Max CVSS | 7.5 | Min CVSS | 2.1 | Total Count | 2 |
ID | CVSS | Summary | Last (major) update | Published | |
CVE-2017-7525 | 7.5 |
A deserialization flaw was discovered in the jackson-databind, versions before 2.6.7.1, 2.7.9.1 and 2.8.9, which could allow an unauthenticated user to perform code execution by sending the maliciously crafted input to the readValue method of the Obj
|
08-06-2023 - 17:57 | 06-02-2018 - 15:29 | |
CVE-2016-4978 | 6.0 |
The getObject method of the javax.jms.ObjectMessage class in the (1) JMS Core client, (2) Artemis broker, and (3) Artemis REST component in Apache ActiveMQ Artemis before 1.4.0 might allow remote authenticated users with permission to send messages t
|
12-02-2023 - 23:22 | 27-09-2016 - 15:59 | |
CVE-2017-7536 | 4.4 |
In Hibernate Validator 5.2.x before 5.2.5 final, 5.3.x, and 5.4.x, it was found that when the security manager's reflective permissions, which allows it to access the private members of the class, are granted to Hibernate Validator, a potential privi
|
10-03-2022 - 13:57 | 10-01-2018 - 15:29 | |
CVE-2017-7559 | 5.8 |
In Undertow 2.x before 2.0.0.Alpha2, 1.4.x before 1.4.17.Final, and 1.3.x before 1.3.31.Final, it was found that the fix for CVE-2017-2666 was incomplete and invalid characters are still allowed in the query string and path parameters. This could be
|
09-10-2019 - 23:29 | 10-01-2018 - 15:29 | |
CVE-2017-2670 | 5.0 |
It was found in Undertow before 1.3.28 that with non-clean TCP close, the Websocket server gets into infinite loop on every IO thread, effectively causing DoS.
|
09-10-2019 - 23:27 | 27-07-2018 - 15:29 | |
CVE-2017-2666 | 6.4 |
It was discovered in Undertow that the code that parsed the HTTP request line permitted invalid characters. This could be exploited, in conjunction with a proxy that also permitted the invalid characters but with a different interpretation, to inject
|
09-10-2019 - 23:27 | 27-07-2018 - 14:29 | |
CVE-2017-2595 | 4.0 |
It was found that the log file viewer in Red Hat JBoss Enterprise Application 6 and 7 allows arbitrary file read to authenticated user via path traversal.
|
09-10-2019 - 23:26 | 27-07-2018 - 15:29 | |
CVE-2017-12167 | 2.1 |
It was found in EAP 7 before 7.0.9 that properties based files of the management and the application realm configuration that contain user to role mapping are world readable allowing access to users and roles information to all the users logged in to
|
09-10-2019 - 23:22 | 26-07-2018 - 17:29 | |
CVE-2017-12165 | 5.0 |
It was discovered that Undertow before 1.4.17, 1.3.31 and 2.0.0 processes http request headers with unusual whitespaces which can cause possible http request smuggling.
|
09-10-2019 - 23:22 | 27-07-2018 - 15:29 | |
CVE-2016-8627 | 4.3 |
admin-cli before versions 3.0.0.alpha25, 2.2.1.cr2 is vulnerable to an EAP feature to download server log files that allows logs to be available via GET requests making them vulnerable to cross-origin attacks. An attacker could trigger the user's bro
|
09-10-2019 - 23:20 | 11-05-2018 - 13:29 | |
CVE-2016-9589 | 5.0 |
Undertow in Red Hat wildfly before version 11.0.0.Beta1 is vulnerable to a resource exhaustion resulting in a denial of service. Undertow keeps a cache of seen HTTP headers in persistent connections. It was found that this cache can easily exploited
|
09-10-2019 - 23:20 | 12-03-2018 - 15:29 | |
CVE-2016-7066 | 4.6 |
It was found that the improper default permissions on /tmp/auth directory in JBoss Enterprise Application Platform before 7.1.0 can allow any local user to connect to CLI and allow the user to execute any arbitrary operations.
|
09-10-2019 - 23:19 | 11-09-2018 - 14:29 | |
CVE-2016-7061 | 4.0 |
An information disclosure vulnerability was found in JBoss Enterprise Application Platform before 7.0.4. It was discovered that when configuring RBAC and marking information as sensitive, users with a Monitor role are able to view the sensitive infor
|
09-10-2019 - 23:19 | 10-09-2018 - 16:29 | |
CVE-2016-7046 | 7.1 |
Red Hat JBoss Enterprise Application Platform (EAP) 7, when operating as a reverse-proxy with default buffer sizes, allows remote attackers to cause a denial of service (CPU and disk consumption) via a long URL.
|
15-12-2017 - 02:29 | 03-10-2016 - 21:59 | |
CVE-2016-4993 | 4.3 |
CRLF injection vulnerability in the Undertow web server in WildFly 10.0.0, as used in Red Hat JBoss Enterprise Application Platform (EAP) 7.x before 7.0.2, allows remote attackers to inject arbitrary HTTP headers and conduct HTTP response splitting a
|
15-12-2017 - 02:29 | 26-09-2016 - 14:59 | |
CVE-2016-6311 | 5.0 |
Get requests in JBoss Enterprise Application Platform (EAP) 7 disclose internal IP addresses to remote attackers.
|
15-12-2017 - 02:29 | 22-08-2017 - 18:29 | |
CVE-2016-5406 | 6.5 |
The domain controller in Red Hat JBoss Enterprise Application Platform (EAP) 7.x before 7.0.2 allows remote authenticated users to gain privileges by leveraging failure to propagate administrative RBAC configuration to all slaves.
|
15-12-2017 - 02:29 | 26-09-2016 - 14:59 |