Lucene search
K

1668 matches found

Veracode
Veracode
added 5 days ago6 views

Sensitive Information Exposure

Apache Camel Undertow Component is vulnerable to Sensitive Information Exposure. The vulnerability is due to improper handling of exception responses, where processing errors return full Java stack traces instead of suppressing them, allowing attackers to obtain sensitive information such as...

5.3CVSS5.9AI score0.00363EPSS
Exploits0References4Affected Software2
RedhatCVE
RedhatCVE
added 6 days ago5 views

CVE-2026-56139

A flaw was found in the Apache Camel Undertow component. The camel-undertow HTTP server consumer, when processing errors, could return full Java stack traces in HTTP responses. This occurs because the muteException option, which controls what is returned to the client during errors, defaulted to...

5.3CVSS5.8AI score0.00363EPSS
Exploits0References4
RedHat Linux
RedHat Linux
added last week5 views

jastow: Jastow Cross-Site Scripting attack due to unsanitized URI

A flaw was found in Jastow. Jastow is vulnerable to Cross-Site Scripting XSS attack. If using a set of combined configuration to allow unescaped characters in URL with embedded Undertow and Jastow, a server might be vulnerable to improper input handling...

6.5CVSS5.9AI score0.00246EPSS
Exploits0References4
RedHat Linux
RedHat Linux
added last week6 views

jastow: Jastow Cross-Site Scripting attack due to unsanitized URI

A flaw was found in Jastow. Jastow is vulnerable to Cross-Site Scripting XSS attack. If using a set of combined configuration to allow unescaped characters in URL with embedded Undertow and Jastow, a server might be vulnerable to improper input handling...

6.5CVSS5.9AI score0.00246EPSS
Exploits0References4
RedHat Linux
RedHat Linux
added last week5 views

jastow: Jastow Cross-Site Scripting attack due to unsanitized URI

A flaw was found in Jastow. Jastow is vulnerable to Cross-Site Scripting XSS attack. If using a set of combined configuration to allow unescaped characters in URL with embedded Undertow and Jastow, a server might be vulnerable to improper input handling...

6.5CVSS5.9AI score0.00246EPSS
Exploits0References4
RedHat Linux
RedHat Linux
added last week4 views

jastow: Jastow Cross-Site Scripting attack due to unsanitized URI

A flaw was found in Jastow. Jastow is vulnerable to Cross-Site Scripting XSS attack. If using a set of combined configuration to allow unescaped characters in URL with embedded Undertow and Jastow, a server might be vulnerable to improper input handling...

6.5CVSS5.9AI score0.00246EPSS
Exploits0References4
RedHat Linux
RedHat Linux
added last week5 views

Moderate: Red Hat Security Advisory: Red Hat JBoss Enterprise Application Platform 8.1.7 security update

A security update is now available for Red Hat JBoss Enterprise Application Platform 8.1. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each...

6.5CVSS6AI score0.00246EPSS
Exploits0References16
NVD
NVD
added last week9 views

CVE-2025-12799

A flaw was found in Jastow. Jastow is vulnerable to Cross-Site Scripting XSS attack. If using a set of combined configuration to allow unescaped characters in URL with embedded Undertow and Jastow, a server might be vulnerable to improper input handling...

6.5CVSS0.00246EPSS
Exploits0References6
CVE
CVE
added last week14 views

CVE-2025-12799

CVE-2025-12799 affects Jastow and is described as a Cross-Site Scripting (XSS) vulnerability that arises when a configuration allows unescaped characters in URLs with embedded Undertow and Jastow, indicating improper input handling. The CVSS 3.1 base vector shows a Network attack vector, high aut...

6.5CVSS5.9AI score0.00246EPSS
Exploits0References6
Cvelist
Cvelist
added last week35 views

CVE-2025-12799 Jastow: jastow cross-site scripting attack due to unsanitized uri

A flaw was found in Jastow. Jastow is vulnerable to Cross-Site Scripting XSS attack. If using a set of combined configuration to allow unescaped characters in URL with embedded Undertow and Jastow, a server might be vulnerable to improper input handling...

