21 matches found
EUVD-2013-4056
Malware in sbrugna...
EUVD-2013-4118
Malware in sbrugna...
EUVD-2022-35006
Malicious code in bioql PyPI...
Undertow: DoS can be achieved as Undertow server waits for the LAST_CHUNK forever for EJB invocations
A flaw was found in Undertow with EJB invocations. This flaw allows an attacker to generate a valid HTTP request and send it to the server on an established connection after removing the LASTCHUNK from the bytes, causing a denial of service...
Undertow: DoS can be achieved as Undertow server waits for the LAST_CHUNK forever for EJB invocations
A flaw was found in Undertow with EJB invocations. This flaw allows an attacker to generate a valid HTTP request and send it to the server on an established connection after removing the LASTCHUNK from the bytes, causing a denial of service...
Undertow: DoS can be achieved as Undertow server waits for the LAST_CHUNK forever for EJB invocations
A flaw was found in Undertow with EJB invocations. This flaw allows an attacker to generate a valid HTTP request and send it to the server on an established connection after removing the LASTCHUNK from the bytes, causing a denial of service...
RHEL 7 : Red Hat JBoss Enterprise Application Platform 7.4.8 Security update (Low) (RHSA-2022:8790)
The remote Redhat Enterprise Linux 7 host has a package installed that is affected by a vulnerability as referenced in the RHSA-2022:8790 advisory. Red Hat JBoss Enterprise Application Platform 7 is a platform for Java applications based on the WildFly application runtime. This release of Red Hat...
Low: Red Hat Security Advisory: Red Hat JBoss Enterprise Application Platform 7.4.8 security update
A security update is now available for Red Hat JBoss Enterprise Application Platform 7.4. Red Hat Product Security has rated this update as having a security impact of Low. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each...
Undertow: DoS can be achieved as Undertow server waits for the LAST_CHUNK forever for EJB invocations
A flaw was found in Undertow with EJB invocations. This flaw allows an attacker to generate a valid HTTP request and send it to the server on an established connection after removing the LASTCHUNK from the bytes, causing a denial of service...
Low: Red Hat Security Advisory: Red Hat JBoss Enterprise Application Platform 7.4.8 Security update
A security update is now available for Red Hat JBoss Enterprise Application Platform 7.4 for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Low. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating...
CVE-2022-2764
A flaw was found in Undertow. Denial of service can be achieved as Undertow server waits for the LASTCHUNK forever for EJB invocations...
CVE-2022-2764
A flaw was found in Undertow. Denial of service can be achieved as Undertow server waits for the LASTCHUNK forever for EJB invocations...
Design/Logic Flaw
A flaw was found in Undertow. Denial of service can be achieved as Undertow server waits for the LASTCHUNK forever for EJB invocations...
CVE-2022-2764
CVE-2022-2764 concerns Undertow. A DoS can occur because the Undertow server waits for LAST_CHUNK forever during EJB invocations, impacting availability (per CVSS vector: Network, Low access, High impact to availability). Public details in the provided documents specify the vulnerability as a DoS...
CVE-2022-2764
A flaw was found in Undertow. Denial of service can be achieved as Undertow server waits for the LASTCHUNK forever for EJB invocations...
CVE-2022-2764
A flaw was found in Undertow. Denial of service can be achieved as Undertow server waits for the LASTCHUNK forever for EJB invocations...
CVE-2022-2764
A flaw was found in Undertow with EJB invocations. This flaw allows an attacker to generate a valid HTTP request and send it to the server on an established connection after removing the LASTCHUNK from the bytes, causing a denial of service...
Session Hijacking
jboss-remote-naming is vulnerable to session hijacking attacks. The vulnerability exists as Red Hat JBoss Enterprise Application Platform EAP 6.1.0 does not properly cache EJB invocations by remote-naming, which allows remote attackers to hijack sessions by using a remoting client...
JBoss Portal 6.1.0 Update (RHSA-2013:1437)
The version of JBoss Enterprise Portal Platform on the remote system is affected by the following issues: - A flaw in CSRF prevention filter in JBoss Web could allow remote attackers to bypass the cross-site request forgery CSRF protection mechanism via a request that lacks a session identifier...
remote-naming: Session fixation due improper connection caching
Red Hat JBoss Enterprise Application Platform EAP 6.1.0 does not properly cache EJB invocations by remote-naming, which allows remote attackers to hijack sessions by using a remoting client...