Vulnerabilities (CVE)

Vendor filter

Redhat Subscribe

Product filter

Jboss Enterprise Application Platform Subscribe

Filter

130 total CVE
CVE Vendors Products Updated CVSS
CVE-2019-3872 1 Redhat 2 Jboss Enterprise Application Platform, Single Sign-on 2019-10-09 3.5
It was found that a SAMLRequest containing a script could be processed by Picketlink versions shipped in Jboss Application Platform 7.2.x and 7.1.x. An attacker could use this to send a malicious script to achieve cross-site scripting and obtain...
CVE-2019-10202 1 Redhat 1 Jboss Enterprise Application Platform 2019-10-09 7.5
A series of deserialization vulnerabilities have been discovered in Codehaus 1.9.x implemented in EAP 7. This CVE fixes CVE-2017-17485, CVE-2017-7525, CVE-2017-15095, CVE-2018-5968, CVE-2018-7489, CVE-2018-1000873, CVE-2019-12086 reported for...
CVE-2018-1067 1 Redhat 3 Jboss Enterprise Application Platform, Undertow, Virtualization 2019-10-09 5.8
In Undertow before versions 7.1.2.CR1, 7.1.2.GA it was found that the fix for CVE-2016-4993 was incomplete and Undertow web server is vulnerable to the injection of arbitrary HTTP headers, and also response splitting, due to insufficient...
CVE-2018-1047 1 Redhat 2 Jboss Wildfly Application Server, Jboss Enterprise Application Platform 2019-10-09 2.1
A flaw was found in Wildfly 9.x. A path traversal vulnerability through the org.wildfly.extension.undertow.deployment.ServletResourceManager.getResource method could lead to information disclosure of arbitrary local files.
CVE-2018-1041 2 Jboss, Redhat 2 Jboss-remoting, Jboss Enterprise Application Platform 2019-10-09 5.0
A vulnerability was found in the way RemoteMessageChannel, introduced in jboss-remoting versions 3.3.10, reads from an empty buffer. An attacker could use this flaw to cause denial of service via high CPU caused by an infinite loop.
CVE-2017-7504 1 Redhat 1 Jboss Enterprise Application Platform 2019-10-09 7.5
HTTPServerILServlet.java in JMS over HTTP Invocation Layer of the JbossMQ implementation, which is enabled by default in Red Hat Jboss Application Server <= Jboss 4.X does not restrict the classes for which it performs deserialization, which...
CVE-2017-7465 1 Redhat 1 Jboss Enterprise Application Platform 2019-10-09 7.5
It was found that the JAXP implementation used in JBoss EAP 7.0 for XSLT processing is vulnerable to code injection. An attacker could use this flaw to cause remote code execution if they are able to provide XSLT content for parsing. Doing a...
CVE-2017-7464 1 Redhat 1 Jboss Enterprise Application Platform 2019-10-09 7.5
It was found that the JAXP implementation used in JBoss EAP 7.0 for SAX and DOM parsing is vulnerable to certain XXE flaws. An attacker could use this flaw to cause DoS, SSRF, or information disclosure if they are able to provide XML content for parsing.
CVE-2017-2670 2 Redhat, Debian 3 Jboss Enterprise Application Platform, Undertow, Debian Linux 2019-10-09 5.0
It was found in Undertow before 1.3.28 that with non-clean TCP close, the Websocket server gets into infinite loop on every IO thread, effectively causing DoS.
CVE-2017-2666 2 Redhat, Debian 3 Jboss Enterprise Application Platform, Undertow, Debian Linux 2019-10-09 6.4
It was discovered in Undertow that the code that parsed the HTTP request line permitted invalid characters. This could be exploited, in conjunction with a proxy that also permitted the invalid characters but with a different interpretation, to...
CVE-2017-2595 1 Redhat 1 Jboss Enterprise Application Platform 2019-10-09 4.0
It was found that the log file viewer in Red Hat JBoss Enterprise Application 6 and 7 allows arbitrary file read to authenticated user via path traversal.
CVE-2017-12196 1 Redhat 4 Jboss Enterprise Application Platform, Jboss Fuse, Undertow and 1 more 2019-10-09 4.3
undertow before versions 1.4.18.SP1, 2.0.2.Final, 1.4.24.Final was found vulnerable when using Digest authentication, the server does not ensure that the value of URI in the Authorization header matches the URI in HTTP request line. This allows...
CVE-2017-12189 1 Redhat 2 Jboss Enterprise Application Platform, Enterprise Linux 2019-10-09 4.6
It was discovered that the jboss init script as used in Red Hat JBoss Enterprise Application Platform 7.0.7.GA performed unsafe file handling which could result in local privilege escalation. This issue is a result of an incomplete fix for CVE-2016-8656.
CVE-2017-12174 2 Apache, Redhat 3 Activemq Artemis, Hornetq, Jboss Enterprise Application Platform 2019-10-09 7.8
It was found that when Artemis and HornetQ before 2.4.0 are configured with UDP discovery and JGroups discovery a huge byte array is created when receiving an unexpected multicast message. This may result in a heap memory exhaustion, full GC, or...
CVE-2017-12167 1 Redhat 1 Jboss Enterprise Application Platform 2019-10-09 2.1
It was found in EAP 7 before 7.0.9 that properties based files of the management and the application realm configuration that contain user to role mapping are world readable allowing access to users and roles information to all the users logged...
CVE-2017-12165 1 Redhat 2 Jboss Enterprise Application Platform, Undertow 2019-10-09 5.0
It was discovered that Undertow before 1.4.17, 1.3.31 and 2.0.0 processes http request headers with unusual whitespaces which can cause possible http request smuggling.
CVE-2016-9585 1 Redhat 1 Jboss Enterprise Application Platform 2019-10-09 2.6
Red Hat JBoss EAP version 5 is vulnerable to a deserialization of untrusted data in the JMX endpoint when deserializes the credentials passed to it. An attacker could exploit this vulnerability resulting in a denial of service attack.
CVE-2016-8656 1 Redhat 1 Jboss Enterprise Application Platform 2019-10-09 4.6
Jboss jbossas before versions 5.2.0-23, 6.4.13, 7.0.5 is vulnerable to an unsafe file handling in the jboss init script which could result in local privilege escalation.
CVE-2016-8627 1 Redhat 2 Jboss Enterprise Application Platform, Keycloak 2019-10-09 4.3
admin-cli before versions 3.0.0.alpha25, 2.2.1.cr2 is vulnerable to an EAP feature to download server log files that allows logs to be available via GET requests making them vulnerable to cross-origin attacks. An attacker could trigger the user's...
CVE-2016-7066 1 Redhat 1 Jboss Enterprise Application Platform 2019-10-09 4.6
It was found that the improper default permissions on /tmp/auth directory in JBoss Enterprise Application Platform before 7.1.0 can allow any local user to connect to CLI and allow the user to execute any arbitrary operations.