Vulnerabilities (CVE)

Vendor filter

Redhat Subscribe

Product filter

Jboss Enterprise Application Platform Subscribe

Filter

120 total CVE
CVE Vendors Products Updated CVSS
CVE-2019-3873 1 Redhat 2 Jboss Enterprise Application Platform, Single Sign-on 2019-06-14 6.0
It was found that Picketlink as shipped with Jboss Enterprise Application Platform 7.2 would accept an xinclude parameter in SAMLresponse XML. An attacker could use this flaw to send a URL to achieve cross-site scripting or possibly conduct...
CVE-2019-3872 1 Redhat 2 Jboss Enterprise Application Platform, Single Sign-on 2019-06-14 3.5
It was found that a SAMLRequest containing a script could be processed by Picketlink versions shipped in Jboss Application Platform 7.2.x and 7.1.x. An attacker could use this to send a malicious script to achieve cross-site scripting and obtain...
CVE-2018-10237 2 Google, Redhat 6 Guava, Jboss Enterprise Application Platform, Openstack and 3 more 2019-06-12 4.3
Unbounded memory allocation in Google Guava 11.0 through 24.x before 24.1.1 allows remote attackers to conduct denial of service attacks against servers that depend on this library and deserialize attacker-provided data, because the...
CVE-2018-10934 1 Redhat 2 Jboss Enterprise Application Platform, Single Sign-on 2019-06-11 3.5
A cross-site scripting (XSS) vulnerability was found in the JBoss Management Console versions before 7.1.6.CR1, 7.1.6.GA. Users with roles that can create objects in the application can exploit this to attack other privileged users.
CVE-2016-2183 5 Python, Openssl, Cisco and 2 more 8 Content Security Management Appliance, Openssl, Enterprise Linux and 5 more 2019-05-20 5.0
The DES and Triple DES ciphers, as used in the TLS, SSH, and IPSec protocols and other protocols and products, have a birthday bound of approximately four billion blocks, which makes it easier for remote attackers to obtain cleartext data via a...
CVE-2019-3894 1 Redhat 2 Jboss Enterprise Application Platform, Wildfly 2019-05-17 6.5
It was discovered that the ElytronManagedThread in Wildfly's Elytron subsystem in versions from 11 to 16 stores a SecurityIdentity to run the thread as. These threads do not necessarily terminate if the keep alive time has not expired. This could...
CVE-2019-3805 1 Redhat 2 Jboss Enterprise Application Platform, Wildfly 2019-05-17 4.7
A flaw was discovered in wildfly versions up to 16.0.0.Final that would allow local users who are able to execute init.d script to terminate arbitrary processes on the system. An attacker could exploit this by modifying the PID file in...
CVE-2018-1304 5 Apache, Redhat, Debian and 2 more 10 Tomcat, Jboss Enterprise Web Server, Debian Linux and 7 more 2019-05-10 4.3
The URL pattern of "" (the empty string) which exactly maps to the context root was not correctly handled in Apache Tomcat 9.0.0.M1 to 9.0.4, 8.5.0 to 8.5.27, 8.0.0.RC1 to 8.0.49 and 7.0.0 to 7.0.84 when used as part of a security constraint...
CVE-2017-9788 6 Apache, Netapp, Oracle and 3 more 16 Httpd, Http Server, Oncommand Unified Manager and 13 more 2019-05-10 6.4
In Apache httpd before 2.2.34 and 2.4.x before 2.4.27, the value placeholder in [Proxy-]Authorization headers of type 'Digest' was not initialized or reset before or between successive key=value assignments by mod_auth_digest. Providing an...
CVE-2016-3110 2 Redhat, Fedoraproject 3 Jboss Enterprise Web Server, Jboss Enterprise Application Platform, Fedora 2019-05-10 5.0
mod_cluster, as used in Red Hat JBoss Web Server 2.1, allows remote attackers to cause a denial of service (Apache http server crash) via an MCMP message containing a series of = (equals) characters after a legitimate element.
