Red Hat Jboss Enterprise Application Platform
Don't miss out!
Thousands of developers use stack.watch to stay informed.Get an email whenever new security vulnerabilities are reported in Red Hat Jboss Enterprise Application Platform.
Recent Red Hat Jboss Enterprise Application Platform Security Advisories
Advisory | Title | Published |
---|---|---|
RHSA-2025:0372 | (RHSA-2025:0372) Important: Red Hat JBoss Enterprise Application Platform 8.0 security update | January 16, 2025 |
RHSA-2025:0371 | (RHSA-2025:0371) Important: Red Hat JBoss Enterprise Application Platform 8.0 security update | January 16, 2025 |
RHSA-2024:11570 | (RHSA-2024:11570) Important: Red Hat JBoss Enterprise Application Platform 8.0.5 Security update | December 19, 2024 |
RHSA-2024:11560 | (RHSA-2024:11560) Important: Red Hat JBoss Enterprise Application Platform 8.0.5 Security update | December 19, 2024 |
RHSA-2024:11559 | (RHSA-2024:11559) Important: Red Hat JBoss Enterprise Application Platform 8.0.5 Security update | December 19, 2024 |
RHSA-2024:11531 | (RHSA-2024:11531) Important: Red Hat JBoss Enterprise Application Platform 7.4 security update | December 19, 2024 |
RHSA-2024:11529 | (RHSA-2024:11529) Important: Red Hat JBoss Enterprise Application Platform 7.4 security update | December 19, 2024 |
RHSA-2024:10933 | (RHSA-2024:10933) Moderate: Red Hat JBoss Enterprise Application Platform 7.4.20 Security update | December 10, 2024 |
RHSA-2024:10929 | (RHSA-2024:10929) Moderate: Red Hat JBoss Enterprise Application Platform 7.4.20 Security update | December 10, 2024 |
RHSA-2024:10928 | (RHSA-2024:10928) Moderate: Red Hat JBoss Enterprise Application Platform 7.4.20 Security update | December 10, 2024 |
By the Year
In 2025 there have been 0 vulnerabilities in Red Hat Jboss Enterprise Application Platform. Last year, in 2024 Jboss Enterprise Application Platform had 3 security vulnerabilities published. Right now, Jboss Enterprise Application Platform is on track to have less security vulnerabilities in 2025 than it did last year.
Year | Vulnerabilities | Average Score |
---|---|---|
2025 | 0 | 0.00 |
2024 | 3 | 7.43 |
2023 | 10 | 7.03 |
2022 | 9 | 6.64 |
2021 | 11 | 6.60 |
2020 | 19 | 6.74 |
2019 | 20 | 7.52 |
2018 | 6 | 8.75 |
It may take a day or so for new Jboss Enterprise Application Platform vulnerabilities to show up in the stats or in the list of recent security vulnerabilties. Additionally vulnerabilities may be tagged under a different product or component name.
Recent Red Hat Jboss Enterprise Application Platform Security Vulnerabilities
A vulnerability was found in Wildfly, where a user may perform Cross-site scripting in the Wildfly deployment system
CVE-2024-10234
7.3 - High
- October 22, 2024
A vulnerability was found in Wildfly, where a user may perform Cross-site scripting in the Wildfly deployment system. This flaw allows an attacker or insider to execute a deployment with a malicious payload, which could trigger undesired behavior against the server.
XSS
A vulnerability was found in Undertow where the ProxyProtocolReadListener reuses the same StringBuilder instance across multiple requests
CVE-2024-7885
7.5 - High
- August 21, 2024
A vulnerability was found in Undertow where the ProxyProtocolReadListener reuses the same StringBuilder instance across multiple requests. This issue occurs when the parseProxyProtocolV1 method processes multiple requests on the same HTTP connection. As a result, different requests may share the same StringBuilder instance, potentially leading to information leakage between requests or responses. In some cases, a value from a previous request or response may be erroneously reused, which could lead to unintended data exposure. This issue primarily results in errors and connection termination but creates a risk of data leakage in multi-request environments.
Race Condition
An improper initialization vulnerability was found in Galleon
CVE-2023-4503
7.5 - High
- February 06, 2024
An improper initialization vulnerability was found in Galleon. When using Galleon to provision custom EAP or EAP-XP servers, the servers are created unsecured. This issue could allow an attacker to access remote HTTP services available from the server.
