Lucene search
K

236 matches found

RedhatCVE
RedhatCVE
added 2021/08/01 7:21 a.m.38 views

CVE-2020-14307

A vulnerability was found in Wildfly's Enterprise Java Beans EJB, where SessionOpenInvocations are never removed from the remote InvocationTracker after a response is received in the EJB Client, as well as the server. This flaw allows an attacker to craft a denial of service attack to make the...

4CVSS4.4AI score0.01203EPSS
Exploits0References3
RedHat Linux
RedHat Linux
added 2021/06/02 2:23 p.m.124 views

Moderate: Red Hat Security Advisory: EAP XP 1 security update to CVE fixes in the EAP 7.3.x base

This advisory resolves CVE issues filed against XP1 releases that have been fixed in the underlying EAP 7.3.x base. There are no changes to the EAP XP1 code base. NOTE: This advisory is informational only. There are no code changes associated with it. No action is required. Red Hat Product Securi...

9CVSS7.2AI score0.22709EPSS
Exploits3References11
OSV
OSV
added 2021/06/02 2:15 p.m.23 views

CVE-2020-35510

A flaw was found in jboss-remoting in versions before 5.0.20.SP1-redhat-00001. A malicious attacker could cause threads to hold up forever in the EJB server by writing a sequence of bytes corresponding to the expected messages of a successful EJB client request, but omitting the ACK messages, or...

5.9CVSS6.6AI score
Exploits0References1
NVD
NVD
added 2021/06/02 2:15 p.m.38 views

CVE-2020-35510

A flaw was found in jboss-remoting in versions before 5.0.20.SP1-redhat-00001. A malicious attacker could cause threads to hold up forever in the EJB server by writing a sequence of bytes corresponding to the expected messages of a successful EJB client request, but omitting the ACK messages, or...

7.1CVSS0.01089EPSS
Exploits0References1
Cvelist
Cvelist
added 2021/06/02 1:22 p.m.39 views

CVE-2020-35510

A flaw was found in jboss-remoting in versions before 5.0.20.SP1-redhat-00001. A malicious attacker could cause threads to hold up forever in the EJB server by writing a sequence of bytes corresponding to the expected messages of a successful EJB client request, but omitting the ACK messages, or...

6.2AI score0.01089EPSS
Exploits0References1
CNVD
CNVD
added 2021/05/18 12:0 a.m.27 views

Liferay Portal and Liferay DXP have unspecified vulnerabilities (CNVD-2021-62988)

Liferay Portal and Liferay DXP are both products of Liferay, a J2EE-based portal solution that uses EJB and JMS technologies and serves as a web publishing and shared workspace, enterprise collaboration platform, social network, etc. Liferay DXP is a digital experience collaboration platform...

5.3CVSS0.6AI score0.01072EPSS
Exploits0References1
NVD
NVD
added 2021/05/13 2:15 p.m.34 views

CVE-2021-20250

A flaw was found in wildfly. The JBoss EJB client has publicly accessible privileged actions which may lead to information disclosure on the server it is deployed on. The highest threat from this vulnerability is to data confidentiality...

4.3CVSS0.00743EPSS
Exploits0References1
OSV
OSV
added 2021/05/13 2:15 p.m.25 views

CVE-2021-20250

A flaw was found in wildfly. The JBoss EJB client has publicly accessible privileged actions which may lead to information disclosure on the server it is deployed on. The highest threat from this vulnerability is to data confidentiality...

4.3CVSS6.5AI score
Exploits0References1
Prion
Prion
added 2021/05/13 2:15 p.m.26 views

Design/Logic Flaw

A flaw was found in wildfly. The JBoss EJB client has publicly accessible privileged actions which may lead to information disclosure on the server it is deployed on. The highest threat from this vulnerability is to data confidentiality...

4CVSS5.4AI score0.00743EPSS
Exploits0References1Affected Software1
Positive Technologies
Positive Technologies
added 2021/05/13 12:0 a.m.5 views

PT-2021-13857 · Red Hat · Jboss Ejb

Name of the Vulnerable Software and Affected Versions: Wildfly affected versions not specified Description: A flaw was found in the JBoss EJB client, which has publicly accessible privileged actions. This may lead to information disclosure on the server it is deployed on, with the highest threat...

4.3CVSS5AI score0.00743EPSS
Exploits0References5
RedHat Linux
RedHat Linux
added 2021/03/23 2:17 p.m.4 views

jboss-remoting: Threads hold up forever in the EJB server by suppressing the ack from an EJB client

A flaw was found in jboss-remoting. A malicious attacker could cause threads to hold up forever in the EJB server by writing a sequence of bytes corresponding to the expected messages of a successful EJB client request, but omitting the ACK messages, or just tamper with jboss-remoting code,...

