Max CVSS 7.5 Min CVSS 2.1 Total Count2
IDCVSSSummaryLast (major) updatePublished
CVE-2017-12629 7.5
Remote code execution occurs in Apache Solr before 7.1 with Apache Lucene before 7.1 by exploiting XXE in conjunction with use of a Config API add-listener command to reach the RunExecutableListener class. Elasticsearch, although it uses Lucene, is N
19-04-2022 - 16:06 14-10-2017 - 23:29
CVE-2017-7559 5.8
In Undertow 2.x before 2.0.0.Alpha2, 1.4.x before 1.4.17.Final, and 1.3.x before 1.3.31.Final, it was found that the fix for CVE-2017-2666 was incomplete and invalid characters are still allowed in the query string and path parameters. This could be
09-10-2019 - 23:29 10-01-2018 - 15:29
CVE-2017-12189 4.6
It was discovered that the jboss init script as used in Red Hat JBoss Enterprise Application Platform 7.0.7.GA performed unsafe file handling which could result in local privilege escalation. This issue is a result of an incomplete fix for CVE-2016-8
09-10-2019 - 23:22 10-01-2018 - 19:29
CVE-2017-12167 2.1
It was found in EAP 7 before 7.0.9 that properties based files of the management and the application realm configuration that contain user to role mapping are world readable allowing access to users and roles information to all the users logged in to
09-10-2019 - 23:22 26-07-2018 - 17:29
CVE-2017-12165 5.0
It was discovered that Undertow before 1.4.17, 1.3.31 and 2.0.0 processes http request headers with unusual whitespaces which can cause possible http request smuggling.
09-10-2019 - 23:22 27-07-2018 - 15:29
CVE-2017-7561 5.0
Red Hat JBoss EAP version 3.0.7 through before 4.0.0.Beta1 is vulnerable to a server-side cache poisoning or CORS requests in the JAX-RS component resulting in a moderate impact.
03-10-2019 - 00:03 13-09-2017 - 17:29
CVE-2016-6346 5.0
RESTEasy enables GZIPInterceptor, which allows remote attackers to cause a denial of service via unspecified vectors.
14-05-2019 - 17:29 07-09-2016 - 18:59
Back to Top Mark selected
Back to Top