Improper Initialization
A flaw was found in EAP-7 during deserialization of certain classes
CVE-2023-3171
7.5 - High
- December 27, 2023
A flaw was found in EAP-7 during deserialization of certain classes, which permits instantiation of HashMap and HashTable with no checks on resources consumed. This issue could allow an attacker to submit malicious requests using these classes, which could eventually exhaust the heap and result in a Denial of Service.
Allocation of Resources Without Limits or Throttling
The SSH transport protocol with certain OpenSSH extensions, found in OpenSSH before 9.6 and other products, allows remote attackers to bypass integrity checks such
CVE-2023-48795
5.9 - Medium
- December 18, 2023
The SSH transport protocol with certain OpenSSH extensions, found in OpenSSH before 9.6 and other products, allows remote attackers to bypass integrity checks such that some packets are omitted (from the extension negotiation message), and a client and server may consequently end up with a connection for which some security features have been downgraded or disabled, aka a Terrapin attack. This occurs because the SSH Binary Packet Protocol (BPP), implemented by these extensions, mishandles the handshake phase and mishandles use of sequence numbers. For example, there is an effective attack against SSH's use of ChaCha20-Poly1305 (and CBC with Encrypt-then-MAC). The bypass occurs in chacha20-poly1305@openssh.com and (if CBC is used) the -etm@openssh.com MAC algorithms. This also affects Maverick Synergy Java SSH API before 3.1.0-SNAPSHOT, Dropbear through 2022.83, Ssh before 5.1.1 in Erlang/OTP, PuTTY before 0.80, AsyncSSH before 2.14.2, golang.org/x/crypto before 0.17.0, libssh before 0.10.6, libssh2 through 1.11.0, Thorn Tech SFTP Gateway before 3.4.6, Tera Term before 5.1, Paramiko before 3.4.0, jsch before 0.2.15, SFTPGo before 2.5.6, Netgate pfSense Plus through 23.09.1, Netgate pfSense CE through 2.7.2, HPN-SSH through 18.2.0, ProFTPD before 1.3.8b (and before 1.3.9rc2), ORYX CycloneSSH before 2.3.4, NetSarang XShell 7 before Build 0144, CrushFTP before 10.6.0, ConnectBot SSH library before 2.2.22, Apache MINA sshd through 2.11.0, sshj through 0.37.0, TinySSH through 20230101, trilead-ssh2 6401, LANCOM LCOS and LANconfig, FileZilla before 3.66.4, Nova before 11.8, PKIX-SSH before 14.4, SecureCRT before 9.4.3, Transmit5 before 5.10.4, Win32-OpenSSH before 9.5.0.0p1-Beta, WinSCP before 6.2.2, Bitvise SSH Server before 9.32, Bitvise SSH Client before 9.33, KiTTY through 0.76.1.13, the net-ssh gem 7.2.0 for Ruby, the mscdex ssh2 module before 1.15.0 for Node.js, the thrussh library before 0.35.1 for Rust, and the Russh crate before 0.40.2 for Rust.
Improper Validation of Integrity Check Value
A flaw was found in Infinispan's REST, Cache retrieval endpoints do not properly evaluate the necessary admin permissions for the operation
CVE-2023-3629
6.5 - Medium
- December 18, 2023
A flaw was found in Infinispan's REST, Cache retrieval endpoints do not properly evaluate the necessary admin permissions for the operation. This issue could allow an authenticated user to access information outside of their intended permissions.
A flaw was found in Infinispan's REST
CVE-2023-3628
6.5 - Medium
- December 18, 2023
A flaw was found in Infinispan's REST. Bulk read endpoints do not properly evaluate user permissions for the operation. This issue could allow an authenticated user to access information outside of their intended permissions.
A flaw was found in Undertow
CVE-2023-5379
7.5 - High
- December 12, 2023
A flaw was found in Undertow. When an AJP request is sent that exceeds the max-header-size attribute in ajp-listener, JBoss EAP is marked in an error state by mod_cluster in httpd, causing JBoss EAP to close the TCP connection without returning an AJP response. This happens because mod_proxy_cluster marks the JBoss EAP instance as an error worker when the TCP connection is closed from the backend after sending the AJP request without receiving an AJP response, and stops forwarding. This issue could allow a malicious user could to repeatedly send requests that exceed the max-header-size, causing a Denial of Service (DoS).
