Redhat

Jboss Enterprise Application Platform

236 Schwachstellen gefunden.

Hinweis: Diese Liste kann unvollständig sein. Daten werden ohne Gewähr im Ursprungsformat bereitgestellt.
7.5

CVE-2024-1635

  • EPSS 8.33%
  • Veröffentlicht 19.02.2024 22:15:48
  • Zuletzt bearbeitet 07.05.2025 12:27:53

A vulnerability was found in Undertow. This vulnerability impacts a server that supports the wildfly-http-client protocol. Whenever a malicious user opens and closes a connection with the HTTP port of the server and then closes the connection immedia...

7.5

CVE-2023-4503

  • EPSS 0.19%
  • Veröffentlicht 06.02.2024 09:15:52
  • Zuletzt bearbeitet 21.11.2024 08:35:18

An improper initialization vulnerability was found in Galleon. When using Galleon to provision custom EAP or EAP-XP servers, the servers are created unsecured. This issue could allow an attacker to access remote HTTP services available from the serve...

7.5

CVE-2023-3171

  • EPSS 0.17%
  • Veröffentlicht 27.12.2023 16:15:13
  • Zuletzt bearbeitet 21.11.2024 08:16:37

A flaw was found in EAP-7 during deserialization of certain classes, which permits instantiation of HashMap and HashTable with no checks on resources consumed. This issue could allow an attacker to submit malicious requests using these classes, which...

5.9

CVE-2023-48795

Medienbericht Exploit
  • EPSS 64.06%
  • Veröffentlicht 18.12.2023 16:15:10
  • Zuletzt bearbeitet 29.09.2025 21:56:10

The SSH transport protocol with certain OpenSSH extensions, found in OpenSSH before 9.6 and other products, allows remote attackers to bypass integrity checks such that some packets are omitted (from the extension negotiation message), and a client a...

6.5

CVE-2023-3628

  • EPSS 0.12%
  • Veröffentlicht 18.12.2023 14:15:08
  • Zuletzt bearbeitet 21.11.2024 08:17:42

A flaw was found in Infinispan's REST. Bulk read endpoints do not properly evaluate user permissions for the operation. This issue could allow an authenticated user to access information outside of their intended permissions.

6.5

CVE-2023-3629

  • EPSS 0.08%
  • Veröffentlicht 18.12.2023 14:15:08
  • Zuletzt bearbeitet 21.11.2024 08:17:42

A flaw was found in Infinispan's REST, Cache retrieval endpoints do not properly evaluate the necessary admin permissions for the operation. This issue could allow an authenticated user to access information outside of their intended permissions.

7.5

CVE-2023-5379

  • EPSS 0.23%
  • Veröffentlicht 12.12.2023 22:15:22
  • Zuletzt bearbeitet 21.11.2024 08:41:39

A flaw was found in Undertow. When an AJP request is sent that exceeds the max-header-size attribute in ajp-listener, JBoss EAP is marked in an error state by mod_cluster in httpd, causing JBoss EAP to close the TCP connection without returning an AJ...

6.5

CVE-2023-4061

  • EPSS 0.2%
  • Veröffentlicht 08.11.2023 01:15:08
  • Zuletzt bearbeitet 21.11.2024 08:34:19

A flaw was found in wildfly-core. A management user could use the resolve-expression in the HAL Interface to read possible sensitive information from the Wildfly system. This issue could allow a malicious user to access the system and obtain possible...

7.5

CVE-2023-44487

Warnung Medienbericht Exploit
  • EPSS 94.44%
  • Veröffentlicht 10.10.2023 14:15:10
  • Zuletzt bearbeitet 11.06.2025 17:29:54

The HTTP/2 protocol allows a denial of service (server resource consumption) because request cancellation can reset many streams quickly, as exploited in the wild in August through October 2023.

7.5

CVE-2023-3223

  • EPSS 0.88%
  • Veröffentlicht 27.09.2023 15:18:56
  • Zuletzt bearbeitet 21.11.2024 08:16:44

A flaw was found in undertow. Servlets annotated with @MultipartConfig may cause an OutOfMemoryError due to large multipart content. This may allow unauthorized users to cause remote Denial of Service (DoS) attack. If the server uses fileSizeThreshol...