Max CVSS | 7.8 | Min CVSS | 4.3 | Total Count | 2 |
ID | CVSS | Summary | Last (major) update | Published | |
CVE-2017-15095 | 7.5 |
A deserialization flaw was discovered in the jackson-databind in versions before 2.8.10 and 2.9.1, which could allow an unauthenticated user to perform code execution by sending the maliciously crafted input to the readValue method of the ObjectMappe
|
13-09-2023 - 14:23 | 06-02-2018 - 15:29 | |
CVE-2018-5968 | 6.8 |
FasterXML jackson-databind through 2.8.11 and 2.9.x through 2.9.3 allows unauthenticated remote code execution because of an incomplete fix for the CVE-2017-7525 and CVE-2017-17485 deserialization flaws. This is exploitable via two different gadgets
|
13-09-2023 - 14:19 | 22-01-2018 - 04:29 | |
CVE-2017-17485 | 7.5 |
FasterXML jackson-databind through 2.8.10 and 2.9.x through 2.9.3 allows unauthenticated remote code execution because of an incomplete fix for the CVE-2017-7525 deserialization flaw. This is exploitable by sending maliciously crafted JSON input to t
|
08-06-2023 - 18:00 | 10-01-2018 - 18:29 | |
CVE-2017-12174 | 7.8 |
It was found that when Artemis and HornetQ before 2.4.0 are configured with UDP discovery and JGroups discovery a huge byte array is created when receiving an unexpected multicast message. This may result in a heap memory exhaustion, full GC, or OutO
|
12-02-2023 - 23:27 | 07-03-2018 - 22:29 | |
CVE-2018-1048 | 5.0 |
It was found that the AJP connector in undertow, as shipped in Jboss EAP 7.1.0.GA, does not use the ALLOW_ENCODED_SLASH option and thus allow the the slash / anti-slash characters encoded in the url which may lead to path traversal and result in the
|
03-02-2023 - 02:19 | 24-01-2018 - 23:29 | |
CVE-2017-12196 | 4.3 |
undertow before versions 1.4.18.SP1, 2.0.2.Final, 1.4.24.Final was found vulnerable when using Digest authentication, the server does not ensure that the value of URI in the Authorization header matches the URI in HTTP request line. This allows the a
|
09-10-2019 - 23:22 | 18-04-2018 - 01:29 | |
CVE-2017-7561 | 5.0 |
Red Hat JBoss EAP version 3.0.7 through before 4.0.0.Beta1 is vulnerable to a server-side cache poisoning or CORS requests in the JAX-RS component resulting in a moderate impact.
|
03-10-2019 - 00:03 | 13-09-2017 - 17:29 | |
CVE-2017-15089 | 6.5 |
It was found that the Hotrod client in Infinispan before 9.2.0.CR1 would unsafely read deserialized data on information from the cache. An authenticated attacker could inject a malicious object into the data cache and attain deserialization on the cl
|
04-06-2019 - 17:29 | 15-02-2018 - 17:29 |