Redhat

Jboss Enterprise Application Platform

238 Schwachstellen gefunden.

Hinweis: Diese Liste kann unvollständig sein. Daten werden ohne Gewähr im Ursprungsformat bereitgestellt.
8.8

CVE-2021-32027

  • EPSS 0.49%
  • Veröffentlicht 01.06.2021 14:15:09
  • Zuletzt bearbeitet 21.11.2024 06:06:44

A flaw was found in postgresql in versions before 13.3, before 12.7, before 11.12, before 10.17 and before 9.6.22. While modifying certain SQL array values, missing bounds checks let authenticated database users write arbitrary bytes to a wide area o...

7.5

CVE-2020-25710

  • EPSS 8.39%
  • Veröffentlicht 28.05.2021 11:15:07
  • Zuletzt bearbeitet 21.11.2024 05:18:32

A flaw was found in OpenLDAP in versions before 2.4.56. This flaw allows an attacker who sends a malicious packet processed by OpenLDAP to force a failed assertion in csnNormalize23(). The highest threat from this vulnerability is to system availabil...

6.1

CVE-2020-10688

Exploit
  • EPSS 0.22%
  • Veröffentlicht 27.05.2021 19:15:07
  • Zuletzt bearbeitet 21.11.2024 04:55:51

A cross-site scripting (XSS) flaw was found in RESTEasy in versions before 3.11.1.Final and before 4.5.3.Final, where it did not properly handle URL encoding when the RESTEASY003870 exception occurs. An attacker could use this flaw to launch a reflec...

4.8

CVE-2021-3536

  • EPSS 0.28%
  • Veröffentlicht 20.05.2021 13:15:07
  • Zuletzt bearbeitet 21.11.2024 06:21:47

A flaw was found in Wildfly in versions before 23.0.2.Final while creating a new role in domain mode via the admin console, it is possible to add a payload in the name field, leading to XSS. This affects Confidentiality and Integrity.

7.5

CVE-2019-19343

  • EPSS 0.51%
  • Veröffentlicht 23.03.2021 21:15:13
  • Zuletzt bearbeitet 21.11.2024 04:34:36

A flaw was found in Undertow when using Remoting as shipped in Red Hat Jboss EAP before version 7.2.4. A memory leak in HttpOpenListener due to holding remote connections indefinitely may lead to denial of service. Versions before undertow 2.0.25.SP1...

6.8

CVE-2020-25689

Exploit
  • EPSS 0.24%
  • Veröffentlicht 02.11.2020 21:15:27
  • Zuletzt bearbeitet 21.11.2024 05:18:28

A memory leak flaw was found in WildFly in all versions up to 21.0.0.Final, where host-controller tries to reconnect in a loop, generating new connections which are not properly closed while not able to connect to domain-controller. This flaw allows ...

6.5

CVE-2020-14299

  • EPSS 0.1%
  • Veröffentlicht 16.10.2020 14:15:11
  • Zuletzt bearbeitet 21.11.2024 05:02:57

A flaw was found in JBoss EAP, where the authentication configuration is set-up using a legacy SecurityRealm, to delegate to a legacy PicketBox SecurityDomain, and then reloaded to admin-only mode. This flaw allows an attacker to perform a complete a...

7.5

CVE-2020-25644

  • EPSS 0.47%
  • Veröffentlicht 06.10.2020 14:15:12
  • Zuletzt bearbeitet 21.11.2024 05:18:19

A memory leak flaw was found in WildFly OpenSSL in versions prior to 1.1.3.Final, where it removes an HTTP session. It may allow the attacker to cause OOM leading to a denial of service. The highest threat from this vulnerability is to system availab...

5.8

CVE-2020-10687

  • EPSS 0.21%
  • Veröffentlicht 23.09.2020 13:15:15
  • Zuletzt bearbeitet 21.11.2024 04:55:51

A flaw was discovered in all versions of Undertow before Undertow 2.2.0.Final, where HTTP request smuggling related to CVE-2017-2666 is possible against HTTP/1.x and HTTP/2 due to permitting invalid characters in an HTTP request. This flaw allows an ...

5.3

CVE-2020-1710

  • EPSS 0.24%
  • Veröffentlicht 16.09.2020 15:15:12
  • Zuletzt bearbeitet 21.11.2024 05:11:13

The issue appears to be that JBoss EAP 6.4.21 does not parse the field-name in accordance to RFC7230[1] as it returns a 200 instead of a 400.