Red Hat Rhboac Hawtio
Don't miss out!
Thousands of developers use stack.watch to stay informed.Get an email whenever new security vulnerabilities are reported in Red Hat Rhboac Hawtio.
By the Year
In 2025 there have been 0 vulnerabilities in Red Hat Rhboac Hawtio. Last year, in 2024 Rhboac Hawtio had 2 security vulnerabilities published. Right now, Rhboac Hawtio is on track to have less security vulnerabilities in 2025 than it did last year.
| Year | Vulnerabilities | Average Score |
|---|---|---|
| 2025 | 0 | 0.00 |
| 2024 | 2 | 7.25 |
It may take a day or so for new Rhboac Hawtio vulnerabilities to show up in the stats or in the list of recent security vulnerabilities. Additionally vulnerabilities may be tagged under a different product or component name.
Recent Red Hat Rhboac Hawtio Security Vulnerabilities
Undertow ProxyProtocolReadListener StringBuilder reuse info-leak
CVE-2024-7885
7.5 - High
- August 21, 2024
A vulnerability was found in Undertow where the ProxyProtocolReadListener reuses the same StringBuilder instance across multiple requests. This issue occurs when the parseProxyProtocolV1 method processes multiple requests on the same HTTP connection. As a result, different requests may share the same StringBuilder instance, potentially leading to information leakage between requests or responses. In some cases, a value from a previous request or response may be erroneously reused, which could lead to unintended data exposure. This issue primarily results in errors and connection termination but creates a risk of data leakage in multi-request environments.
Race Condition
Quarkus Core Env Var Leakage in Build
CVE-2024-2700
7 - High
- April 04, 2024
A vulnerability was found in the quarkus-core component. Quarkus captures local environment variables from the Quarkus namespace during the application's build, therefore, running the resulting application inherits the values captured at build time. Some local environment variables may have been set by the developer or CI environment for testing purposes, such as dropping the database during application startup or trusting all TLS certificates to accept self-signed certificates. If these properties are configured using environment variables or the .env facility, they are captured into the built application, which can lead to dangerous behavior if the application does not override these values. This behavior only happens for configuration properties from the `quarkus.*` namespace. Application-specific properties are not captured.
Exposure of Sensitive Information Through Environmental Variables
Stay on top of Security Vulnerabilities
Want an email whenever new vulnerabilities are published for Red Hat Rhboac Hawtio or by Red Hat? Click the Watch button to subscribe.
