Lucene search

K

Red Hat JBoss Enterprise Application Platform 7.4 On RHEL 7 Security Vulnerabilities

cve
cve

CVE-2024-1233

A flaw was found inJwtValidator.resolvePublicKey in JBoss EAP, where the validator checks jku and sends a HTTP request. During this process, no whitelisting or other filtering behavior is performed on the destination URL address, which may result in a server-side request forgery (SSRF)...

7.3CVSS

6.3AI Score

0.001EPSS

2024-04-09 07:15 AM
95
cve
cve

CVE-2023-5685

A flaw was found in XNIO. The XNIO NotifierState that can cause a Stack Overflow Exception when the chain of notifier states becomes problematically large can lead to uncontrolled resource management and a possible denial of service...

7.5CVSS

6.1AI Score

0.0004EPSS

2024-03-22 07:15 PM
218
cve
cve

CVE-2024-1635

A vulnerability was found in Undertow. This vulnerability impacts a server that supports the wildfly-http-client protocol. Whenever a malicious user opens and closes a connection with the HTTP port of the server and then closes the connection immediately, the server will end with both memory and...

7.5CVSS

7.2AI Score

0.0004EPSS

2024-02-19 10:15 PM
181
cve
cve

CVE-2023-4503

An improper initialization vulnerability was found in Galleon. When using Galleon to provision custom EAP or EAP-XP servers, the servers are created unsecured. This issue could allow an attacker to access remote HTTP services available from the...

7.5CVSS

7.2AI Score

0.001EPSS

2024-02-06 09:15 AM
56
cve
cve

CVE-2023-3171

A flaw was found in EAP-7 during deserialization of certain classes, which permits instantiation of HashMap and HashTable with no checks on resources consumed. This issue could allow an attacker to submit malicious requests using these classes, which could eventually exhaust the heap and result in....

7.5CVSS

7.3AI Score

0.004EPSS

2023-12-27 04:15 PM
88
cve
cve

CVE-2023-4061

A flaw was found in wildfly-core. A management user could use the resolve-expression in the HAL Interface to read possible sensitive information from the Wildfly system. This issue could allow a malicious user to access the system and obtain possible sensitive information from the...

6.5CVSS

5.9AI Score

0.001EPSS

2023-11-08 01:15 AM
125
cve
cve

CVE-2023-3223

A flaw was found in undertow. Servlets annotated with @MultipartConfig may cause an OutOfMemoryError due to large multipart content. This may allow unauthorized users to cause remote Denial of Service (DoS) attack. If the server uses fileSizeThreshold to limit the file size, it's possible to...

7.5CVSS

7.2AI Score

0.021EPSS

2023-09-27 03:18 PM
498
cve
cve

CVE-2023-1108

A flaw was found in undertow. This issue makes achieving a denial of service possible due to an unexpected handshake status updated in SslConduit, where the loop never...

7.5CVSS

7AI Score

0.001EPSS

2023-09-14 03:15 PM
2522