Redhat

Jboss Enterprise Application Platform

236 vulnerabilities found.

Hinweis: Diese Liste kann unvollständig sein. Daten werden ohne Gewähr im Ursprungsformat bereitgestellt.
7.5

CVE-2020-10705

  • EPSS 0.38%
  • Published 10.06.2020 20:15:12
  • Last modified 21.11.2024 04:55:53

A flaw was discovered in Undertow in versions before Undertow 2.1.1.Final where certain requests to the "Expect: 100-continue" header may cause an out of memory error. This flaw may potentially lead to a denial of service.

6.5

CVE-2020-10719

  • EPSS 0.17%
  • Published 26.05.2020 16:15:12
  • Last modified 21.11.2024 04:55:55

A flaw was found in Undertow in versions before 2.1.1.Final, regarding the processing of invalid HTTP requests with large chunk sizes. This flaw allows an attacker to take advantage of HTTP request smuggling.

5.3

CVE-2020-10693

  • EPSS 0.03%
  • Published 06.05.2020 14:15:10
  • Last modified 21.11.2024 04:55:52

A flaw was found in Hibernate Validator version 6.1.2.Final. A bug in the message interpolation processor enables invalid EL expressions to be evaluated as if they were valid. This flaw allows attackers to bypass input sanitation (escaping, stripping...

4.9

CVE-2020-1732

  • EPSS 0.13%
  • Published 04.05.2020 17:15:12
  • Last modified 21.11.2024 05:11:15

A flaw was found in Soteria before 1.0.1, in a way that multiple requests occurring concurrently causing security identity corruption across concurrent threads when using EE Security with WildFly Elytron which can lead to the possibility of being han...

8.1

CVE-2020-1757

  • EPSS 0.46%
  • Published 21.04.2020 17:15:12
  • Last modified 21.11.2024 05:11:19

A flaw was found in all undertow-2.x.x SP1 versions prior to undertow-2.0.30.SP1, all undertow-1.x.x and undertow-2.x.x versions prior to undertow-2.1.0.Final, where the Servlet container causes servletPath to normalize incorrectly by truncating the ...

9.1

CVE-2019-14887

  • EPSS 0.18%
  • Published 16.03.2020 15:15:12
  • Last modified 21.11.2024 04:27:36

A flaw was found when an OpenSSL security provider is used with Wildfly, the 'enabled-protocols' value in the Wildfly configuration isn't honored. An attacker could target the traffic sent from Wildfly and downgrade the connection to a weaker version...

5.9

CVE-2011-2487

  • EPSS 0.14%
  • Published 11.03.2020 16:15:11
  • Last modified 21.11.2024 01:28:23

The implementations of PKCS#1 v1.5 key transport mechanism for XMLEncryption in JBossWS and Apache WSS4J before 1.6.5 is susceptible to a Bleichenbacher attack.

9.8

CVE-2019-14892

  • EPSS 0.87%
  • Published 02.03.2020 17:15:17
  • Last modified 21.11.2024 04:27:37

A flaw was discovered in jackson-databind in versions before 2.9.10, 2.8.11.5 and 2.6.7.3, where it would permit polymorphic deserialization of a malicious object using commons-configuration 1 and 2 JNDI classes. An attacker could use this flaw to ex...

9.1

CVE-2019-20444

Exploit
  • EPSS 4.17%
  • Published 29.01.2020 21:15:11
  • Last modified 01.07.2025 18:15:23

HttpObjectDecoder.java in Netty before 4.1.44 allows an HTTP header that lacks a colon, which might be interpreted as a separate header with an incorrect syntax, or might be interpreted as an "invalid fold."

9.1

CVE-2019-20445

Exploit
  • EPSS 0.96%
  • Published 29.01.2020 21:15:11
  • Last modified 21.11.2024 04:38:30

HttpObjectDecoder.java in Netty before 4.1.44 allows a Content-Length header to be accompanied by a second Content-Length header, or by a Transfer-Encoding header.