Allocation of Resources Without Limits or Throttling
A flaw was found in wildfly-core
CVE-2023-4061
6.5 - Medium
- November 08, 2023
A flaw was found in wildfly-core. A management user could use the resolve-expression in the HAL Interface to read possible sensitive information from the Wildfly system. This issue could allow a malicious user to access the system and obtain possible sensitive information from the system.
The HTTP/2 protocol
CVE-2023-44487
7.5 - High
- October 10, 2023
The HTTP/2 protocol allows a denial of service (server resource consumption) because request cancellation can reset many streams quickly, as exploited in the wild in August through October 2023.
Resource Exhaustion
A flaw was found in undertow
CVE-2023-1108
7.5 - High
- September 14, 2023
A flaw was found in undertow. This issue makes achieving a denial of service possible due to an unexpected handshake status updated in SslConduit, where the loop never terminates.
Infinite Loop
The undertow client is not checking the server identity presented by the server certificate in https connections
CVE-2022-4492
7.5 - High
- February 23, 2023
The undertow client is not checking the server identity presented by the server certificate in https connections. This is a compulsory step (at least it should be performed by default) in https and in http/2. I would add it to any TLS client protocol.
wildfly-elytron: possible timing attacks via use of unsafe comparator
CVE-2022-3143
7.4 - High
- January 13, 2023
wildfly-elytron: possible timing attacks via use of unsafe comparator. A flaw was found in Wildfly-elytron. Wildfly-elytron uses java.util.Arrays.equals in several places, which is unsafe and vulnerable to timing attacks. To compare values securely, use java.security.MessageDigest.isEqual instead. This flaw allows an attacker to access secure information or impersonate an authed user.
Side Channel Attack
A flaw was found in Undertow
CVE-2022-2764
4.9 - Medium
- September 01, 2022
A flaw was found in Undertow. Denial of service can be achieved as Undertow server waits for the LAST_CHUNK forever for EJB invocations.
A flaw was found in Undertow
CVE-2022-1259
7.5 - High
- August 31, 2022
A flaw was found in Undertow. A potential security issue in flow control handling by the browser over HTTP/2 may cause overhead or a denial of service in the server. This flaw exists because of an incomplete fix for CVE-2021-3629.
Resource Exhaustion
A flaw was found in Undertow that tripped the client-side invocation timeout with certain calls made over HTTP2
CVE-2021-3859
7.5 - High
- August 26, 2022
A flaw was found in Undertow that tripped the client-side invocation timeout with certain calls made over HTTP2. This flaw allows an attacker to carry out denial of service attacks.
Invocation of Process Using Visible Sensitive Information
A flaw was found in Undertow
CVE-2021-3690
7.5 - High
- August 23, 2022
A flaw was found in Undertow. A buffer leak on the incoming WebSocket PONG message may lead to memory exhaustion. This flaw allows an attacker to cause a denial of service. The highest threat from this vulnerability is availability.
Memory Leak
A flaw was found in Wildfly
CVE-2021-3717
7.8 - High
- May 24, 2022
A flaw was found in Wildfly. An incorrect JBOSS_LOCAL_USER challenge location when using the elytron configuration may lead to JBOSS_LOCAL_USER access to all users on the machine. The highest threat from this vulnerability is to confidentiality, integrity, and availability. This flaw affects wildfly-core versions prior to 17.0.
Files or Directories Accessible to External Parties
A flaw was found in Undertow
CVE-2021-3629
5.9 - Medium
- May 24, 2022
A flaw was found in Undertow. A potential security issue in flow control handling by the browser over http/2 may potentially cause overhead or a denial of service in the server. The highest threat from this vulnerability is availability. This flaw affects Undertow versions prior to 2.0.40.Final and prior to 2.2.11.Final.
Resource Exhaustion
A flaw was found in undertow
CVE-2021-3597
5.9 - Medium
- May 24, 2022
A flaw was found in undertow. The HTTP2SourceChannel fails to write the final frame under some circumstances, resulting in a denial of service. The highest threat from this vulnerability is availability. This flaw affects Undertow versions prior to 2.0.35.SP1, prior to 2.2.6.SP1, prior to 2.2.7.SP1, prior to 2.0.36.SP1, prior to 2.2.9.Final and prior to 2.0.39.Final.
