Lucene search

Jboss Middleware Security Vulnerabilities

cve

CVE-2018-1304

The URL pattern of "" (the empty string) which exactly maps to the context root was not correctly handled in Apache Tomcat 9.0.0.M1 to 9.0.4, 8.5.0 to 8.5.27, 8.0.0.RC1 to 8.0.49 and 7.0.0 to 7.0.84 when used as part of a security constraint definition. This caused the constraint to be ignored. It ...

5.9CVSS

6.7AI Score

0.002EPSS

2018-02-28 08:29 PM

205

cve

CVE-2023-4065

A flaw was found in Red Hat AMQ Broker Operator, where it displayed a password defined in ActiveMQArtemisAddress CR, shown in plain text in the Operator Log. This flaw allows an authenticated local attacker to access information outside of their permissions.

5.5CVSS

5.2AI Score

0.0004EPSS

2023-09-27 03:19 PM

cve

CVE-2023-4066

A flaw was found in Red Hat's AMQ Broker, which stores certain passwords in a secret security-properties-prop-module, defined in ActivemqArtemisSecurity CR; however, they are shown in plaintext in the StatefulSet details yaml of AMQ Broker.

5.5CVSS

5.4AI Score

0.0004EPSS

2023-09-27 09:15 PM

cve

CVE-2023-4853

A flaw was found in Quarkus where HTTP security policies are not sanitizing certain character permutations correctly when accepting requests, resulting in incorrect evaluation of permissions. This issue could allow an attacker to bypass the security policy altogether, resulting in unauthorized endp...

8.1CVSS

7.5AI Score

0.002EPSS

2023-09-20 10:15 AM

127