Lucene search
K

66 matches found

Veracode
Veracode
added 2020/09/15 1:53 a.m.213 views

Denial-of-Service (DoS)

jbossweb is vulnerable to denial of service DoS. The vulnerability exists because of an incomplete fix of CVE-2020-13935 for WebSocket in JBossWeb, leading to DoS...

7.5CVSS2.5AI score0.87553EPSS
Exploits1References5Affected Software65
RedHat Linux
RedHat Linux
added 2020/09/14 11:19 a.m.3 views

jbossweb: Incomplete fix of CVE-2020-13935 for WebSocket in JBossWeb could lead to DoS

A flaw was found in jbossweb. The fix for CVE-2020-13935 was incomplete in JBossWeb, leaving it vulnerable to a denial of service attack when sending multiple requests with invalid payload length in a WebSocket frame. The highest threat from this vulnerability is to system availability...

7.5CVSS7.1AI score0.87553EPSS
Exploits1References4
RedHat Linux
RedHat Linux
added 2020/09/14 11:4 a.m.3 views

jbossweb: Incomplete fix of CVE-2020-13935 for WebSocket in JBossWeb could lead to DoS

A flaw was found in jbossweb. The fix for CVE-2020-13935 was incomplete in JBossWeb, leaving it vulnerable to a denial of service attack when sending multiple requests with invalid payload length in a WebSocket frame. The highest threat from this vulnerability is to system availability...

7.5CVSS7.1AI score0.87553EPSS
Exploits1References4
OSV
OSV
added 2020/09/09 2:15 p.m.3 views

CVE-2020-14384

A flaw was found in JBossWeb in versions before 7.5.31.Final-redhat-3. The fix for CVE-2020-13935 was incomplete in JBossWeb, leaving it vulnerable to a denial of service attack when sending multiple requests with invalid payload length in a WebSocket frame. The highest threat from this...

7.5CVSS6.6AI score0.01356EPSS
Exploits0References1
NVD
NVD
added 2020/09/09 2:15 p.m.42 views

CVE-2020-14384

A flaw was found in JBossWeb in versions before 7.5.31.Final-redhat-3. The fix for CVE-2020-13935 was incomplete in JBossWeb, leaving it vulnerable to a denial of service attack when sending multiple requests with invalid payload length in a WebSocket frame. The highest threat from this...

7.5CVSS0.01356EPSS
Exploits0References1
Prion
Prion
added 2020/09/09 2:15 p.m.45 views

Design/Logic Flaw

A flaw was found in JBossWeb in versions before 7.5.31.Final-redhat-3. The fix for CVE-2020-13935 was incomplete in JBossWeb, leaving it vulnerable to a denial of service attack when sending multiple requests with invalid payload length in a WebSocket frame. The highest threat from this...

5CVSS7.2AI score0.87553EPSS
Exploits1References1Affected Software2
CVE
CVE
added 2020/09/09 1:17 p.m.177 views

CVE-2020-14384

Technical details for CVE-2020-14384 are not publicly available in the provided documents. Connected sources reference CVE-2020-13935 and related Tomcat/JBossWeb issues; monitor for updates.

7.5CVSS7.4AI score0.01356EPSS
Exploits0References1Affected Software2
Cvelist
Cvelist
added 2020/09/09 1:17 p.m.45 views

CVE-2020-14384

A flaw was found in JBossWeb in versions before 7.5.31.Final-redhat-3. The fix for CVE-2020-13935 was incomplete in JBossWeb, leaving it vulnerable to a denial of service attack when sending multiple requests with invalid payload length in a WebSocket frame. The highest threat from this...

7.6AI score0.01356EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2020/09/03 10:19 p.m.51 views

CVE-2020-14384

A flaw was found in jbossweb. The fix for CVE-2020-13935 was incomplete in JBossWeb, leaving it vulnerable to a denial of service attack when sending multiple requests with invalid payload length in a WebSocket frame. The highest threat from this vulnerability is to system availability. Mitigatio...

