found in Undertow where malformed client requests can trigger server-side stream resets without triggering abuse counters. This issue, referred to as the "MadeYouReset" attack, allows malicious clients to induce excessive server workload b...

5.5

CVE-2025-5731

  • EPSS 0.02%
  • Veröffentlicht 26.06.2025 21:28:59
  • Zuletzt bearbeitet 02.09.2025 18:04:30

A flaw was found in Infinispan CLI. A sensitive password, decoded from a Base64-encoded Kubernetes secret, is processed in plaintext and included in a command string that may expose the data in an error message when a command is not found.

9.8

CVE-2025-23368

  • EPSS 0.19%
  • Veröffentlicht 04.03.2025 16:15:39
  • Zuletzt bearbeitet 14.10.2025 16:56:41

A flaw was found in Wildfly Elytron integration. The component does not implement sufficient measures to prevent multiple failed authentication attempts within a short time frame, making it more susceptible to brute force attacks via CLI.

6.5

CVE-2025-23367

  • EPSS 0.19%
  • Veröffentlicht 30.01.2025 15:15:18
  • Zuletzt bearbeitet 06.12.2025 01:15:48

A flaw was found in the Wildfly Server Role Based Access Control (RBAC) provider. When authorization to control management operations is secured using the Role Based Access Control provider, a user without the required privileges can suspend or resum...

7.4

CVE-2023-4639

  • EPSS 3.74%
  • Veröffentlicht 17.11.2024 11:15:05
  • Zuletzt bearbeitet 07.02.2025 17:15:29

A flaw was found in Undertow, which incorrectly parses cookies with certain value-delimiting characters in incoming requests. This issue could allow an attacker to construct a cookie value to exfiltrate HttpOnly cookie values or spoof arbitrary addit...

7.5

CVE-2023-1973

  • EPSS 0.73%
  • Veröffentlicht 07.11.2024 10:15:05
  • Zuletzt bearbeitet 08.11.2024 19:01:03

A flaw was found in Undertow package. Using the FormAuthenticationMechanism, a malicious user could trigger a Denial of Service by sending crafted requests, leading the server to an OutofMemory error, exhausting the server's memory.

6.1

CVE-2023-1932

  • EPSS 0.32%
  • Veröffentlicht 07.11.2024 10:15:04
  • Zuletzt bearbeitet 24.06.2025 13:07:42

A flaw was found in hibernate-validator's 'isValid' method in the org.hibernate.validator.internal.constraintvalidators.hv.SafeHtmlValidator class, which can be bypassed by omitting the tag ending in a less-than character. Browsers may render an inva...

7.3

CVE-2024-10234

  • EPSS 0.3%
  • Veröffentlicht 22.10.2024 14:15:14
  • Zuletzt bearbeitet 23.07.2025 19:15:31

A vulnerability was found in Wildfly, where a user may perform Cross-site scripting in the Wildfly deployment system. This flaw allows an attacker or insider to execute a deployment with a malicious payload, which could trigger undesired behavior aga...

7.5

CVE-2024-7885

  • EPSS 6.35%
  • Veröffentlicht 21.08.2024 14:15:09
  • Zuletzt bearbeitet 23.10.2025 23:15:36

A vulnerability was found in Undertow where the ProxyProtocolReadListener reuses the same StringBuilder instance across multiple requests. This issue occurs when the parseProxyProtocolV1 method processes multiple requests on the same HTTP connection....

6.5

CVE-2024-1102

Exploit
  • EPSS 0.15%
  • Veröffentlicht 25.04.2024 17:15:47
  • Zuletzt bearbeitet 24.10.2025 12:15:36

A vulnerability was found in jberet-core logging. An exception in 'dbProperties' might display user credentials such as the username and password for the database-connection.