CVE-2016-8610 4 Openssl, Netapp, Redhat and 1 more 25 Openssl, Clustered Data Ontap Antivirus Connector, Data Ontap and 22 more 2019-05-02 5.0
A denial of service flaw was found in OpenSSL 0.9.8, 1.0.1, 1.0.2 through 1.0.2h, and 1.1.0 in the way the TLS/SSL protocol defined processing of ALERT packets during a connection handshake. A remote attacker could use this flaw to make a TLS/SSL...
CVE-2018-1000180 5 Bouncycastle, Debian, Netapp and 2 more 18 Fips Java Api, Legion-of-the-bouncy-castle-java-crytography-api, Debian Linux and 15 more 2019-04-26 5.0
Bouncy Castle BC 1.54 - 1.59, BC-FJA 1.0.0, BC-FJA 1.0.1 and earlier have a flaw in the Low-level interface to RSA key pair generator, specifically RSA Key Pairs generated in low-level API with added certainty may have less M-R tests than...
CVE-2018-1067 1 Redhat 3 Jboss Enterprise Application Platform, Undertow, Virtualization 2019-04-26 5.8
In Undertow before versions 7.1.2.CR1, 7.1.2.GA it was found that the fix for CVE-2016-4993 was incomplete and Undertow web server is vulnerable to the injection of arbitrary HTTP headers, and also response splitting, due to insufficient...
CVE-2018-10862 1 Redhat 3 Jboss Enterprise Application Platform, Virtualization, Wildfly Core 2019-04-26 4.9
WildFly Core before version 6.0.0.Alpha3 does not properly validate file paths in .war archives, allowing for the extraction of crafted .war archives to overwrite arbitrary files. This is an instance of the 'Zip Slip' vulnerability.
CVE-2018-8088 3 Redhat, Slf4j, Oracle 7 Jboss Enterprise Application Platform, Slf4j, Enterprise Linux Desktop and 4 more 2019-04-26 7.5
org.slf4j.ext.EventData in the slf4j-ext module in QOS.CH SLF4J before 1.8.0-beta2 allows remote attackers to bypass intended access restrictions via crafted data.
CVE-2016-2141 1 Redhat 2 Jboss Enterprise Application Platform, Jgroups 2019-04-23 7.5
JGroups before 4.0 does not require the proper headers for the ENCRYPT and AUTH protocols from nodes joining the cluster, which allows remote attackers to bypass security restrictions and send and receive messages within the cluster via...
CVE-2017-12167 1 Redhat 1 Jboss Enterprise Application Platform 2019-04-22 2.1
It was found in EAP 7 before 7.0.9 that properties based files of the management and the application realm configuration that contain user to role mapping are world readable allowing access to users and roles information to all the users logged...
CVE-2016-7061 1 Redhat 1 Jboss Enterprise Application Platform 2019-04-22 4.0
An information disclosure vulnerability was found in JBoss Enterprise Application Platform before 7.0.4. It was discovered that when configuring RBAC and marking information as sensitive, users with a Monitor role are able to view the sensitive...
CVE-2018-1336 4 Apache, Redhat, Canonical and 1 more 8 Tomcat, Jboss Enterprise Application Platform, Jboss Enterprise Web Server and 5 more 2019-04-22 5.0
An improper handing of overflow in the UTF-8 decoder with supplementary characters can lead to an infinite loop in the decoder causing a Denial of Service. Versions Affected: Apache Tomcat 9.0.0.M9 to 9.0.7, 8.5.0 to 8.5.30, 8.0.0.RC1 to 8.0.51,...
CVE-2014-0224 5 Openssl, Fedoraproject, Novell and 2 more 9 Openssl, Enterprise Linux, Fedora and 6 more 2019-04-22 6.8
OpenSSL before 0.9.8za, 1.0.0 before 1.0.0m, and 1.0.1 before 1.0.1h does not properly restrict processing of ChangeCipherSpec messages, which allows man-in-the-middle attackers to trigger use of a zero-length master key in certain...