Lucene search
K

236 matches found

RedHat Linux
RedHat Linux
added 2022/10/04 3:53 p.m.7 views

wildfly: Wildfly management of EJB Session context returns wrong caller principal with Elytron Security enabled

A flaw was found in Wildfly, where it returns an incorrect caller principal under certain heavily concurrent situations when Elytron Security is used. This flaw allows an attacker to gain improper access to information they should not have...

5.3CVSS5.8AI score0.00842EPSS
Exploits0References4
RedHat Linux
RedHat Linux
added 2022/10/04 3:35 p.m.10 views

wildfly: Wildfly management of EJB Session context returns wrong caller principal with Elytron Security enabled

A flaw was found in Wildfly, where it returns an incorrect caller principal under certain heavily concurrent situations when Elytron Security is used. This flaw allows an attacker to gain improper access to information they should not have...

5.3CVSS5.8AI score0.00842EPSS
Exploits0References4
UbuntuCve
UbuntuCve
added 2022/09/01 9:15 p.m.34 views

CVE-2022-2764

A flaw was found in Undertow. Denial of service can be achieved as Undertow server waits for the LASTCHUNK forever for EJB invocations...

4.9CVSS6.5AI score0.00787EPSS
Exploits0References1
Prion
Prion
added 2022/09/01 9:15 p.m.17 views

Design/Logic Flaw

A flaw was found in Undertow. Denial of service can be achieved as Undertow server waits for the LASTCHUNK forever for EJB invocations...

3.3CVSS5AI score0.00787EPSS
Exploits0References2Affected Software4
Cvelist
Cvelist
added 2022/09/01 12:0 a.m.31 views

CVE-2022-2764

A flaw was found in Undertow. Denial of service can be achieved as Undertow server waits for the LASTCHUNK forever for EJB invocations...

5.6AI score0.00787EPSS
Exploits0References2
CVE
CVE
added 2022/09/01 12:0 a.m.276 views

CVE-2022-2764

CVE-2022-2764 concerns Undertow. A DoS can occur because the Undertow server waits for LAST_CHUNK forever during EJB invocations, impacting availability (per CVSS vector: Network, Low access, High impact to availability). Public details in the provided documents specify the vulnerability as a DoS...

4.9CVSS5.1AI score0.00787EPSS
Exploits0References2Affected Software5
OSV
OSV
added 2022/09/01 12:0 a.m.21 views

CVE-2022-2764

A flaw was found in Undertow. Denial of service can be achieved as Undertow server waits for the LASTCHUNK forever for EJB invocations...

4.9CVSS9.3AI score0.00787EPSS
Exploits0References4
Debian CVE
Debian CVE
added 2022/09/01 12:0 a.m.39 views

CVE-2022-2764

A flaw was found in Undertow. Denial of service can be achieved as Undertow server waits for the LASTCHUNK forever for EJB invocations...

4.9CVSS5.7AI score0.00787EPSS
Exploits0
RedhatCVE
RedhatCVE
added 2022/08/11 8:38 a.m.56 views

CVE-2022-2764

A flaw was found in Undertow with EJB invocations. This flaw allows an attacker to generate a valid HTTP request and send it to the server on an established connection after removing the LASTCHUNK from the bytes, causing a denial of service...

4.2CVSS1.9AI score0.00787EPSS
Exploits0References3
Veracode
Veracode
added 2022/06/21 11:46 p.m.24 views

Denial Of Service (DoS)

eap7 is vulnerable to denail of service. The vulnerability exists due to a concurrency issue that can result in the wrong caller principal being returned from the session context of an EJB that is configured with a RunAs principal...

5.3CVSS7.1AI score0.00842EPSS
Exploits0References7Affected Software26
RedHat Linux
RedHat Linux
added 2022/06/06 3:11 p.m.2 views

wildfly: Wildfly management of EJB Session context returns wrong caller principal with Elytron Security enabled

A flaw was found in Wildfly, where it returns an incorrect caller principal under certain heavily concurrent situations when Elytron Security is used. This flaw allows an attacker to gain improper access to information they should not have...

5.3CVSS5.8AI score0.00842EPSS
Exploits0References4
vulnersOsv
vulnersOsv
added 2022/05/24 7:2 p.m.9 views

br.eti.clairton:ds-test (=0.4.0), ch.inftec.ju:ju-ee (>=6.0-2 <=6.1-S-5) +103 more potentially affected by CVE-2021-20250 via org.jboss:jboss-ejb-client (>=1.0.0.Beta12 <=4.0.37.Final)

org.jboss:jboss-ejb-client MAVEN version =1.0.0.Beta12, =6.0-2, =4.1, =4.1, =1.0.1, =0.1.0, =0.1.0, =2.2, =8.0, =8.0, =0.2.4, =1.0.0.Alpha3, =0.1.0, =0.1.0, =0.12.0.Final, =1.0.0.CR2 and more Source cves: CVE-2021-20250 Source advisory: OSV:GHSA-2259-H742-5VR4...