6.5CVSS0.00246EPSS
Exploits0References6
ATTACKERKB
ATTACKERKB
added last week9 views

CVE-2025-12799

A flaw was found in Jastow. Jastow is vulnerable to Cross-Site Scripting XSS attack. If using a set of combined configuration to allow unescaped characters in URL with embedded Undertow and Jastow, a server might be vulnerable to improper input handling...

6.5CVSS5.9AI score0.00246EPSS
Exploits0References7
EUVD
EUVD
added last week5 views

EUVD-2025-210439

A flaw was found in Jastow. Jastow is vulnerable to Cross-Site Scripting XSS attack. If using a set of combined configuration to allow unescaped characters in URL with embedded Undertow and Jastow, a server might be vulnerable to improper input handling...

6.5CVSS5.9AI score0.00246EPSS
Exploits0References6
RedhatCVE
RedhatCVE
added last week6 views

CVE-2025-12799

A flaw was found in Jastow. Jastow is vulnerable to Cross-Site Scripting XSS attack. If using a set of combined configuration to allow unescaped characters in URL with embedded Undertow and Jastow, a server might be vulnerable to improper input handling. Mitigation It is possible to contruct...

6.5CVSS5.9AI score0.00246EPSS
Exploits0References3
Positive Technologies
Positive Technologies
added 2026/07/07 12:0 a.m.9 views

PT-2026-56203

Name of the Vulnerable Software and Affected Versions Jastow affected versions not specified Description Jastow is susceptible to Cross-Site Scripting XSS, a flaw where malicious scripts are injected into trusted websites. This occurs due to improper input handling of unsanitized URIs when a...

6.5CVSS6.1AI score0.00246EPSS
Exploits0References12
Tenable Nessus
Tenable Nessus
added 2026/07/07 12:0 a.m.11 views

RHEL 8 : Red Hat JBoss Enterprise Application Platform 8.1.7 (RHSA-2026:36342)

The remote Redhat Enterprise Linux 8 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2026:36342 advisory. Red Hat JBoss Enterprise Application Platform 8 is a platform for Java applications based on the WildFly application runtime. This release of Red Ha...

6.5CVSS6AI score0.00246EPSS
Exploits0References20
NVD
NVD
added 2026/07/06 9:16 a.m.8 views

CVE-2026-56139

Generation of Error Message Containing Sensitive Information vulnerability in Apache Camel Undertow Component. The camel-undertow HTTP server consumer exposes a muteException option that controls what is returned to the client when a route processing error occurs. This option defaulted to false,...

5.3CVSS0.00363EPSS
Exploits0References2
Cvelist
Cvelist
added 2026/07/06 8:15 a.m.32 views

CVE-2026-56139 Apache Camel Undertow: The muteException consumer option defaulted to false, so a processing error returned the full Java stack trace in the HTTP response body, disclosing sensitive internal information to unauthenticated clients

Generation of Error Message Containing Sensitive Information vulnerability in Apache Camel Undertow Component. The camel-undertow HTTP server consumer exposes a muteException option that controls what is returned to the client when a route processing error occurs. This option defaulted to false,...

0.00363EPSS
Exploits0References1
EUVD
EUVD
added 2026/07/06 8:15 a.m.7 views

EUVD-2026-41851

Generation of Error Message Containing Sensitive Information vulnerability in Apache Camel Undertow Component. The camel-undertow HTTP server consumer exposes a muteException option that controls what is returned to the client when a route processing error occurs. This option defaulted to false,...

5.3CVSS5.8AI score0.00363EPSS
Exploits0References1
CVE
CVE
added 2026/07/06 8:15 a.m.12 views

CVE-2026-56139

CVE-2026-56139 concerns Apache Camel Undertow: the muteException option on the Undertow HTTP server consumer defaulted to false, causing processing errors to return the full Java stack trace in HTTP responses. This exposed sensitive information (credentials in messages, host/IPs, filesystem paths...

5.3CVSS5.8AI score0.00363EPSS
Exploits0References2Affected Software1
ATTACKERKB
ATTACKERKB
added 2026/07/06 8:15 a.m.6 views

CVE-2026-56139

Generation of Error Message Containing Sensitive Information vulnerability in Apache Camel Undertow Component. The camel-undertow HTTP server consumer exposes a muteException option that controls what is returned to the client when a route processing error occurs. This option defaulted to false,...

5.8AI score0.00363EPSS
Exploits0References2Affected Software1
Rows per page
Query Builder