Redhat

Jboss Enterprise Application Platform

238 Schwachstellen gefunden.

Hinweis: Diese Liste kann unvollständig sein. Daten werden ohne Gewähr im Ursprungsformat bereitgestellt.
7.3

CVE-2024-1233

  • EPSS 0.18%
  • Veröffentlicht 09.04.2024 07:15:08
  • Zuletzt bearbeitet 24.10.2025 12:15:36

A flaw was found in` JwtValidator.resolvePublicKey` in JBoss EAP, where the validator checks jku and sends a HTTP request. During this process, no whitelisting or other filtering behavior is performed on the destination URL address, which may result ...

7.5

CVE-2023-5685

  • EPSS 0.47%
  • Veröffentlicht 22.03.2024 19:15:07
  • Zuletzt bearbeitet 26.11.2024 03:15:03

A flaw was found in XNIO. The XNIO NotifierState that can cause a Stack Overflow Exception when the chain of notifier states becomes problematically large can lead to uncontrolled resource management and a possible denial of service (DoS).

7.5

CVE-2024-1635

  • EPSS 8.33%
  • Veröffentlicht 19.02.2024 22:15:48
  • Zuletzt bearbeitet 07.05.2025 12:27:53

A vulnerability was found in Undertow. This vulnerability impacts a server that supports the wildfly-http-client protocol. Whenever a malicious user opens and closes a connection with the HTTP port of the server and then closes the connection immedia...

7.5

CVE-2023-4503

  • EPSS 0.19%
  • Veröffentlicht 06.02.2024 09:15:52
  • Zuletzt bearbeitet 21.11.2024 08:35:18

An improper initialization vulnerability was found in Galleon. When using Galleon to provision custom EAP or EAP-XP servers, the servers are created unsecured. This issue could allow an attacker to access remote HTTP services available from the serve...

7.5

CVE-2023-3171

  • EPSS 0.17%
  • Veröffentlicht 27.12.2023 16:15:13
  • Zuletzt bearbeitet 21.11.2024 08:16:37

A flaw was found in EAP-7 during deserialization of certain classes, which permits instantiation of HashMap and HashTable with no checks on resources consumed. This issue could allow an attacker to submit malicious requests using these classes, which...

5.9

CVE-2023-48795

Medienbericht Exploit
  • EPSS 55.96%
  • Veröffentlicht 18.12.2023 16:15:10
  • Zuletzt bearbeitet 04.11.2025 22:15:55

The SSH transport protocol with certain OpenSSH extensions, found in OpenSSH before 9.6 and other products, allows remote attackers to bypass integrity checks such that some packets are omitted (from the extension negotiation message), and a client a...

6.5

CVE-2023-3628

  • EPSS 0.12%
  • Veröffentlicht 18.12.2023 14:15:08
  • Zuletzt bearbeitet 21.11.2024 08:17:42

A flaw was found in Infinispan's REST. Bulk read endpoints do not properly evaluate user permissions for the operation. This issue could allow an authenticated user to access information outside of their intended permissions.

6.5

CVE-2023-3629

  • EPSS 0.08%
  • Veröffentlicht 18.12.2023 14:15:08
  • Zuletzt bearbeitet 21.11.2024 08:17:42

A flaw was found in Infinispan's REST, Cache retrieval endpoints do not properly evaluate the necessary admin permissions for the operation. This issue could allow an authenticated user to access information outside of their intended permissions.

7.5

CVE-2023-5379

  • EPSS 0.14%
  • Veröffentlicht 12.12.2023 22:15:22
  • Zuletzt bearbeitet 25.10.2025 01:15:42

A flaw was found in Undertow. When an AJP request is sent that exceeds the max-header-size attribute in ajp-listener, JBoss EAP is marked in an error state by mod_cluster in httpd, causing JBoss EAP to close the TCP connection without returning an AJ...

6.5

CVE-2023-4061

  • EPSS 0.2%
  • Veröffentlicht 08.11.2023 01:15:08
  • Zuletzt bearbeitet 21.11.2024 08:34:19

A flaw was found in wildfly-core. A management user could use the resolve-expression in the HAL Interface to read possible sensitive information from the Wildfly system. This issue could allow a malicious user to access the system and obtain possible...