4.3CVSS5.8AI score0.00743EPSS
Exploits0
OSV
OSV
added 2022/05/24 7:2 p.m.66 views

GHSA-2259-H742-5VR4 JBoss EJB Client information disclosure vulnerability

A flaw was found in wildfly. The JBoss EJB client has publicly accessible privileged actions which may lead to information disclosure on the server it is deployed on. The highest threat from this vulnerability is to data confidentiality...

4.3CVSS5.3AI score0.00743EPSS
Exploits0References2
Github Security Blog
Github Security Blog
added 2022/05/24 7:2 p.m.36 views

JBoss EJB Client information disclosure vulnerability

A flaw was found in wildfly. The JBoss EJB client has publicly accessible privileged actions which may lead to information disclosure on the server it is deployed on. The highest threat from this vulnerability is to data confidentiality...

4.3CVSS1.9AI score0.00743EPSS
Exploits0References3Affected Software1
vulnersOsv
vulnersOsv
added 2022/05/24 5:24 p.m.5 views

br.eti.clairton:ds-test (=0.4.0), ch.inftec.ju:ju-ee (>=6.0-2 <=6.1-S-5) +103 more potentially affected by CVE-2020-14297 via org.jboss:jboss-ejb-client (>=1.0.0.Beta12 <=4.0.33.Final)

org.jboss:jboss-ejb-client MAVEN version =1.0.0.Beta12, =6.0-2, =4.1, =4.1, =1.0.1, =0.1.0, =0.1.0, =2.2, =8.0, =8.0, =0.2.4, =1.0.0.Alpha3, =0.1.0, =0.1.0, =0.12.0.Final, =1.0.0.CR2 and more Source cves: CVE-2020-14297 Source advisory: OSV:GHSA-QCCH-9268-59JW...

6.5CVSS6.7AI score0.01203EPSS
Exploits0
OSV
OSV
added 2022/05/24 5:24 p.m.82 views

GHSA-QCCH-9268-59JW Wildfly EJB Client causes DoS

A flaw was discovered in Wildfly's EJB Client as shipped with Red Hat JBoss EAP 7, where some specific EJB transaction objects may get accumulated over the time and can cause services to slow down and eventually unavailable. An attacker can take advantage and cause denial of service attack and ma...

6.5CVSS7.5AI score0.01203EPSS
Exploits0References24
Github Security Blog
Github Security Blog
added 2022/05/24 5:24 p.m.36 views

Wildfly EJB Client causes DoS

A flaw was discovered in Wildfly's EJB Client as shipped with Red Hat JBoss EAP 7, where some specific EJB transaction objects may get accumulated over the time and can cause services to slow down and eventually unavailable. An attacker can take advantage and cause denial of service attack and ma...

6.5CVSS7.6AI score0.01203EPSS
Exploits0References24Affected Software1
Github Security Blog
Github Security Blog
added 2022/05/24 5:21 p.m.47 views

Wildfly Unsafe Deserialization Vulnerability

A vulnerability was found in Wildfly in versions before 20.0.0.Final, where a remote deserialization attack is possible in the Enterprise Application BeansEJB due to lack of validation/filtering capabilities in wildfly...

7.5CVSS6.9AI score0.0172EPSS
Exploits0References3Affected Software1
NVD
NVD
added 2022/05/10 9:15 p.m.25 views

CVE-2022-0866

This is a concurrency issue that can result in the wrong caller principal being returned from the session context of an EJB that is configured with a RunAs principal. In particular, the org.jboss.as.ejb3.component.EJBComponent class has an incomingRunAsIdentity field. This field is used by the...

5.3CVSS0.00842EPSS
Exploits0References1
CVE
CVE
added 2022/05/10 8:20 p.m.162 views

CVE-2022-0866

CVE-2022-0866 describes a concurrency issue in the EJB session context for RunAs-enabled components (EJBComponent) in JBoss/WildFly Elytron. The incomingRunAsIdentity field, currently a SecurityIdentity, can be concurrently accessed, causing getCallerPrincipal and isCallerInRole to return the wro...

5.3CVSS5.3AI score0.00842EPSS
Exploits0References1Affected Software3
Rows per page
Query Builder