7.5CVSS7.5AI score0.87553EPSS
Exploits1References3
NVD
NVD
added 2019/12/11 2:15 p.m.20 views

CVE-2013-6495

JBossWeb Bayeux has reflected XSS...

6.1CVSS6.1AI score0.00648EPSS
Exploits0References2
Prion
Prion
added 2019/12/11 2:15 p.m.20 views

Cross site scripting

JBossWeb Bayeux has reflected XSS...

4.3CVSS6.2AI score0.00648EPSS
Exploits0References2Affected Software2
CVE
CVE
added 2019/12/11 1:48 p.m.74 views

CVE-2013-6495

CVE-2013-6495 concerns JBossWeb Bayeux with a reflected XSS vulnerability. Public details in the provided documents identify the flaw as a reflected XSS issue. NVD indicates CVSS2 base score 4.3 (MEDIUM) and CVSS3.1 base score 6.1 (MEDIUM). Connected entries list the CVE among Red Hat advisories ...

6.1CVSS6AI score0.00648EPSS
Exploits0References2Affected Software2
Cvelist
Cvelist
added 2019/12/11 1:48 p.m.20 views

CVE-2013-6495

JBossWeb Bayeux has reflected XSS...

6.1AI score0.00648EPSS
Exploits0References2
Veracode
Veracode
added 2019/01/15 8:58 a.m.39 views

Arbitrary File Write

jbossweb is vulnerable to arbitrary file write attacks. The vulnerability exists as the readObject method in the DiskFileItem class in Apache Tomcat and JBoss Web, as used in Red Hat JBoss Enterprise Application Platform 6.1.0 and Red Hat JBoss Portal 6.0.0, allows remote attackers to write to...

7.5CVSS8.3AI score0.12768EPSS
Exploits0References7Affected Software1
RedHat Linux
RedHat Linux
added 2018/09/24 10:9 p.m.112 views

Important: Red Hat Security Advisory: Red Hat JBoss Enterprise Application Platform 6.4.21 security update

An update is now available for Red Hat JBoss Enterprise Application Platform 6.4 for Red Hat Enterprise Linux 5. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, ...

7.5CVSS7.2AI score0.20599EPSS
Exploits0References19
RedHat Linux
RedHat Linux
added 2018/09/24 9:46 p.m.240 views

Important: Red Hat Security Advisory: Red Hat JBoss Enterprise Application Platform 6.4.21 security update

An update is now available for Red Hat JBoss Enterprise Application Platform 6.4 for Red Hat Enterprise Linux. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is...

7.5CVSS7.2AI score0.20599EPSS
Exploits0References20
RedHat Linux
RedHat Linux
added 2016/10/10 8:38 p.m.3 views

Tomcat/JbossWeb: security manager bypass via EL expressions

It was found that the expression language resolver evaluated expressions within a privileged code section. A malicious web application could use this flaw to bypass security manager protections...

5CVSS6.8AI score0.13872EPSS
Exploits0References7
RedHat Linux
RedHat Linux
added 2016/03/22 9:2 p.m.5 views

Tomcat/JbossWeb: security manager bypass via EL expressions

It was found that the expression language resolver evaluated expressions within a privileged code section. A malicious web application could use this flaw to bypass security manager protections...

5CVSS6.8AI score0.13872EPSS
Exploits0References7
RedHat Linux
RedHat Linux
added 2015/08/13 3:29 p.m.6 views

Tomcat/JbossWeb: security manager bypass via EL expressions

It was found that the expression language resolver evaluated expressions within a privileged code section. A malicious web application could use this flaw to bypass security manager protections...

5CVSS6.8AI score0.13872EPSS
Exploits0References7
RedHat Linux
RedHat Linux
added 2015/05/14 3:14 p.m.6 views

Tomcat/JBossWeb: XXE vulnerability via user supplied XSLTs

It was found that the org.apache.catalina.servlets.DefaultServlet implementation in JBoss Web / Apache Tomcat allowed the definition of XML External Entities XXEs in provided XSLTs. A malicious application could use this to circumvent intended security restrictions to disclose sensitive informati...

4.3CVSS6.5AI score0.06905EPSS
Exploits0References4
Rows per page
Query Builder