Race Condition
This is a concurrency issue
CVE-2022-0866
5.3 - Medium
- May 10, 2022
This is a concurrency issue that can result in the wrong caller principal being returned from the session context of an EJB that is configured with a RunAs principal. In particular, the org.jboss.as.ejb3.component.EJBComponent class has an incomingRunAsIdentity field. This field is used by the org.jboss.as.ejb3.security.RunAsPrincipalInterceptor to keep track of the current identity prior to switching to a new identity created using the RunAs principal. The exploit consist that the EJBComponent#incomingRunAsIdentity field is currently just a SecurityIdentity. This means in a concurrent environment, where multiple users are repeatedly invoking an EJB that is configured with a RunAs principal, it's possible for the wrong the caller principal to be returned from EJBComponent#getCallerPrincipal. Similarly, it's also possible for EJBComponent#isCallerInRole to return the wrong value. Both of these methods rely on incomingRunAsIdentity. Affects all versions of JBoss EAP from 7.1.0 and all versions of WildFly 11+ when Elytron is enabled.
AuthZ
A flaw was found in JBoss-client
CVE-2022-0853
7.5 - High
- March 11, 2022
A flaw was found in JBoss-client. The vulnerability occurs due to a memory leak on the JBoss client-side, when using UserTransaction repeatedly and leads to information leakage vulnerability.
Memory Leak
The HornetQ component of Artemis in EAP 7 was not updated with the fix for CVE-2016-4978
CVE-2021-20318
7.2 - High
- December 23, 2021
The HornetQ component of Artemis in EAP 7 was not updated with the fix for CVE-2016-4978. A remote attacker could use this flaw to execute arbitrary code with the permissions of the application using a JMS ObjectMessage.
Marshaling, Unmarshaling
JMSAppender in Log4j 1.2 is vulnerable to deserialization of untrusted data when the attacker has write access to the Log4j configuration
CVE-2021-4104
7.5 - High
- December 14, 2021
JMSAppender in Log4j 1.2 is vulnerable to deserialization of untrusted data when the attacker has write access to the Log4j configuration. The attacker can provide TopicBindingName and TopicConnectionFactoryBindingName configurations causing JMSAppender to perform JNDI requests that result in remote code execution in a similar fashion to CVE-2021-44228. Note this issue only affects Log4j 1.2 when specifically configured to use JMSAppender, which is not the default. Apache Log4j 1.2 reached end of life in August 2015. Users should upgrade to Log4j 2 as it addresses numerous other issues from the previous versions.
Marshaling, Unmarshaling
A flaw was found in postgresql
CVE-2021-32029
6.5 - Medium
- October 08, 2021
A flaw was found in postgresql. Using an UPDATE ... RETURNING command on a purpose-crafted table, an authenticated database user could read arbitrary bytes of server memory. The highest threat from this vulnerability is to data confidentiality.
Out-of-bounds Read
A flaw was found in Wildfly Elytron in versions prior to 1.10.14.Final
CVE-2021-3642
5.3 - Medium
- August 05, 2021
A flaw was found in Wildfly Elytron in versions prior to 1.10.14.Final, prior to 1.15.5.Final and prior to 1.16.1.Final where ScramServer may be susceptible to Timing Attack if enabled. The highest threat of this vulnerability is confidentiality.
Side Channel Attack
A vulnerability was discovered in XNIO where file descriptor leak caused by growing amounts of NIO Selector file handles between garbage collection cycles
CVE-2020-14340
5.9 - Medium
- June 02, 2021
A vulnerability was discovered in XNIO where file descriptor leak caused by growing amounts of NIO Selector file handles between garbage collection cycles. It may allow the attacker to cause a denial of service. It affects XNIO versions 3.6.0.Beta1 through 3.8.1.Final.
It was found that the issue for security flaw CVE-2019-3805 appeared again in a further version of JBoss Enterprise Application Platform - Continuous Delivery (EAP-CD) introducing regression
CVE-2020-14317
5.5 - Medium
- June 02, 2021
It was found that the issue for security flaw CVE-2019-3805 appeared again in a further version of JBoss Enterprise Application Platform - Continuous Delivery (EAP-CD) introducing regression. An attacker could exploit this by modifying the PID file in /var/run/jboss-eap/ allowing the init.d script to terminate any process as root.
