Redhat

Jboss Enterprise Application Platform

239 Schwachstellen gefunden.

Hinweis: Diese Liste kann unvollständig sein. Daten werden ohne Gewähr im Ursprungsformat bereitgestellt.
6.5

CVE-2023-4061

  • EPSS 0.26%
  • Veröffentlicht 08.11.2023 01:15:08
  • Zuletzt bearbeitet 21.11.2024 08:34:19

A flaw was found in wildfly-core. A management user could use the resolve-expression in the HAL Interface to read possible sensitive information from the Wildfly system. This issue could allow a malicious user to access the system and obtain possible...

7.5

CVE-2023-44487

Warnung Medienbericht Exploit
  • EPSS 94.36%
  • Veröffentlicht 10.10.2023 14:15:10
  • Zuletzt bearbeitet 07.11.2025 19:00:41

The HTTP/2 protocol allows a denial of service (server resource consumption) because request cancellation can reset many streams quickly, as exploited in the wild in August through October 2023.

7.5

CVE-2023-3223

  • EPSS 0.88%
  • Veröffentlicht 27.09.2023 15:18:56
  • Zuletzt bearbeitet 21.11.2024 08:16:44

A flaw was found in undertow. Servlets annotated with @MultipartConfig may cause an OutOfMemoryError due to large multipart content. This may allow unauthorized users to cause remote Denial of Service (DoS) attack. If the server uses fileSizeThreshol...

7.5

CVE-2023-1108

  • EPSS 0.55%
  • Veröffentlicht 14.09.2023 15:15:08
  • Zuletzt bearbeitet 21.11.2024 07:38:28

A flaw was found in undertow. This issue makes achieving a denial of service possible due to an unexpected handshake status updated in SslConduit, where the loop never terminates.

7.5

CVE-2022-4492

  • EPSS 0.11%
  • Veröffentlicht 23.02.2023 20:15:12
  • Zuletzt bearbeitet 12.03.2025 15:15:38

The undertow client is not checking the server identity presented by the server certificate in https connections. This is a compulsory step (at least it should be performed by default) in https and in http/2. I would add it to any TLS client protocol...

7.4

CVE-2022-3143

  • EPSS 0.5%
  • Veröffentlicht 13.01.2023 06:15:11
  • Zuletzt bearbeitet 09.04.2025 14:15:23

wildfly-elytron: possible timing attacks via use of unsafe comparator. A flaw was found in Wildfly-elytron. Wildfly-elytron uses java.util.Arrays.equals in several places, which is unsafe and vulnerable to timing attacks. To compare values securely, ...

4.9

CVE-2022-2764

  • EPSS 0.12%
  • Veröffentlicht 01.09.2022 21:15:09
  • Zuletzt bearbeitet 21.11.2024 07:01:39

A flaw was found in Undertow. Denial of service can be achieved as Undertow server waits for the LAST_CHUNK forever for EJB invocations.

7.5

CVE-2022-1259

  • EPSS 0.24%
  • Veröffentlicht 31.08.2022 16:15:09
  • Zuletzt bearbeitet 21.11.2024 06:40:21

A flaw was found in Undertow. A potential security issue in flow control handling by the browser over HTTP/2 may cause overhead or a denial of service in the server. This flaw exists because of an incomplete fix for CVE-2021-3629.

7.5

CVE-2021-3859

  • EPSS 0.31%
  • Veröffentlicht 26.08.2022 16:15:09
  • Zuletzt bearbeitet 21.11.2024 06:22:40

A flaw was found in Undertow that tripped the client-side invocation timeout with certain calls made over HTTP2. This flaw allows an attacker to carry out denial of service attacks.

7.5

CVE-2021-3690

Exploit
  • EPSS 0.28%
  • Veröffentlicht 23.08.2022 16:15:09
  • Zuletzt bearbeitet 21.11.2024 06:22:09

A flaw was found in Undertow. A buffer leak on the incoming WebSocket PONG message may lead to memory exhaustion. This flaw allows an attacker to cause a denial of service. The highest threat from this vulnerability is availability.