Redhat

Jboss Enterprise Application Platform

238 Schwachstellen gefunden.

Hinweis: Diese Liste kann unvollständig sein. Daten werden ohne Gewähr im Ursprungsformat bereitgestellt.
9.8

CVE-2019-16942

  • EPSS 0.42%
  • Veröffentlicht 01.10.2019 17:15:10
  • Zuletzt bearbeitet 21.11.2024 04:31:23

A Polymorphic Typing issue was discovered in FasterXML jackson-databind 2.0.0 through 2.9.10. When Default Typing is enabled (either globally or for a specific property) for an externally exposed JSON endpoint and the service has the commons-dbcp (1....

9.8

CVE-2019-16943

  • EPSS 1.84%
  • Veröffentlicht 01.10.2019 17:15:10
  • Zuletzt bearbeitet 21.11.2024 04:31:23

A Polymorphic Typing issue was discovered in FasterXML jackson-databind 2.0.0 through 2.9.10. When Default Typing is enabled (either globally or for a specific property) for an externally exposed JSON endpoint and the service has the p6spy (3.8.6) ja...

9.8

CVE-2019-10202

  • EPSS 7.24%
  • Veröffentlicht 01.10.2019 15:15:11
  • Zuletzt bearbeitet 21.11.2024 04:18:38

A series of deserialization vulnerabilities have been discovered in Codehaus 1.9.x implemented in EAP 7. This CVE fixes CVE-2017-17485, CVE-2017-7525, CVE-2017-15095, CVE-2018-5968, CVE-2018-7489, CVE-2018-1000873, CVE-2019-12086 reported for FasterX...

7.5

CVE-2019-16869

Exploit
  • EPSS 3.59%
  • Veröffentlicht 26.09.2019 16:15:11
  • Zuletzt bearbeitet 07.07.2025 17:15:26

Netty before 4.1.42.Final mishandles whitespace before the colon in HTTP headers (such as a "Transfer-Encoding : chunked" line), which leads to HTTP request smuggling.

9.8

CVE-2019-14540

  • EPSS 7.08%
  • Veröffentlicht 15.09.2019 22:15:10
  • Zuletzt bearbeitet 21.11.2024 04:26:55

A Polymorphic Typing issue was discovered in FasterXML jackson-databind before 2.9.10. It is related to com.zaxxer.hikari.HikariConfig.

9.8

CVE-2019-16335

  • EPSS 0.65%
  • Veröffentlicht 15.09.2019 22:15:10
  • Zuletzt bearbeitet 21.11.2024 04:30:32

A Polymorphic Typing issue was discovered in FasterXML jackson-databind before 2.9.10. It is related to com.zaxxer.hikari.HikariDataSource. This is a different vulnerability than CVE-2019-14540.

5.5

CVE-2019-12400

  • EPSS 0.59%
  • Veröffentlicht 23.08.2019 21:15:11
  • Zuletzt bearbeitet 21.11.2024 04:22:45

In version 2.0.3 Apache Santuario XML Security for Java, a caching mechanism was introduced to speed up creating new XML documents using a static pool of DocumentBuilders. However, if some untrusted code can register a malicious implementation with t...

7.5

CVE-2019-10086

  • EPSS 0.32%
  • Veröffentlicht 20.08.2019 21:15:12
  • Zuletzt bearbeitet 21.11.2024 04:18:22

In Apache Commons Beanutils 1.9.2, a special BeanIntrospector class was added which allows suppressing the ability for an attacker to access the classloader via the class property available on all Java objects. We, however were not using this by defa...

7.8

CVE-2019-9518

  • EPSS 3.67%
  • Veröffentlicht 13.08.2019 21:15:13
  • Zuletzt bearbeitet 14.01.2025 19:29:55

Some HTTP/2 implementations are vulnerable to a flood of empty frames, potentially leading to a denial of service. The attacker sends a stream of frames with an empty payload and without the end-of-stream flag. These frames can be DATA, HEADERS, CONT...

7.8

CVE-2019-9511

  • EPSS 13.95%
  • Veröffentlicht 13.08.2019 21:15:12
  • Zuletzt bearbeitet 14.01.2025 19:29:55

Some HTTP/2 implementations are vulnerable to window size manipulation and stream prioritization manipulation, potentially leading to a denial of service. The attacker requests a large amount of data from a specified resource over multiple streams. T...