236 matches found
CVE-2020-14307
A vulnerability was found in Wildfly's Enterprise Java Beans EJB, where SessionOpenInvocations are never removed from the remote InvocationTracker after a response is received in the EJB Client, as well as the server. This flaw allows an attacker to craft a denial of service attack to make the...
Moderate: Red Hat Security Advisory: EAP XP 1 security update to CVE fixes in the EAP 7.3.x base
This advisory resolves CVE issues filed against XP1 releases that have been fixed in the underlying EAP 7.3.x base. There are no changes to the EAP XP1 code base. NOTE: This advisory is informational only. There are no code changes associated with it. No action is required. Red Hat Product Securi...
CVE-2020-35510
A flaw was found in jboss-remoting in versions before 5.0.20.SP1-redhat-00001. A malicious attacker could cause threads to hold up forever in the EJB server by writing a sequence of bytes corresponding to the expected messages of a successful EJB client request, but omitting the ACK messages, or...
CVE-2020-35510
A flaw was found in jboss-remoting in versions before 5.0.20.SP1-redhat-00001. A malicious attacker could cause threads to hold up forever in the EJB server by writing a sequence of bytes corresponding to the expected messages of a successful EJB client request, but omitting the ACK messages, or...
CVE-2020-35510
A flaw was found in jboss-remoting in versions before 5.0.20.SP1-redhat-00001. A malicious attacker could cause threads to hold up forever in the EJB server by writing a sequence of bytes corresponding to the expected messages of a successful EJB client request, but omitting the ACK messages, or...
Liferay Portal and Liferay DXP have unspecified vulnerabilities (CNVD-2021-62988)
Liferay Portal and Liferay DXP are both products of Liferay, a J2EE-based portal solution that uses EJB and JMS technologies and serves as a web publishing and shared workspace, enterprise collaboration platform, social network, etc. Liferay DXP is a digital experience collaboration platform...
CVE-2021-20250
A flaw was found in wildfly. The JBoss EJB client has publicly accessible privileged actions which may lead to information disclosure on the server it is deployed on. The highest threat from this vulnerability is to data confidentiality...
CVE-2021-20250
A flaw was found in wildfly. The JBoss EJB client has publicly accessible privileged actions which may lead to information disclosure on the server it is deployed on. The highest threat from this vulnerability is to data confidentiality...
Design/Logic Flaw
A flaw was found in wildfly. The JBoss EJB client has publicly accessible privileged actions which may lead to information disclosure on the server it is deployed on. The highest threat from this vulnerability is to data confidentiality...
PT-2021-13857 · Red Hat · Jboss Ejb
Name of the Vulnerable Software and Affected Versions: Wildfly affected versions not specified Description: A flaw was found in the JBoss EJB client, which has publicly accessible privileged actions. This may lead to information disclosure on the server it is deployed on, with the highest threat...
jboss-remoting: Threads hold up forever in the EJB server by suppressing the ack from an EJB client
A flaw was found in jboss-remoting. A malicious attacker could cause threads to hold up forever in the EJB server by writing a sequence of bytes corresponding to the expected messages of a successful EJB client request, but omitting the ACK messages, or just tamper with jboss-remoting code,...
RHEL 6 : Red Hat JBoss Enterprise Application Platform 7.3.6 (RHSA-2021:0872)
The remote Redhat Enterprise Linux 6 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2021:0872 advisory. Red Hat JBoss Enterprise Application Platform 7 is a platform for Java applications based on the WildFly application runtime. This release o...
Moderate: Red Hat Security Advisory: Red Hat JBoss Enterprise Application Platform 7.3.6 security update
A security update is now available for Red Hat JBoss Enterprise Application Platform 7.3 for Red Hat Enterprise Linux 6. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity...
jboss-remoting: Threads hold up forever in the EJB server by suppressing the ack from an EJB client
A flaw was found in jboss-remoting. A malicious attacker could cause threads to hold up forever in the EJB server by writing a sequence of bytes corresponding to the expected messages of a successful EJB client request, but omitting the ACK messages, or just tamper with jboss-remoting code,...
jboss-remoting: Threads hold up forever in the EJB server by suppressing the ack from an EJB client
A flaw was found in jboss-remoting. A malicious attacker could cause threads to hold up forever in the EJB server by writing a sequence of bytes corresponding to the expected messages of a successful EJB client request, but omitting the ACK messages, or just tamper with jboss-remoting code,...
wildfly: Information disclosure due to publicly accessible privileged actions in JBoss EJB Client
A flaw was found in wildfly. The JBoss EJB client has publicly accessible privileged actions which may lead to information disclosure on the server it is deployed on. The highest threat from this vulnerability is to data confidentiality...
jboss-remoting: Threads hold up forever in the EJB server by suppressing the ack from an EJB client
A flaw was found in jboss-remoting. A malicious attacker could cause threads to hold up forever in the EJB server by writing a sequence of bytes corresponding to the expected messages of a successful EJB client request, but omitting the ACK messages, or just tamper with jboss-remoting code,...
CVE-2021-20250
A flaw was found in wildfly. The JBoss EJB client has publicly accessible privileged actions which may lead to information disclosure on the server it is deployed on. The highest threat from this vulnerability is to data confidentiality...
CVE-2020-35510
A flaw was found in jboss-remoting. A malicious attacker could cause threads to hold up forever in the EJB server by writing a sequence of bytes corresponding to the expected messages of a successful EJB client request, but omitting the ACK messages, or just tamper with jboss-remoting code,...
Exploit for CVE-2019-2888
CVE-2019-2888 WebLogic EJBTaglibDescriptor XXE漏洞 https://www.oracle.com/security-alerts/cpuoct2019.html fernflower.jar weblogic.jar/weblogic/servlet/ejb2jsp/dd/EJBTaglibDescriptor.class ╭─root@jas502n /var ╰─ find ./ |grep EJBTaglibDescriptor ✔ 8388 18:32:43...