66 matches found
Denial-of-Service (DoS)
jbossweb is vulnerable to denial of service DoS. The vulnerability exists because of an incomplete fix of CVE-2020-13935 for WebSocket in JBossWeb, leading to DoS...
jbossweb: Incomplete fix of CVE-2020-13935 for WebSocket in JBossWeb could lead to DoS
A flaw was found in jbossweb. The fix for CVE-2020-13935 was incomplete in JBossWeb, leaving it vulnerable to a denial of service attack when sending multiple requests with invalid payload length in a WebSocket frame. The highest threat from this vulnerability is to system availability...
jbossweb: Incomplete fix of CVE-2020-13935 for WebSocket in JBossWeb could lead to DoS
A flaw was found in jbossweb. The fix for CVE-2020-13935 was incomplete in JBossWeb, leaving it vulnerable to a denial of service attack when sending multiple requests with invalid payload length in a WebSocket frame. The highest threat from this vulnerability is to system availability...
CVE-2020-14384
A flaw was found in JBossWeb in versions before 7.5.31.Final-redhat-3. The fix for CVE-2020-13935 was incomplete in JBossWeb, leaving it vulnerable to a denial of service attack when sending multiple requests with invalid payload length in a WebSocket frame. The highest threat from this...
CVE-2020-14384
A flaw was found in JBossWeb in versions before 7.5.31.Final-redhat-3. The fix for CVE-2020-13935 was incomplete in JBossWeb, leaving it vulnerable to a denial of service attack when sending multiple requests with invalid payload length in a WebSocket frame. The highest threat from this...
Design/Logic Flaw
A flaw was found in JBossWeb in versions before 7.5.31.Final-redhat-3. The fix for CVE-2020-13935 was incomplete in JBossWeb, leaving it vulnerable to a denial of service attack when sending multiple requests with invalid payload length in a WebSocket frame. The highest threat from this...
CVE-2020-14384
Technical details for CVE-2020-14384 are not publicly available in the provided documents. Connected sources reference CVE-2020-13935 and related Tomcat/JBossWeb issues; monitor for updates.
CVE-2020-14384
A flaw was found in JBossWeb in versions before 7.5.31.Final-redhat-3. The fix for CVE-2020-13935 was incomplete in JBossWeb, leaving it vulnerable to a denial of service attack when sending multiple requests with invalid payload length in a WebSocket frame. The highest threat from this...
CVE-2020-14384
A flaw was found in jbossweb. The fix for CVE-2020-13935 was incomplete in JBossWeb, leaving it vulnerable to a denial of service attack when sending multiple requests with invalid payload length in a WebSocket frame. The highest threat from this vulnerability is to system availability. Mitigatio...
CVE-2013-6495
JBossWeb Bayeux has reflected XSS...
Cross site scripting
JBossWeb Bayeux has reflected XSS...
CVE-2013-6495
CVE-2013-6495 concerns JBossWeb Bayeux with a reflected XSS vulnerability. Public details in the provided documents identify the flaw as a reflected XSS issue. NVD indicates CVSS2 base score 4.3 (MEDIUM) and CVSS3.1 base score 6.1 (MEDIUM). Connected entries list the CVE among Red Hat advisories ...
CVE-2013-6495
JBossWeb Bayeux has reflected XSS...
Arbitrary File Write
jbossweb is vulnerable to arbitrary file write attacks. The vulnerability exists as the readObject method in the DiskFileItem class in Apache Tomcat and JBoss Web, as used in Red Hat JBoss Enterprise Application Platform 6.1.0 and Red Hat JBoss Portal 6.0.0, allows remote attackers to write to...
Important: Red Hat Security Advisory: Red Hat JBoss Enterprise Application Platform 6.4.21 security update
An update is now available for Red Hat JBoss Enterprise Application Platform 6.4 for Red Hat Enterprise Linux 5. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, ...
Important: Red Hat Security Advisory: Red Hat JBoss Enterprise Application Platform 6.4.21 security update
An update is now available for Red Hat JBoss Enterprise Application Platform 6.4 for Red Hat Enterprise Linux. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is...
Tomcat/JbossWeb: security manager bypass via EL expressions
It was found that the expression language resolver evaluated expressions within a privileged code section. A malicious web application could use this flaw to bypass security manager protections...
Tomcat/JbossWeb: security manager bypass via EL expressions
It was found that the expression language resolver evaluated expressions within a privileged code section. A malicious web application could use this flaw to bypass security manager protections...
Tomcat/JbossWeb: security manager bypass via EL expressions
It was found that the expression language resolver evaluated expressions within a privileged code section. A malicious web application could use this flaw to bypass security manager protections...
Tomcat/JBossWeb: XXE vulnerability via user supplied XSLTs
It was found that the org.apache.catalina.servlets.DefaultServlet implementation in JBoss Web / Apache Tomcat allowed the definition of XML External Entities XXEs in provided XSLTs. A malicious application could use this to circumvent intended security restrictions to disclose sensitive informati...