236 matches found
wildfly: Wildfly management of EJB Session context returns wrong caller principal with Elytron Security enabled
A flaw was found in Wildfly, where it returns an incorrect caller principal under certain heavily concurrent situations when Elytron Security is used. This flaw allows an attacker to gain improper access to information they should not have...
wildfly: Wildfly management of EJB Session context returns wrong caller principal with Elytron Security enabled
A flaw was found in Wildfly, where it returns an incorrect caller principal under certain heavily concurrent situations when Elytron Security is used. This flaw allows an attacker to gain improper access to information they should not have...
CVE-2022-2764
A flaw was found in Undertow. Denial of service can be achieved as Undertow server waits for the LASTCHUNK forever for EJB invocations...
Design/Logic Flaw
A flaw was found in Undertow. Denial of service can be achieved as Undertow server waits for the LASTCHUNK forever for EJB invocations...
CVE-2022-2764
A flaw was found in Undertow. Denial of service can be achieved as Undertow server waits for the LASTCHUNK forever for EJB invocations...
CVE-2022-2764
CVE-2022-2764 concerns Undertow. A DoS can occur because the Undertow server waits for LAST_CHUNK forever during EJB invocations, impacting availability (per CVSS vector: Network, Low access, High impact to availability). Public details in the provided documents specify the vulnerability as a DoS...
CVE-2022-2764
A flaw was found in Undertow. Denial of service can be achieved as Undertow server waits for the LASTCHUNK forever for EJB invocations...
CVE-2022-2764
A flaw was found in Undertow. Denial of service can be achieved as Undertow server waits for the LASTCHUNK forever for EJB invocations...
CVE-2022-2764
A flaw was found in Undertow with EJB invocations. This flaw allows an attacker to generate a valid HTTP request and send it to the server on an established connection after removing the LASTCHUNK from the bytes, causing a denial of service...
Denial Of Service (DoS)
eap7 is vulnerable to denail of service. The vulnerability exists due to a concurrency issue that can result in the wrong caller principal being returned from the session context of an EJB that is configured with a RunAs principal...
wildfly: Wildfly management of EJB Session context returns wrong caller principal with Elytron Security enabled
A flaw was found in Wildfly, where it returns an incorrect caller principal under certain heavily concurrent situations when Elytron Security is used. This flaw allows an attacker to gain improper access to information they should not have...
br.eti.clairton:ds-test (=0.4.0), ch.inftec.ju:ju-ee (>=6.0-2 <=6.1-S-5) +103 more potentially affected by CVE-2021-20250 via org.jboss:jboss-ejb-client (>=1.0.0.Beta12 <=4.0.37.Final)
org.jboss:jboss-ejb-client MAVEN version =1.0.0.Beta12, =6.0-2, =4.1, =4.1, =1.0.1, =0.1.0, =0.1.0, =2.2, =8.0, =8.0, =0.2.4, =1.0.0.Alpha3, =0.1.0, =0.1.0, =0.12.0.Final, =1.0.0.CR2 and more Source cves: CVE-2021-20250 Source advisory: OSV:GHSA-2259-H742-5VR4...
GHSA-2259-H742-5VR4 JBoss EJB Client information disclosure vulnerability
A flaw was found in wildfly. The JBoss EJB client has publicly accessible privileged actions which may lead to information disclosure on the server it is deployed on. The highest threat from this vulnerability is to data confidentiality...
JBoss EJB Client information disclosure vulnerability
A flaw was found in wildfly. The JBoss EJB client has publicly accessible privileged actions which may lead to information disclosure on the server it is deployed on. The highest threat from this vulnerability is to data confidentiality...
br.eti.clairton:ds-test (=0.4.0), ch.inftec.ju:ju-ee (>=6.0-2 <=6.1-S-5) +103 more potentially affected by CVE-2020-14297 via org.jboss:jboss-ejb-client (>=1.0.0.Beta12 <=4.0.33.Final)
org.jboss:jboss-ejb-client MAVEN version =1.0.0.Beta12, =6.0-2, =4.1, =4.1, =1.0.1, =0.1.0, =0.1.0, =2.2, =8.0, =8.0, =0.2.4, =1.0.0.Alpha3, =0.1.0, =0.1.0, =0.12.0.Final, =1.0.0.CR2 and more Source cves: CVE-2020-14297 Source advisory: OSV:GHSA-QCCH-9268-59JW...
GHSA-QCCH-9268-59JW Wildfly EJB Client causes DoS
A flaw was discovered in Wildfly's EJB Client as shipped with Red Hat JBoss EAP 7, where some specific EJB transaction objects may get accumulated over the time and can cause services to slow down and eventually unavailable. An attacker can take advantage and cause denial of service attack and ma...
Wildfly EJB Client causes DoS
A flaw was discovered in Wildfly's EJB Client as shipped with Red Hat JBoss EAP 7, where some specific EJB transaction objects may get accumulated over the time and can cause services to slow down and eventually unavailable. An attacker can take advantage and cause denial of service attack and ma...
Wildfly Unsafe Deserialization Vulnerability
A vulnerability was found in Wildfly in versions before 20.0.0.Final, where a remote deserialization attack is possible in the Enterprise Application BeansEJB due to lack of validation/filtering capabilities in wildfly...
CVE-2022-0866
This is a concurrency issue that can result in the wrong caller principal being returned from the session context of an EJB that is configured with a RunAs principal. In particular, the org.jboss.as.ejb3.component.EJBComponent class has an incomingRunAsIdentity field. This field is used by the...
CVE-2022-0866
CVE-2022-0866 describes a concurrency issue in the EJB session context for RunAs-enabled components (EJBComponent) in JBoss/WildFly Elytron. The incomingRunAsIdentity field, currently a SecurityIdentity, can be concurrently accessed, causing getCallerPrincipal and isCallerInRole to return the wro...