236 matches found
org.jboss.eap:wildfly-ejb3: Improper Deserialization in JBoss Marshalling Allows Remote Code Execution
A security flaw exists in WildFly and JBoss Enterprise Application Platform EAP within the Enterprise JavaBeans EJB remote invocation mechanism. This vulnerability stems from untrusted data deserialization handled by JBoss Marshalling. This flaw allows an attacker to send a specially crafted...
org.jboss.eap:wildfly-ejb3: Improper Deserialization in JBoss Marshalling Allows Remote Code Execution
A security flaw exists in WildFly and JBoss Enterprise Application Platform EAP within the Enterprise JavaBeans EJB remote invocation mechanism. This vulnerability stems from untrusted data deserialization handled by JBoss Marshalling. This flaw allows an attacker to send a specially crafted...
Red Hat JBoss Enterprise Application Platform和Red Hat Wildfly 代码问题漏洞
Red Hat JBoss Enterprise Application Platform EAP and Red Hat Wildfly are both products of Red Hat, Inc.Red Hat JBoss Enterprise Application Platform is an open source, J2EE-based middleware platform. J2EE-based middleware platform. The platform is mainly used for building, deploying and hosting...
PT-2025-15231
Name of the Vulnerable Software and Affected Versions WildFly affected versions not specified JBoss Enterprise Application Platform EAP affected versions not specified Description A security flaw exists within the Enterprise JavaBeans EJB remote invocation mechanism, stemming from untrusted data...
EJBCA 注入漏洞
EJBCA is an open source Public Key Infrastructure PKI and Certificate Authority CA software from Keyfactor Open Source. An injection vulnerability exists in EJBCA version 8.0 that stems from a redirection attack that could result from modifying the Host header...
Fedora: Security Advisory for aopalliance (FEDORA-2024-129d8ca6fc)
The remote host is missing an update for the SPDX-FileCopyrightText: 2024 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
[SECURITY] Fedora 40 Update: scannotation-1.0.3-0.33.r12.fc40
Scannotation is a Java library that creates an annotation database from a set of .class files.This database is really just a set of maps that in dex what annotations are used and what classes are using them. Why do you need th is? What if you are an annotation framework like an EJB 3.0 container...
BIT-WILDFLY-2020-10740
A vulnerability was found in Wildfly in versions before 20.0.0.Final, where a remote deserialization attack is possible in the Enterprise Application BeansEJB due to lack of validation/filtering capabilities in wildfly...
Red Hat WildFly < 20.0.0 Multiple Vulnerabilities
Red Hat WildFly is prone to multiple vulnerabilities. SPDX-FileCopyrightText: 2023 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE = "cpe:/a:redhat:wildfly";...
Undertow: DoS can be achieved as Undertow server waits for the LAST_CHUNK forever for EJB invocations
A flaw was found in Undertow with EJB invocations. This flaw allows an attacker to generate a valid HTTP request and send it to the server on an established connection after removing the LASTCHUNK from the bytes, causing a denial of service...
Undertow: DoS can be achieved as Undertow server waits for the LAST_CHUNK forever for EJB invocations
A flaw was found in Undertow with EJB invocations. This flaw allows an attacker to generate a valid HTTP request and send it to the server on an established connection after removing the LASTCHUNK from the bytes, causing a denial of service...
Undertow: DoS can be achieved as Undertow server waits for the LAST_CHUNK forever for EJB invocations
A flaw was found in Undertow with EJB invocations. This flaw allows an attacker to generate a valid HTTP request and send it to the server on an established connection after removing the LASTCHUNK from the bytes, causing a denial of service...
CVE-2014-125038 IS_Projecto2 NewsBean.java sql injection
A vulnerability has been found in ISProjecto2 and classified as critical. This vulnerability affects unknown code of the file Cnn-EJB/ejbModule/ejbs/NewsBean.java. The manipulation of the argument date leads to sql injection. The name of the patch is aa128b2c9c9fdcbbf5ecd82c1e92103573017fe0. It i...
RHEL 7 : Red Hat JBoss Enterprise Application Platform 7.4.8 Security update (Low) (RHSA-2022:8790)
The remote Redhat Enterprise Linux 7 host has a package installed that is affected by a vulnerability as referenced in the RHSA-2022:8790 advisory. Red Hat JBoss Enterprise Application Platform 7 is a platform for Java applications based on the WildFly application runtime. This release of Red Hat...
Low: Red Hat Security Advisory: Red Hat JBoss Enterprise Application Platform 7.4.8 security update
A security update is now available for Red Hat JBoss Enterprise Application Platform 7.4. Red Hat Product Security has rated this update as having a security impact of Low. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each...
Undertow: DoS can be achieved as Undertow server waits for the LAST_CHUNK forever for EJB invocations
A flaw was found in Undertow with EJB invocations. This flaw allows an attacker to generate a valid HTTP request and send it to the server on an established connection after removing the LASTCHUNK from the bytes, causing a denial of service...
Low: Red Hat Security Advisory: Red Hat JBoss Enterprise Application Platform 7.4.8 Security update
A security update is now available for Red Hat JBoss Enterprise Application Platform 7.4 for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Low. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating...
Moderate: Red Hat Security Advisory: Red Hat Single Sign-On 7.6.1 security update on RHEL 8
New Red Hat Single Sign-On 7.6.1 packages are now available for Red Hat Enterprise Linux 8. Red Hat Product Security has rated this update as having a security impact of none. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each...
wildfly: Wildfly management of EJB Session context returns wrong caller principal with Elytron Security enabled
A flaw was found in Wildfly, where it returns an incorrect caller principal under certain heavily concurrent situations when Elytron Security is used. This flaw allows an attacker to gain improper access to information they should not have...
wildfly: Wildfly management of EJB Session context returns wrong caller principal with Elytron Security enabled
A flaw was found in Wildfly, where it returns an incorrect caller principal under certain heavily concurrent situations when Elytron Security is used. This flaw allows an attacker to gain improper access to information they should not have...