Red Hat Jboss Web Server
Recent Red Hat Jboss Web Server Security Advisories
| Advisory | Title | Published |
|---|---|---|
| RHSA-2024:1324 | (RHSA-2024:1324) Important: Red Hat JBoss Web Server 6.0.1 release and security update | March 19, 2024 |
| RHSA-2024:1325 | (RHSA-2024:1325) Important: Red Hat JBoss Web Server 6.0.1 release and security update | March 18, 2024 |
| RHSA-2024:1319 | (RHSA-2024:1319) Important: Red Hat JBoss Web Server 5.7.8 release and security update | March 18, 2024 |
| RHSA-2024:1318 | (RHSA-2024:1318) Important: Red Hat JBoss Web Server 5.7.8 release and security update | March 18, 2024 |
| RHSA-2023:7623 | (RHSA-2023:7623) Moderate: Red Hat JBoss Web Server 5.7.7 release and security update | December 7, 2023 |
| RHSA-2023:7622 | (RHSA-2023:7622) Moderate: Red Hat JBoss Web Server 5.7.7 release and security update | December 7, 2023 |
| RHSA-2023:6207 | (RHSA-2023:6207) Moderate: Red Hat JBoss Web Server 5.7.6 release and security update | October 31, 2023 |
| RHSA-2023:5784 | (RHSA-2023:5784) Important: Red Hat JBoss Web Server 5.7.5 release and security update | October 17, 2023 |
| RHSA-2023:5783 | (RHSA-2023:5783) Important: Red Hat JBoss Web Server 5.7.5 release and security update | October 17, 2023 |
| RHSA-2023:4910 | (RHSA-2023:4910) Moderate: Red Hat JBoss Web Server 5.7.4 release and security update | September 4, 2023 |
By the Year
In 2024 there have been 0 vulnerabilities in Red Hat Jboss Web Server . Jboss Web Server did not have any published security vulnerabilities last year.
| Year | Vulnerabilities | Average Score |
|---|---|---|
| 2024 | 0 | 0.00 |
| 2023 | 0 | 0.00 |
| 2022 | 0 | 0.00 |
| 2021 | 1 | 7.50 |
| 2020 | 0 | 0.00 |
| 2019 | 0 | 0.00 |
| 2018 | 0 | 0.00 |
It may take a day or so for new Jboss Web Server vulnerabilities to show up in the stats or in the list of recent security vulnerabilties. Additionally vulnerabilities may be tagged under a different product or component name.
Recent Red Hat Jboss Web Server Security Vulnerabilities
JMSAppender in Log4j 1.2 is vulnerable to deserialization of untrusted data when the attacker has write access to the Log4j configuration
CVE-2021-4104
7.5 - High
- December 14, 2021
JMSAppender in Log4j 1.2 is vulnerable to deserialization of untrusted data when the attacker has write access to the Log4j configuration. The attacker can provide TopicBindingName and TopicConnectionFactoryBindingName configurations causing JMSAppender to perform JNDI requests that result in remote code execution in a similar fashion to CVE-2021-44228. Note this issue only affects Log4j 1.2 when specifically configured to use JMSAppender, which is not the default. Apache Log4j 1.2 reached end of life in August 2015. Users should upgrade to Log4j 2 as it addresses numerous other issues from the previous versions.
Marshaling, Unmarshaling
The DES and Triple DES ciphers, as used in the TLS, SSH, and IPSec protocols and other protocols and products, have a birthday bound of approximately four billion blocks, which makes it easier for remote attackers to obtain cleartext data
CVE-2016-2183
7.5 - High
- September 01, 2016
The DES and Triple DES ciphers, as used in the TLS, SSH, and IPSec protocols and other protocols and products, have a birthday bound of approximately four billion blocks, which makes it easier for remote attackers to obtain cleartext data via a birthday attack against a long-duration encrypted session, as demonstrated by an HTTPS session using Triple DES in CBC mode, aka a "Sweet32" attack.
Information Disclosure
Stay on top of Security Vulnerabilities
Want an email whenever new vulnerabilities are published for nodejs node.js or by Red Hat? Click the Watch button to subscribe.
