Redhat

Jboss Enterprise Application Platform

238 Schwachstellen gefunden.

Hinweis: Diese Liste kann unvollständig sein. Daten werden ohne Gewähr im Ursprungsformat bereitgestellt.
7.5

CVE-2023-44487

Warnung Medienbericht Exploit
  • EPSS 94.42%
  • Veröffentlicht 10.10.2023 14:15:10
  • Zuletzt bearbeitet 07.11.2025 19:00:41

The HTTP/2 protocol allows a denial of service (server resource consumption) because request cancellation can reset many streams quickly, as exploited in the wild in August through October 2023.

7.5

CVE-2023-3223

  • EPSS 0.88%
  • Veröffentlicht 27.09.2023 15:18:56
  • Zuletzt bearbeitet 21.11.2024 08:16:44

A flaw was found in undertow. Servlets annotated with @MultipartConfig may cause an OutOfMemoryError due to large multipart content. This may allow unauthorized users to cause remote Denial of Service (DoS) attack. If the server uses fileSizeThreshol...

7.5

CVE-2023-1108

  • EPSS 2.56%
  • Veröffentlicht 14.09.2023 15:15:08
  • Zuletzt bearbeitet 21.11.2024 07:38:28

A flaw was found in undertow. This issue makes achieving a denial of service possible due to an unexpected handshake status updated in SslConduit, where the loop never terminates.

7.5

CVE-2022-4492

  • EPSS 0.16%
  • Veröffentlicht 23.02.2023 20:15:12
  • Zuletzt bearbeitet 12.03.2025 15:15:38

The undertow client is not checking the server identity presented by the server certificate in https connections. This is a compulsory step (at least it should be performed by default) in https and in http/2. I would add it to any TLS client protocol...

7.4

CVE-2022-3143

  • EPSS 0.29%
  • Veröffentlicht 13.01.2023 06:15:11
  • Zuletzt bearbeitet 09.04.2025 14:15:23

wildfly-elytron: possible timing attacks via use of unsafe comparator. A flaw was found in Wildfly-elytron. Wildfly-elytron uses java.util.Arrays.equals in several places, which is unsafe and vulnerable to timing attacks. To compare values securely, ...

4.9

CVE-2022-2764

  • EPSS 0.12%
  • Veröffentlicht 01.09.2022 21:15:09
  • Zuletzt bearbeitet 21.11.2024 07:01:39

A flaw was found in Undertow. Denial of service can be achieved as Undertow server waits for the LAST_CHUNK forever for EJB invocations.

7.5

CVE-2022-1259

  • EPSS 0.2%
  • Veröffentlicht 31.08.2022 16:15:09
  • Zuletzt bearbeitet 21.11.2024 06:40:21

A flaw was found in Undertow. A potential security issue in flow control handling by the browser over HTTP/2 may cause overhead or a denial of service in the server. This flaw exists because of an incomplete fix for CVE-2021-3629.

7.5

CVE-2021-3859

  • EPSS 0.81%
  • Veröffentlicht 26.08.2022 16:15:09
  • Zuletzt bearbeitet 21.11.2024 06:22:40

A flaw was found in Undertow that tripped the client-side invocation timeout with certain calls made over HTTP2. This flaw allows an attacker to carry out denial of service attacks.

7.5

CVE-2021-3690

Exploit
  • EPSS 0.33%
  • Veröffentlicht 23.08.2022 16:15:09
  • Zuletzt bearbeitet 21.11.2024 06:22:09

A flaw was found in Undertow. A buffer leak on the incoming WebSocket PONG message may lead to memory exhaustion. This flaw allows an attacker to cause a denial of service. The highest threat from this vulnerability is availability.

5.9

CVE-2021-3597

  • EPSS 0.17%
  • Veröffentlicht 24.05.2022 19:15:09
  • Zuletzt bearbeitet 21.11.2024 06:21:56

A flaw was found in undertow. The HTTP2SourceChannel fails to write the final frame under some circumstances, resulting in a denial of service. The highest threat from this vulnerability is availability. This flaw affects Undertow versions prior to 2...