Signal Handler Race Condition
A flaw was found in postgresql in versions before 13.3, before 12.7, before 11.12, before 10.17 and before 9.6.22
CVE-2021-32027
8.8 - High
- June 01, 2021
A flaw was found in postgresql in versions before 13.3, before 12.7, before 11.12, before 10.17 and before 9.6.22. While modifying certain SQL array values, missing bounds checks let authenticated database users write arbitrary bytes to a wide area of server memory. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability.
Buffer Overflow
A flaw was found in OpenLDAP in versions before 2.4.56
CVE-2020-25710
7.5 - High
- May 28, 2021
A flaw was found in OpenLDAP in versions before 2.4.56. This flaw allows an attacker who sends a malicious packet processed by OpenLDAP to force a failed assertion in csnNormalize23(). The highest threat from this vulnerability is to system availability.
assertion failure
A cross-site scripting (XSS) flaw was found in RESTEasy in versions before 3.11.1.Final and before 4.5.3.Final
CVE-2020-10688
6.1 - Medium
- May 27, 2021
A cross-site scripting (XSS) flaw was found in RESTEasy in versions before 3.11.1.Final and before 4.5.3.Final, where it did not properly handle URL encoding when the RESTEASY003870 exception occurs. An attacker could use this flaw to launch a reflected XSS attack.
XSS
A flaw was found in Wildfly in versions before 23.0.2.Final while creating a new role in domain mode
CVE-2021-3536
4.8 - Medium
- May 20, 2021
A flaw was found in Wildfly in versions before 23.0.2.Final while creating a new role in domain mode via the admin console, it is possible to add a payload in the name field, leading to XSS. This affects Confidentiality and Integrity.
XSS
A flaw was found in Undertow when using Remoting as shipped in Red Hat Jboss EAP before version 7.2.4
CVE-2019-19343
7.5 - High
- March 23, 2021
A flaw was found in Undertow when using Remoting as shipped in Red Hat Jboss EAP before version 7.2.4. A memory leak in HttpOpenListener due to holding remote connections indefinitely may lead to denial of service. Versions before undertow 2.0.25.SP1 and jboss-remoting 5.0.14.SP1 are believed to be vulnerable.
Improper Resource Shutdown or Release
A memory leak flaw was found in WildFly in all versions up to 21.0.0.Final, where host-controller tries to reconnect in a loop, generating new connections
CVE-2020-25689
6.5 - Medium
- November 02, 2020
A memory leak flaw was found in WildFly in all versions up to 21.0.0.Final, where host-controller tries to reconnect in a loop, generating new connections which are not properly closed while not able to connect to domain-controller. This flaw allows an attacker to cause an Out of memory (OOM) issue, leading to a denial of service. The highest threat from this vulnerability is to system availability.
Memory Leak
A flaw was found in JBoss EAP
CVE-2020-14299
6.5 - Medium
- October 16, 2020
A flaw was found in JBoss EAP, where the authentication configuration is set-up using a legacy SecurityRealm, to delegate to a legacy PicketBox SecurityDomain, and then reloaded to admin-only mode. This flaw allows an attacker to perform a complete authentication bypass by using an arbitrary user and password. The highest threat to vulnerability is to system availability.
authentification
A memory leak flaw was found in WildFly OpenSSL in versions prior to 1.1.3.Final, where it removes an HTTP session
CVE-2020-25644
7.5 - High
- October 06, 2020
A memory leak flaw was found in WildFly OpenSSL in versions prior to 1.1.3.Final, where it removes an HTTP session. It may allow the attacker to cause OOM leading to a denial of service. The highest threat from this vulnerability is to system availability.
Memory Leak
A flaw was discovered in all versions of Undertow before Undertow 2.2.0.Final
CVE-2020-10687
4.8 - Medium
- September 23, 2020
A flaw was discovered in all versions of Undertow before Undertow 2.2.0.Final, where HTTP request smuggling related to CVE-2017-2666 is possible against HTTP/1.x and HTTP/2 due to permitting invalid characters in an HTTP request. This flaw allows an attacker to poison a web-cache, perform an XSS attack, or obtain sensitive information from request other than their own.
HTTP Request Smuggling
The issue appears to be
CVE-2020-1710
5.3 - Medium
- September 16, 2020
The issue appears to be that JBoss EAP 6.4.21 does not parse the field-name in accordance to RFC7230[1] as it returns a 200 instead of a 400.
