Max CVSS 7.5 Min CVSS 2.1 Total Count2
IDCVSSSummaryLast (major) updatePublished
CVE-2017-7525 7.5
A deserialization flaw was discovered in the jackson-databind, versions before 2.6.7.1, 2.7.9.1 and 2.8.9, which could allow an unauthenticated user to perform code execution by sending the maliciously crafted input to the readValue method of the Obj
08-06-2023 - 17:57 06-02-2018 - 15:29
CVE-2016-4978 6.0
The getObject method of the javax.jms.ObjectMessage class in the (1) JMS Core client, (2) Artemis broker, and (3) Artemis REST component in Apache ActiveMQ Artemis before 1.4.0 might allow remote authenticated users with permission to send messages t
12-02-2023 - 23:22 27-09-2016 - 15:59
CVE-2017-7536 4.4
In Hibernate Validator 5.2.x before 5.2.5 final, 5.3.x, and 5.4.x, it was found that when the security manager's reflective permissions, which allows it to access the private members of the class, are granted to Hibernate Validator, a potential privi
10-03-2022 - 13:57 10-01-2018 - 15:29
CVE-2017-7559 5.8
In Undertow 2.x before 2.0.0.Alpha2, 1.4.x before 1.4.17.Final, and 1.3.x before 1.3.31.Final, it was found that the fix for CVE-2017-2666 was incomplete and invalid characters are still allowed in the query string and path parameters. This could be
09-10-2019 - 23:29 10-01-2018 - 15:29
CVE-2017-2670 5.0
It was found in Undertow before 1.3.28 that with non-clean TCP close, the Websocket server gets into infinite loop on every IO thread, effectively causing DoS.
09-10-2019 - 23:27 27-07-2018 - 15:29
CVE-2017-2666 6.4
It was discovered in Undertow that the code that parsed the HTTP request line permitted invalid characters. This could be exploited, in conjunction with a proxy that also permitted the invalid characters but with a different interpretation, to inject
09-10-2019 - 23:27 27-07-2018 - 14:29
CVE-2017-2595 4.0
It was found that the log file viewer in Red Hat JBoss Enterprise Application 6 and 7 allows arbitrary file read to authenticated user via path traversal.
09-10-2019 - 23:26 27-07-2018 - 15:29
CVE-2017-12167 2.1
It was found in EAP 7 before 7.0.9 that properties based files of the management and the application realm configuration that contain user to role mapping are world readable allowing access to users and roles information to all the users logged in to
09-10-2019 - 23:22 26-07-2018 - 17:29
CVE-2017-12165 5.0
It was discovered that Undertow before 1.4.17, 1.3.31 and 2.0.0 processes http request headers with unusual whitespaces which can cause possible http request smuggling.
09-10-2019 - 23:22 27-07-2018 - 15:29
CVE-2016-8627 4.3
admin-cli before versions 3.0.0.alpha25, 2.2.1.cr2 is vulnerable to an EAP feature to download server log files that allows logs to be available via GET requests making them vulnerable to cross-origin attacks. An attacker could trigger the user's bro
09-10-2019 - 23:20 11-05-2018 - 13:29
CVE-2016-9589 5.0
Undertow in Red Hat wildfly before version 11.0.0.Beta1 is vulnerable to a resource exhaustion resulting in a denial of service. Undertow keeps a cache of seen HTTP headers in persistent connections. It was found that this cache can easily exploited
09-10-2019 - 23:20 12-03-2018 - 15:29
CVE-2016-8656 4.6
Jboss jbossas before versions 5.2.0-23, 6.4.13, 7.0.5 is vulnerable to an unsafe file handling in the jboss init script which could result in local privilege escalation.
09-10-2019 - 23:20 22-05-2018 - 17:29
CVE-2016-7061 4.0
An information disclosure vulnerability was found in JBoss Enterprise Application Platform before 7.0.4. It was discovered that when configuring RBAC and marking information as sensitive, users with a Monitor role are able to view the sensitive infor
09-10-2019 - 23:19 10-09-2018 - 16:29
CVE-2016-7046 7.1
Red Hat JBoss Enterprise Application Platform (EAP) 7, when operating as a reverse-proxy with default buffer sizes, allows remote attackers to cause a denial of service (CPU and disk consumption) via a long URL.
15-12-2017 - 02:29 03-10-2016 - 21:59
CVE-2016-4993 4.3
CRLF injection vulnerability in the Undertow web server in WildFly 10.0.0, as used in Red Hat JBoss Enterprise Application Platform (EAP) 7.x before 7.0.2, allows remote attackers to inject arbitrary HTTP headers and conduct HTTP response splitting a
15-12-2017 - 02:29 26-09-2016 - 14:59
CVE-2016-6311 5.0
Get requests in JBoss Enterprise Application Platform (EAP) 7 disclose internal IP addresses to remote attackers.
15-12-2017 - 02:29 22-08-2017 - 18:29
CVE-2016-5406 6.5
The domain controller in Red Hat JBoss Enterprise Application Platform (EAP) 7.x before 7.0.2 allows remote authenticated users to gain privileges by leveraging failure to propagate administrative RBAC configuration to all slaves.
15-12-2017 - 02:29 26-09-2016 - 14:59
Back to Top Mark selected
Back to Top