| Max CVSS | 7.5 | Min CVSS | 2.1 | Total Count | 2 |
| ID | CVSS | Summary | Last (major) update | Published | |
| CVE-2020-1745 | 7.5 |
A file inclusion vulnerability was found in the AJP connector enabled with a default AJP configuration port of 8009 in Undertow version 2.0.29.Final and before and was fixed in 2.0.30.Final. A remote, unauthenticated attacker could exploit this vulne
|
16-02-2024 - 13:15 | 28-04-2020 - 15:15 | |
| CVE-2019-10172 | 5.0 |
A flaw was found in org.codehaus.jackson:jackson-mapper-asl:1.9.x libraries. XML external entity vulnerabilities similar CVE-2016-3720 also affects codehaus jackson-mapper-asl libraries but in different classes.
|
12-02-2023 - 23:33 | 18-11-2019 - 17:15 | |
| CVE-2020-7226 | 5.0 |
CiphertextHeader.java in Cryptacular 1.2.3, as used in Apereo CAS and other products, allows attackers to trigger excessive memory allocation during a decode operation, because the nonce array length associated with "new byte" may depend on untrusted
|
12-05-2022 - 15:00 | 24-01-2020 - 15:15 | |
| CVE-2020-10705 | 5.0 |
A flaw was discovered in Undertow in versions before Undertow 2.1.1.Final where certain requests to the "Expect: 100-continue" header may cause an out of memory error. This flaw may potentially lead to a denial of service.
|
22-02-2022 - 10:02 | 10-06-2020 - 20:15 | |
| CVE-2020-10719 | 6.4 |
A flaw was found in Undertow in versions before 2.1.1.Final, regarding the processing of invalid HTTP requests with large chunk sizes. This flaw allows an attacker to take advantage of HTTP request smuggling.
|
21-02-2022 - 04:24 | 26-05-2020 - 16:15 | |
| CVE-2019-17573 | 4.3 |
By default, Apache CXF creates a /services page containing a listing of the available endpoint names and addresses. This webpage is vulnerable to a reflected Cross-Site Scripting (XSS) attack, which allows a malicious actor to inject javascript into
|
17-06-2021 - 17:24 | 16-01-2020 - 18:15 | |
| CVE-2019-12423 | 4.3 |
Apache CXF ships with a OpenId Connect JWK Keys service, which allows a client to obtain the public keys in JWK format, which can then be used to verify the signature of tokens issued by the service. Typically, the service obtains the public key from
|
17-06-2021 - 17:24 | 16-01-2020 - 18:15 | |
| CVE-2020-1719 | 5.5 |
A flaw was found in wildfly. The EJBContext principle is not popped back after invoking another EJB using a different Security Domain. The highest threat from this vulnerability is to data confidentiality and integrity. Versions before wildfly 20.0.0
|
16-06-2021 - 15:17 | 07-06-2021 - 17:15 | |
| CVE-2020-1729 | 2.1 |
A flaw was found in SmallRye's API through version 1.6.1. The API can allow other code running within the application server to potentially obtain the ClassLoader, bypassing any permissions checks that should have been applied. The largest threat fro
|
08-06-2021 - 15:41 | 28-05-2021 - 14:15 | |
| CVE-2020-1732 | 4.9 |
A flaw was found in Soteria before 1.0.1, in a way that multiple requests occurring concurrently causing security identity corruption across concurrent threads when using EE Security with WildFly Elytron which can lead to the possibility of being han
|
08-05-2020 - 17:28 | 04-05-2020 - 17:15 | |
| CVE-2020-1757 | 5.5 |
A flaw was found in all undertow-2.x.x SP1 versions prior to undertow-2.0.30.SP1, all undertow-1.x.x and undertow-2.x.x versions prior to undertow-2.1.0.Final, where the Servlet container causes servletPath to normalize incorrectly by truncating the
|
30-04-2020 - 15:55 | 21-04-2020 - 17:15 |