A flaw was found in JBossWeb in versions before 7.5.31.Final-redhat-3
CVE-2020-14384
7.5 - High
- September 09, 2020
A flaw was found in JBossWeb in versions before 7.5.31.Final-redhat-3. The fix for CVE-2020-13935 was incomplete in JBossWeb, leaving it vulnerable to a denial of service attack when sending multiple requests with invalid payload length in a WebSocket frame. The highest threat from this vulnerability is to system availability.
A flaw was found in Hibernate ORM in versions before 5.3.18, 5.4.18 and 5.5.0.Beta1
CVE-2019-14900
6.5 - Medium
- July 06, 2020
A flaw was found in Hibernate ORM in versions before 5.3.18, 5.4.18 and 5.5.0.Beta1. A SQL injection in the implementation of the JPA Criteria API can permit unsanitized literals when a literal is used in the SELECT or GROUP BY parts of the query. This flaw could allow an attacker to access unauthorized information or possibly conduct further attacks.
SQL Injection
A flaw was discovered in Undertow in versions before Undertow 2.1.1.Final where certain requests to the "Expect: 100-continue" header may cause an out of memory error
CVE-2020-10705
7.5 - High
- June 10, 2020
A flaw was discovered in Undertow in versions before Undertow 2.1.1.Final where certain requests to the "Expect: 100-continue" header may cause an out of memory error. This flaw may potentially lead to a denial of service.
Allocation of Resources Without Limits or Throttling
A flaw was found in Undertow in versions before 2.1.1.Final, regarding the processing of invalid HTTP requests with large chunk sizes
CVE-2020-10719
6.5 - Medium
- May 26, 2020
A flaw was found in Undertow in versions before 2.1.1.Final, regarding the processing of invalid HTTP requests with large chunk sizes. This flaw allows an attacker to take advantage of HTTP request smuggling.
HTTP Request Smuggling
A flaw was found in Soteria before 1.0.1, in a way
CVE-2020-1732
4.2 - Medium
- May 04, 2020
A flaw was found in Soteria before 1.0.1, in a way that multiple requests occurring concurrently causing security identity corruption across concurrent threads when using EE Security with WildFly Elytron which can lead to the possibility of being handled using the identity from another request.
Improper Input Validation
A flaw was found in all undertow-2.x.x SP1 versions prior to undertow-2.0.30.SP1, all undertow-1.x.x and undertow-2.x.x versions prior to undertow-2.1.0.Final, where the Servlet container causes servletPath to normalize incorrectly by truncating the path after semicolon
CVE-2020-1757
8.1 - High
- April 21, 2020
A flaw was found in all undertow-2.x.x SP1 versions prior to undertow-2.0.30.SP1, all undertow-1.x.x and undertow-2.x.x versions prior to undertow-2.1.0.Final, where the Servlet container causes servletPath to normalize incorrectly by truncating the path after semicolon which may lead to an application mapping resulting in the security bypass.
Improper Input Validation
A flaw was found when an OpenSSL security provider is used with Wildfly
CVE-2019-14887
9.1 - Critical
- March 16, 2020
A flaw was found when an OpenSSL security provider is used with Wildfly, the 'enabled-protocols' value in the Wildfly configuration isn't honored. An attacker could target the traffic sent from Wildfly and downgrade the connection to a weaker version of TLS, potentially breaking the encryption. This could lead to a leak of the data being passed over the network. Wildfly version 7.2.0.GA, 7.2.3.GA and 7.2.5.CR2 are believed to be vulnerable.
The implementations of PKCS#1 v1.5 key transport mechanism for XMLEncryption in JBossWS and Apache WSS4J before 1.6.5 is susceptible to a Bleichenbacher attack.
CVE-2011-2487
5.9 - Medium
- March 11, 2020
The implementations of PKCS#1 v1.5 key transport mechanism for XMLEncryption in JBossWS and Apache WSS4J before 1.6.5 is susceptible to a Bleichenbacher attack.
Use of a Broken or Risky Cryptographic Algorithm
A flaw was discovered in jackson-databind in versions before 2.9.10, 2.8.11.5 and 2.6.7.3, where it
CVE-2019-14892
9.8 - Critical
- March 02, 2020
A flaw was discovered in jackson-databind in versions before 2.9.10, 2.8.11.5 and 2.6.7.3, where it would permit polymorphic deserialization of a malicious object using commons-configuration 1 and 2 JNDI classes. An attacker could use this flaw to execute arbitrary code.
