Lucene search
K

5 matches found

OSV
OSV
added 2022/09/01 9:15 p.m.2 views

DEBIAN-CVE-2022-2764

A flaw was found in Undertow. Denial of service can be achieved as Undertow server waits for the LASTCHUNK forever for EJB invocations...

4.9CVSS5.9AI score0.00787EPSS
Exploits0References1
ATTACKERKB
ATTACKERKB
added 2022/05/10 9:15 p.m.6 views

CVE-2022-0866

This is a concurrency issue that can result in the wrong caller principal being returned from the session context of an EJB that is configured with a RunAs principal. In particular, the org.jboss.as.ejb3.component.EJBComponent class has an incomingRunAsIdentity field. This field is used by the...

5.3CVSS5.9AI score0.00842EPSS
Exploits0References2
RedHat Linux
RedHat Linux
added 2020/09/07 1:5 p.m.4 views

wildfly: Some EJB transaction objects may get accumulated causing Denial of Service

A flaw was found in Wildfly's EJB Client, where the accumulation of specific EJB transaction objects over time can cause services to slow down and eventually become unavailable. This flaw allows an attacker to cause a denial of service. The highest threat from this vulnerability is to system...

6.5CVSS5.7AI score0.01203EPSS
Exploits0References4
RedHat Linux
RedHat Linux
added 2014/08/06 2:52 p.m.4 views

WS: Incomplete fix for CVE-2013-2133

It was found that the fix for CVE-2013-2133 was incomplete: the JAX-WS handlers were being executed for outbound messages even when authorization had failed. A remote attacker who is authorized to access the EJB class, could invoke a JAX-WS handler which they were not authorized to invoke...

5.5CVSS5.8AI score0.01809EPSS
Exploits0References4
RedHat Linux
RedHat Linux
added 2013/08/12 6:27 p.m.2 views

ejb-client: Session fixation due improper connection caching

Red Hat JBoss Enterprise Application Platform EAP 6.1.0 does not properly cache EJB invocations by the EJB client API, which allows remote attackers to hijack sessions by using an EJB client...

6.4CVSS5.9AI score0.02473EPSS
Exploits1References4
Rows per page
Query Builder