Redhat

Jboss Enterprise Application Platform

236 vulnerabilities found.

Hinweis: Diese Liste kann unvollständig sein. Daten werden ohne Gewähr im Ursprungsformat bereitgestellt.
7.5

CVE-2025-9784

  • EPSS 0.22%
  • Published 02.09.2025 13:37:59
  • Last modified 24.09.2025 14:15:52

A flaw was found in Undertow where malformed client requests can trigger server-side stream resets without triggering abuse counters. This issue, referred to as the "MadeYouReset" attack, allows malicious clients to induce excessive server workload b...

5.5

CVE-2025-5731

  • EPSS 0.02%
  • Published 26.06.2025 21:28:59
  • Last modified 02.09.2025 18:04:30

A flaw was found in Infinispan CLI. A sensitive password, decoded from a Base64-encoded Kubernetes secret, is processed in plaintext and included in a command string that may expose the data in an error message when a command is not found.

7.4

CVE-2023-4639

  • EPSS 3.74%
  • Published 17.11.2024 11:15:05
  • Last modified 07.02.2025 17:15:29

A flaw was found in Undertow, which incorrectly parses cookies with certain value-delimiting characters in incoming requests. This issue could allow an attacker to construct a cookie value to exfiltrate HttpOnly cookie values or spoof arbitrary addit...

7.5

CVE-2023-1973

  • EPSS 0.54%
  • Published 07.11.2024 10:15:05
  • Last modified 08.11.2024 19:01:03

A flaw was found in Undertow package. Using the FormAuthenticationMechanism, a malicious user could trigger a Denial of Service by sending crafted requests, leading the server to an OutofMemory error, exhausting the server's memory.

6.1

CVE-2023-1932

  • EPSS 0.23%
  • Published 07.11.2024 10:15:04
  • Last modified 24.06.2025 13:07:42

A flaw was found in hibernate-validator's 'isValid' method in the org.hibernate.validator.internal.constraintvalidators.hv.SafeHtmlValidator class, which can be bypassed by omitting the tag ending in a less-than character. Browsers may render an inva...

7.3

CVE-2024-10234

  • EPSS 0.42%
  • Published 22.10.2024 14:15:14
  • Last modified 23.07.2025 19:15:31

A vulnerability was found in Wildfly, where a user may perform Cross-site scripting in the Wildfly deployment system. This flaw allows an attacker or insider to execute a deployment with a malicious payload, which could trigger undesired behavior aga...

7.5

CVE-2024-7885

  • EPSS 6.4%
  • Published 21.08.2024 14:15:09
  • Last modified 25.09.2025 08:15:36

A vulnerability was found in Undertow where the ProxyProtocolReadListener reuses the same StringBuilder instance across multiple requests. This issue occurs when the parseProxyProtocolV1 method processes multiple requests on the same HTTP connection....

6.5

CVE-2024-1102

Exploit
  • EPSS 0.15%
  • Published 25.04.2024 17:15:47
  • Last modified 18.06.2025 19:36:06

A vulnerability was found in jberet-core logging. An exception in 'dbProperties' might display user credentials such as the username and password for the database-connection.

7.3

CVE-2024-1233

  • EPSS 0.18%
  • Published 09.04.2024 07:15:08
  • Last modified 21.11.2024 08:50:07

A flaw was found in` JwtValidator.resolvePublicKey` in JBoss EAP, where the validator checks jku and sends a HTTP request. During this process, no whitelisting or other filtering behavior is performed on the destination URL address, which may result ...

7.5

CVE-2023-5685

  • EPSS 0.38%
  • Published 22.03.2024 19:15:07
  • Last modified 26.11.2024 03:15:03

A flaw was found in XNIO. The XNIO NotifierState that can cause a Stack Overflow Exception when the chain of notifier states becomes problematically large can lead to uncontrolled resource management and a possible denial of service (DoS).