Marshaling, Unmarshaling
Netty 4.1.43.Final allows HTTP Request Smuggling
CVE-2020-7238
7.5 - High
- January 27, 2020
Netty 4.1.43.Final allows HTTP Request Smuggling because it mishandles Transfer-Encoding whitespace (such as a [space]Transfer-Encoding:chunked line) and a later Content-Length header. This issue exists because of an incomplete fix for CVE-2019-16869.
HTTP Request Smuggling
A flaw was found in the JBoss EAP Vault system in all versions before 7.2.6.GA
CVE-2019-14885
4.3 - Medium
- January 23, 2020
A flaw was found in the JBoss EAP Vault system in all versions before 7.2.6.GA. Confidential information of the system property's security attribute value is revealed in the JBoss EAP log file when executing a JBoss CLI 'reload' command. This flaw can lead to the exposure of confidential information.
Insertion of Sensitive Information into Log File
A vulnerability was found in the Undertow HTTP server in versions before 2.0.28.SP1 when listening on HTTPS
CVE-2019-14888
7.5 - High
- January 23, 2020
A vulnerability was found in the Undertow HTTP server in versions before 2.0.28.SP1 when listening on HTTPS. An attacker can target the HTTPS port to carry out a Denial Of Service (DOS) to make the service unavailable on SSL.
It was found that keycloak before version 8.0.0 exposes internal adapter endpoints in org.keycloak.constants.AdapterConstants, which can be invoked
CVE-2019-14820
4.3 - Medium
- January 08, 2020
It was found that keycloak before version 8.0.0 exposes internal adapter endpoints in org.keycloak.constants.AdapterConstants, which can be invoked via a specially-crafted URL. This vulnerability could allow an attacker to access unauthorized information.
A flaw was found in Wildfly Security Manager, running under JDK 11 or 8, that authorized requests for any requester
CVE-2019-14843
8.8 - High
- January 07, 2020
A flaw was found in Wildfly Security Manager, running under JDK 11 or 8, that authorized requests for any requester. This flaw could be used by a malicious app deployed on the app server to access unauthorized information and possibly conduct further attacks. Versions shipped with Red Hat Jboss EAP 7 and Red Hat SSO 7 are vulnerable to this issue.
AuthZ
A vulnerability was found in Infinispan such
CVE-2019-10174
8.8 - High
- November 25, 2019
A vulnerability was found in Infinispan such that the invokeAccessibly method from the public class ReflectionUtil allows any application class to invoke private methods in any class with Infinispan's privileges. The attacker can use reflection to introduce new, malicious behavior into the application.
Reflection Injection
A flaw was found in org.codehaus.jackson:jackson-mapper-asl:1.9.x libraries
CVE-2019-10172
7.5 - High
- November 18, 2019
A flaw was found in org.codehaus.jackson:jackson-mapper-asl:1.9.x libraries. XML external entity vulnerabilities similar CVE-2016-3720 also affects codehaus jackson-mapper-asl libraries but in different classes.
XXE
A vulnerability was found in Hibernate-Validator
CVE-2019-10219
6.1 - Medium
- November 08, 2019
A vulnerability was found in Hibernate-Validator. The SafeHtml validator annotation fails to properly sanitize payloads consisting of potentially malicious code in HTML comments and instructions. This vulnerability can result in an XSS attack.
XSS
A flaw was found in, all under 2.0.20, in the Undertow DEBUG log for io.undertow.request.security
CVE-2019-10212
9.8 - Critical
- October 02, 2019
A flaw was found in, all under 2.0.20, in the Undertow DEBUG log for io.undertow.request.security. If enabled, an attacker could abuse this flaw to obtain the user's credentials from the log files.
Insertion of Sensitive Information into Log File
In version 2.0.3 Apache Santuario XML Security for Java
CVE-2019-12400
5.5 - Medium
- August 23, 2019
In version 2.0.3 Apache Santuario XML Security for Java, a caching mechanism was introduced to speed up creating new XML documents using a static pool of DocumentBuilders. However, if some untrusted code can register a malicious implementation with the thread context class loader first, then this implementation might be cached and re-used by Apache Santuario - XML Security for Java, leading to potential security flaws when validating signed documents, etc. The vulnerability affects Apache Santuario - XML Security for Java 2.0.x releases from 2.0.3 and all 2.1.x releases before 2.1.4.