7.1CVSS5.8AI score0.01089EPSS
Exploits0References4
Tenable Nessus
Tenable Nessus
added 2021/03/17 12:0 a.m.57 views

RHEL 6 : Red Hat JBoss Enterprise Application Platform 7.3.6 (RHSA-2021:0872)

The remote Redhat Enterprise Linux 6 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2021:0872 advisory. Red Hat JBoss Enterprise Application Platform 7 is a platform for Java applications based on the WildFly application runtime. This release o...

8.1CVSS6.6AI score0.0714EPSS
Exploits2References34
RedHat Linux
RedHat Linux
added 2021/03/16 1:41 p.m.92 views

Moderate: Red Hat Security Advisory: Red Hat JBoss Enterprise Application Platform 7.3.6 security update

A security update is now available for Red Hat JBoss Enterprise Application Platform 7.3 for Red Hat Enterprise Linux 6. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity...

8.1CVSS6.6AI score0.0714EPSS
Exploits2References26
RedHat Linux
RedHat Linux
added 2021/03/16 1:38 p.m.8 views

jboss-remoting: Threads hold up forever in the EJB server by suppressing the ack from an EJB client

A flaw was found in jboss-remoting. A malicious attacker could cause threads to hold up forever in the EJB server by writing a sequence of bytes corresponding to the expected messages of a successful EJB client request, but omitting the ACK messages, or just tamper with jboss-remoting code,...

7.1CVSS5.8AI score0.01089EPSS
Exploits0References4
RedHat Linux
RedHat Linux
added 2021/03/16 1:37 p.m.4 views

jboss-remoting: Threads hold up forever in the EJB server by suppressing the ack from an EJB client

A flaw was found in jboss-remoting. A malicious attacker could cause threads to hold up forever in the EJB server by writing a sequence of bytes corresponding to the expected messages of a successful EJB client request, but omitting the ACK messages, or just tamper with jboss-remoting code,...

7.1CVSS5.8AI score0.01089EPSS
Exploits0References4
RedHat Linux
RedHat Linux
added 2021/03/16 1:19 p.m.5 views

wildfly: Information disclosure due to publicly accessible privileged actions in JBoss EJB Client

A flaw was found in wildfly. The JBoss EJB client has publicly accessible privileged actions which may lead to information disclosure on the server it is deployed on. The highest threat from this vulnerability is to data confidentiality...

4.3CVSS5.8AI score0.00743EPSS
Exploits0References4
RedHat Linux
RedHat Linux
added 2021/03/16 1:19 p.m.4 views

jboss-remoting: Threads hold up forever in the EJB server by suppressing the ack from an EJB client

A flaw was found in jboss-remoting. A malicious attacker could cause threads to hold up forever in the EJB server by writing a sequence of bytes corresponding to the expected messages of a successful EJB client request, but omitting the ACK messages, or just tamper with jboss-remoting code,...

7.1CVSS5.8AI score0.01089EPSS
Exploits0References4
RedhatCVE
RedhatCVE
added 2021/02/17 7:9 a.m.28 views

CVE-2021-20250

A flaw was found in wildfly. The JBoss EJB client has publicly accessible privileged actions which may lead to information disclosure on the server it is deployed on. The highest threat from this vulnerability is to data confidentiality...

4.3CVSS2.2AI score0.00743EPSS
Exploits0References3
RedhatCVE
RedhatCVE
added 2021/01/05 10:30 p.m.34 views

CVE-2020-35510

A flaw was found in jboss-remoting. A malicious attacker could cause threads to hold up forever in the EJB server by writing a sequence of bytes corresponding to the expected messages of a successful EJB client request, but omitting the ACK messages, or just tamper with jboss-remoting code,...

7.1CVSS1.3AI score0.01089EPSS
Exploits0References3
Gitee
Gitee
added 2020/12/05 4:25 p.m.5 views

Exploit for CVE-2019-2888

CVE-2019-2888 WebLogic EJBTaglibDescriptor XXE漏洞 https://www.oracle.com/security-alerts/cpuoct2019.html fernflower.jar weblogic.jar/weblogic/servlet/ejb2jsp/dd/EJBTaglibDescriptor.class ╭─root@jas502n /var ╰─ find ./ |grep EJBTaglibDescriptor  ✔  8388  18:32:43...

7.2CVSS7AI score0.37597EPSS
Exploits9
Rows per page
Query Builder