Redhat

Jboss Enterprise Application Platform

236 vulnerabilities found.

Hinweis: Diese Liste kann unvollständig sein. Daten werden ohne Gewähr im Ursprungsformat bereitgestellt.
7.5

CVE-2020-7238

Exploit
  • EPSS 0.69%
  • Published 27.01.2020 17:15:12
  • Last modified 21.11.2024 05:36:53

Netty 4.1.43.Final allows HTTP Request Smuggling because it mishandles Transfer-Encoding whitespace (such as a [space]Transfer-Encoding:chunked line) and a later Content-Length header. This issue exists because of an incomplete fix for CVE-2019-16869...

4.3

CVE-2019-14885

  • EPSS 0.32%
  • Published 23.01.2020 22:15:10
  • Last modified 21.11.2024 04:27:36

A flaw was found in the JBoss EAP Vault system in all versions before 7.2.6.GA. Confidential information of the system property's security attribute value is revealed in the JBoss EAP log file when executing a JBoss CLI 'reload' command. This flaw ca...

7.5

CVE-2012-5626

  • EPSS 0.18%
  • Published 23.01.2020 19:15:11
  • Last modified 21.11.2024 01:44:59

EJB method in Red Hat JBoss BRMS 5; Red Hat JBoss Enterprise Application Platform 5; Red Hat JBoss Operations Network 3.1; Red Hat JBoss Portal 4 and 5; Red Hat JBoss SOA Platform 4.2, 4.3, and 5; in Red Hat JBoss Enterprise Web Server 1 ignores role...

7.5

CVE-2019-14888

  • EPSS 0.24%
  • Published 23.01.2020 17:15:11
  • Last modified 21.11.2024 04:27:36

A vulnerability was found in the Undertow HTTP server in versions before 2.0.28.SP1 when listening on HTTPS. An attacker can target the HTTPS port to carry out a Denial Of Service (DOS) to make the service unavailable on SSL.

4.3

CVE-2019-14820

  • EPSS 0.31%
  • Published 08.01.2020 15:15:11
  • Last modified 21.11.2024 04:27:25

It was found that keycloak before version 8.0.0 exposes internal adapter endpoints in org.keycloak.constants.AdapterConstants, which can be invoked via a specially-crafted URL. This vulnerability could allow an attacker to access unauthorized informa...

8.8

CVE-2019-14843

  • EPSS 0.19%
  • Published 07.01.2020 17:15:11
  • Last modified 21.11.2024 04:27:28

A flaw was found in Wildfly Security Manager, running under JDK 11 or 8, that authorized requests for any requester. This flaw could be used by a malicious app deployed on the app server to access unauthorized information and possibly conduct further...

6.5

CVE-2014-0169

  • EPSS 0.18%
  • Published 02.01.2020 20:15:16
  • Last modified 21.11.2024 02:01:32

In JBoss EAP 6 a security domain is configured to use a cache that is shared between all applications that are in the security domain. This could allow an authenticated user in one application to access protected resources in another application with...

7.8

CVE-2012-2312

  • EPSS 0.04%
  • Published 18.12.2019 18:15:15
  • Last modified 21.11.2024 01:38:51

An Elevated Privileges issue exists in JBoss AS 7 Community Release due to the improper implementation in the security context propagation, A threat gets reused from the thread pool that still retains the security context from the process last used, ...

6.1

CVE-2013-6495

  • EPSS 0.34%
  • Published 11.12.2019 14:15:09
  • Last modified 21.11.2024 01:59:20

JBossWeb Bayeux has reflected XSS

8.8

CVE-2019-10174

  • EPSS 1.04%
  • Published 25.11.2019 11:15:10
  • Last modified 21.11.2024 04:18:34

A vulnerability was found in Infinispan such that the invokeAccessibly method from the public class ReflectionUtil allows any application class to invoke private methods in any class with Infinispan's privileges. The attacker can use reflection to in...