444 matches found
Important: Red Hat Security Advisory: Red Hat JBoss Enterprise Application Platform 6.4 security update
An update is now available for Red Hat JBoss Enterprise Application Platform 6.4. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each...
Important: Red Hat Security Advisory: Red Hat JBoss Enterprise Application Platform 7.4 security update
A security update is now available for Red Hat JBoss Enterprise Application Platform 7.4. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each...
Important: Red Hat Security Advisory: Red Hat JBoss Enterprise Application Platform 7.4 security update
A security update is now available for Red Hat JBoss Enterprise Application Platform 7.4. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each...
RHEL 8 : Red Hat JBoss Enterprise Application Platform 7.4.3 (RHSA-2022:0401)
The remote Redhat Enterprise Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2022:0401 advisory. Red Hat JBoss Enterprise Application Platform 7 is a platform for Java applications based on the WildFly application runtime. This release o...
RHEL 7 : Red Hat JBoss Enterprise Application Platform 7.4.3 (RHSA-2022:0400)
The remote Redhat Enterprise Linux 7 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2022:0400 advisory. Red Hat JBoss Enterprise Application Platform 7 is a platform for Java applications based on the WildFly application runtime. This release o...
Important: Red Hat Security Advisory: Red Hat JBoss Enterprise Application Platform 7.4.3 security update
A security update is now available for Red Hat JBoss Enterprise Application Platform 7.4 for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity...
Denial Of Service (DoS)
openjdk17 is vulnerable to denial of service. Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE component: Hotspot. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle Java SE, Oracle...
Oracle Java SE Input Validation Error Vulnerability (CNVD-2022-15483)
Oracle Java SE, an Oracle company, is used to develop and deploy Java applications on desktops, servers, and embedded devices and in real-time environments.Oracle Java SE is vulnerable to an input validation error that could be exploited by an attacker to cause unauthorized read access to a subse...
Oracle Java SE Input Validation Error Vulnerability (CNVD-2022-15489)
Oracle Java SE is an Oracle Corporation USA product for developing and deploying Java applications on desktops, servers, and embedded devices and in real-time environments.Oracle Java SE is vulnerable to an input validation error that could be exploited by an attacker to potentially cause an...
Oracle Java SE Input Validation Error Vulnerability (CNVD-2022-15485)
Oracle Java SE is an Oracle Corporation USA product for developing and deploying Java applications on desktops, servers, and embedded devices and in real-time environments.Oracle Java SE is vulnerable to an input validation error that could be exploited by an attacker to cause an unauthorized...
Low: Red Hat Security Advisory: Red Hat JBoss Enterprise Application Platform 7.4 security update
A security update is now available for Red Hat JBoss Enterprise Application Platform 7.4. Red Hat Product Security has rated this update as having a security impact of Low. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each...
How to Make Log4Shell Remediation Quick & Effective
Confronting the Log4Shell vulnerability in your environment has seemed anything but “easy” due to its prevalence in Java applications. Rapid remediation is critical. In this blog, Qualys offers some advice – and a new utility – to speed up the process. Remediation is a critical step to ensure tha...
Security Bulletin: Apache Log4j vulnerabilities impact z/Transaction Processing Facility (z/TPF) and TPF Operations Server (CVE-2021-45105, CVE-2021-45046)
Summary The Apache Log4j vulnerabilities affect the z/Transaction Processing Facility z/TPF system and TPF Operations Server. Several Java applications on the z/TPF system depend on Apache Log4j capabilities. Additionally, the 64-bit Java support in TPF Operations Server uses Apache Log4j...
How to Discover Log4Shell Vulnerabilities in Running Containers & Images
If you run Java applications in containers, then it is critical that you check for Log4Shell vulnerabilities, given the high severity of this potential exploit. Qualys Container Security offers multiple methods to help you detect Log4Shell in your container environment. The Container Security...
Our Journey to Detect Log4j-Vulnerable Machines
Log4Shell CVE-2021-44228 is a remote code execution RCE vulnerability in the Apache-foundation open-source logging library Log4j. It was published on December 9, 2021, and then all hell broke loose. As Log4j is a common logging library for Java applications, it is highly widespread...
Security Bulletin: The Apache Log4j (CVE-2021-44228) vulnerability affects z/TPF and TPF Operations Server
Summary The Apache Log4j vulnerability CVE-2021-44228 affects the z/Transaction Processing Facility z/TPF system and TPF Operations Server. Several Java applications on the z/TPF system depend on Apache Log4j capabilities. Additionally, the 64-bit Java support in TPF Operations Server uses Apache...
Quality Open Software logback remote code execution vulnerability
Quality Open Software logback is a logging framework for Java applications from Quality Open Software of Switzerland. quality Open Software logback in versions 1.2.7 and earlier is vulnerable to remote code execution, which stems from a failure to effectively filter user input. The vulnerability...
Out-of-Band Detection for Log4Shell
Log4j is the de facto logging library for all Java applications, as Log4j is used in most Java-based applications. The challenge is that Java applications that use the log4j-vulnerable library can be coded, packaged, and deployed using different methods – this introduces a challenge for detection...
Low: Red Hat Security Advisory: Red Hat JBoss Enterprise Application Platform 7.4 security update
A security update is now available for Red Hat JBoss Enterprise Application Platform 7.4. Red Hat Product Security has rated this update as having a security impact of Low. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each...
Log4Shell Exploit Detection and Response with Qualys Multi-Vector EDR
Author: Hiep Dang & Malware Threat Research Team On Dec 9, 2021, the world first learned about the Log4Shell vulnerability aka Log4J CVE-2021-44228 found in the Log4j2 library commonly used by Java applications. Since then, everyone in the cybersecurity industry has been scrambling to understand...