Improper Input Validation
Some HTTP/2 implementations are vulnerable to window size manipulation and stream prioritization manipulation
CVE-2019-9511
7.5 - High
- August 13, 2019
Some HTTP/2 implementations are vulnerable to window size manipulation and stream prioritization manipulation, potentially leading to a denial of service. The attacker requests a large amount of data from a specified resource over multiple streams. They manipulate window size and stream priority to force the server to queue the data in 1-byte chunks. Depending on how efficiently this data is queued, this can consume excess CPU, memory, or both.
Allocation of Resources Without Limits or Throttling
Some HTTP/2 implementations are vulnerable to resource loops, potentially leading to a denial of service
CVE-2019-9513
7.5 - High
- August 13, 2019
Some HTTP/2 implementations are vulnerable to resource loops, potentially leading to a denial of service. The attacker creates multiple request streams and continually shuffles the priority of the streams in a way that causes substantial churn to the priority tree. This can consume excess CPU.
Some HTTP/2 implementations are vulnerable to a header leak, potentially leading to a denial of service
CVE-2019-9516
6.5 - Medium
- August 13, 2019
Some HTTP/2 implementations are vulnerable to a header leak, potentially leading to a denial of service. The attacker sends a stream of headers with a 0-length header name and 0-length header value, optionally Huffman encoded into 1-byte or greater headers. Some implementations allocate memory for these headers and keep the allocation alive until the session dies. This can consume excess memory.
Allocation of Resources Without Limits or Throttling
Some HTTP/2 implementations are vulnerable to unconstrained interal data buffering, potentially leading to a denial of service
CVE-2019-9517
7.5 - High
- August 13, 2019
Some HTTP/2 implementations are vulnerable to unconstrained interal data buffering, potentially leading to a denial of service. The attacker opens the HTTP/2 window so the peer can send without constraint; however, they leave the TCP window closed so the peer cannot actually write (many of) the bytes on the wire. The attacker then sends a stream of requests for a large response object. Depending on how the servers queue the responses, this can consume excess memory, CPU, or both.
Allocation of Resources Without Limits or Throttling
Some HTTP/2 implementations are vulnerable to a flood of empty frames, potentially leading to a denial of service
CVE-2019-9518
7.5 - High
- August 13, 2019
Some HTTP/2 implementations are vulnerable to a flood of empty frames, potentially leading to a denial of service. The attacker sends a stream of frames with an empty payload and without the end-of-stream flag. These frames can be DATA, HEADERS, CONTINUATION and/or PUSH_PROMISE. The peer spends time processing each frame disproportionate to attack bandwidth. This can consume excess CPU.
Allocation of Resources Without Limits or Throttling
Some HTTP/2 implementations are vulnerable to a settings flood, potentially leading to a denial of service
CVE-2019-9515
7.5 - High
- August 13, 2019
Some HTTP/2 implementations are vulnerable to a settings flood, potentially leading to a denial of service. The attacker sends a stream of SETTINGS frames to the peer. Since the RFC requires that the peer reply with one acknowledgement per SETTINGS frame, an empty SETTINGS frame is almost equivalent in behavior to a ping. Depending on how efficiently this data is queued, this can consume excess CPU, memory, or both.
Allocation of Resources Without Limits or Throttling
Some HTTP/2 implementations are vulnerable to a reset flood, potentially leading to a denial of service
CVE-2019-9514
7.5 - High
- August 13, 2019
Some HTTP/2 implementations are vulnerable to a reset flood, potentially leading to a denial of service. The attacker opens a number of streams and sends an invalid request over each stream that should solicit a stream of RST_STREAM frames from the peer. Depending on how the peer queues the RST_STREAM frames, this can consume excess memory, CPU, or both.
Allocation of Resources Without Limits or Throttling
undertow before version 2.0.23.Final is vulnerable to an information leak issue
CVE-2019-10184
7.5 - High
- July 25, 2019
undertow before version 2.0.23.Final is vulnerable to an information leak issue. Web apps may have their directory structures predicted through requests without trailing slashes via the api.
AuthZ
A flaw was discovered in wildfly versions up to 16.0.0.Final
CVE-2019-3805
4.7 - Medium
- May 03, 2019
A flaw was discovered in wildfly versions up to 16.0.0.Final that would allow local users who are able to execute init.d script to terminate arbitrary processes on the system. An attacker could exploit this by modifying the PID file in /var/run/jboss-eap/ allowing the init.d script to terminate any process as root.
Race Condition