Redhat

Jboss Enterprise Application Platform

236 vulnerabilities found.

Hinweis: Diese Liste kann unvollständig sein. Daten werden ohne Gewähr im Ursprungsformat bereitgestellt.
7.5

CVE-2023-1108

  • EPSS 2.56%
  • Published 14.09.2023 15:15:08
  • Last modified 21.11.2024 07:38:28

A flaw was found in undertow. This issue makes achieving a denial of service possible due to an unexpected handshake status updated in SslConduit, where the loop never terminates.

7.5

CVE-2022-4492

  • EPSS 0.12%
  • Published 23.02.2023 20:15:12
  • Last modified 12.03.2025 15:15:38

The undertow client is not checking the server identity presented by the server certificate in https connections. This is a compulsory step (at least it should be performed by default) in https and in http/2. I would add it to any TLS client protocol...

7.4

CVE-2022-3143

  • EPSS 0.2%
  • Published 13.01.2023 06:15:11
  • Last modified 09.04.2025 14:15:23

wildfly-elytron: possible timing attacks via use of unsafe comparator. A flaw was found in Wildfly-elytron. Wildfly-elytron uses java.util.Arrays.equals in several places, which is unsafe and vulnerable to timing attacks. To compare values securely, ...

4.9

CVE-2022-2764

  • EPSS 0.12%
  • Published 01.09.2022 21:15:09
  • Last modified 21.11.2024 07:01:39

A flaw was found in Undertow. Denial of service can be achieved as Undertow server waits for the LAST_CHUNK forever for EJB invocations.

7.5

CVE-2022-1259

  • EPSS 0.18%
  • Published 31.08.2022 16:15:09
  • Last modified 21.11.2024 06:40:21

A flaw was found in Undertow. A potential security issue in flow control handling by the browser over HTTP/2 may cause overhead or a denial of service in the server. This flaw exists because of an incomplete fix for CVE-2021-3629.

7.5

CVE-2021-3859

  • EPSS 0.9%
  • Published 26.08.2022 16:15:09
  • Last modified 21.11.2024 06:22:40

A flaw was found in Undertow that tripped the client-side invocation timeout with certain calls made over HTTP2. This flaw allows an attacker to carry out denial of service attacks.

7.5

CVE-2021-3690

Exploit
  • EPSS 0.33%
  • Published 23.08.2022 16:15:09
  • Last modified 21.11.2024 06:22:09

A flaw was found in Undertow. A buffer leak on the incoming WebSocket PONG message may lead to memory exhaustion. This flaw allows an attacker to cause a denial of service. The highest threat from this vulnerability is availability.

5.9

CVE-2021-3597

  • EPSS 0.17%
  • Published 24.05.2022 19:15:09
  • Last modified 21.11.2024 06:21:56

A flaw was found in undertow. The HTTP2SourceChannel fails to write the final frame under some circumstances, resulting in a denial of service. The highest threat from this vulnerability is availability. This flaw affects Undertow versions prior to 2...

5.9

CVE-2021-3629

  • EPSS 0.1%
  • Published 24.05.2022 19:15:09
  • Last modified 21.11.2024 06:22:01

A flaw was found in Undertow. A potential security issue in flow control handling by the browser over http/2 may potentially cause overhead or a denial of service in the server. The highest threat from this vulnerability is availability. This flaw af...

7.8

CVE-2021-3717

  • EPSS 0.04%
  • Published 24.05.2022 19:15:09
  • Last modified 21.11.2024 06:22:14

A flaw was found in Wildfly. An incorrect JBOSS_LOCAL_USER challenge location when using the elytron configuration may lead to JBOSS_LOCAL_USER access to all users on the machine. The highest threat from this vulnerability is to confidentiality, inte...