Moderate: Red Hat Security Advisory: Red Hat JBoss Web Server 5.5.0 security release

Red Hat JBoss Web Server 5.5.0 zip release is now available for Red Hat Enterprise Linux 7, Red Hat Enterprise Linux 8 and Windows. Red Hat Product Security has rated this release as having a security impact of Moderate. A Common Vulnerability Scoring System CVSS base score, which gives a detaile...

SUSE SLES11 Security Update : java-1_7_1-ibm (SUSE-SU-2020:14588-1)

The remote SUSE Linux SLES11 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2020:14588-1 advisory. - Vulnerability in the Java SE, Java SE Embedded product of Oracle Java SE component: Serialization. Supported versions that are affected are...

Cross-site Scripting (XSS)

Overview org.jboss.resteasy:resteasy-jaxrs is a JCP specification that provides a Java API for RESTful Web Services over the HTTP protocol. Affected versions of this package are vulnerable to Cross-site Scripting XSS. It did not properly handle URL encoding when the RESTEASY003870 exception occur...

Important: Red Hat Security Advisory: Red Hat JBoss Web Server 3.1 Service Pack 12 security update

An update is now available for Red Hat JBoss Web Server 3.1 for RHEL 7. Red Hat Product Security has rated this release as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from...

Netty 环境问题漏洞

Netty is a non-blocking I/O client-server framework from the Netty community that is primarily used to develop Java web applications such as protocol servers and clients. Netty suffers from an environment issue vulnerability which leads to request smuggling...

Netty 环境问题漏洞

Netty is a non-blocking I/O client-server framework from the Netty community that is primarily used to develop Java web applications such as protocol servers and clients. Netty suffers from an environmental issue vulnerability that stems from requests being converted to HTTP 1.1 objects when pass...

EulerOS 2.0 SP3 : java-1.8.0-openjdk (EulerOS-SA-2021-1078)

According to the versions of the java-1.8.0-openjdk packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : - Vulnerability in the Java SE, Java SE Embedded product of Oracle Java SE component: Serialization. Supported versions that are...

Apache Struts 代码注入漏洞

Apache Struts is the United States Apache Apache Software Foundation is responsible for maintaining an open source project , is a set of open source MVC framework for creating enterprise-class Java Web applications , mainly provides two versions of the framework products , Struts 1 and Struts 2. ...

CVE-2018-3180

Vulnerability in the Java SE, Java SE Embedded, JRockit component of Oracle Java SE subcomponent: JSSE. Supported versions that are affected are Java SE: 6u201, 7u191, 8u182 and 11; Java SE Embedded: 8u181; JRockit: R28.3.19. Difficult to exploit vulnerability allows unauthenticated attacker with...

CVE-2018-3149

Vulnerability in the Java SE, Java SE Embedded, JRockit component of Oracle Java SE subcomponent: JNDI. Supported versions that are affected are Java SE: 6u201, 7u191, 8u182 and 11; Java SE Embedded: 8u181; JRockit: R28.3.19. Difficult to exploit vulnerability allows unauthenticated attacker with...

CVE-2020-14797

Vulnerability in the Java SE, Java SE Embedded product of Oracle Java SE component: Libraries. Supported versions that are affected are Java SE: 7u271, 8u261, 11.0.8 and 15; Java SE Embedded: 8u261. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multipl...

CVE-2020-14779

Vulnerability in the Java SE, Java SE Embedded product of Oracle Java SE component: Serialization. Supported versions that are affected are Java SE: 7u271, 8u261, 11.0.8 and 15; Java SE Embedded: 8u261. Difficult to exploit vulnerability allows unauthenticated attacker with network access via...

Design/Logic Flaw

Vulnerability in the Java SE, Java SE Embedded product of Oracle Java SE component: JNDI. Supported versions that are affected are Java SE: 7u271, 8u261, 11.0.8 and 15; Java SE Embedded: 8u261. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple...

Design/Logic Flaw

Vulnerability in the Java SE product of Oracle Java SE component: Libraries. Supported versions that are affected are Java SE: 11.0.8 and 15. Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE. Successful attacks of th...

CVE-2020-14781

Vulnerability in the Java SE, Java SE Embedded product of Oracle Java SE component: JNDI. Supported versions that are affected are Java SE: 7u271, 8u261, 11.0.8 and 15; Java SE Embedded: 8u261. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple...

CVE-2020-14781

CVE-2020-14781 affects Oracle Java SE/SE Embedded (JNDI) with affected versions including Java SE 7u271, 8u261, 11.0.8, 15 and Java SE Embedded 8u261. The vulnerability allows an unauthenticated attacker with network access via multiple protocols to read a subset of Java SE/SE Embedded data. The ...

CVE-2020-14797

Vulnerability in the Java SE, Java SE Embedded product of Oracle Java SE component: Libraries. Supported versions that are affected are Java SE: 7u271, 8u261, 11.0.8 and 15; Java SE Embedded: 8u261. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multipl...

Vulnerabilities fixed in Oracle Java SE

Oracle has fixed vulnerabilities in the following Oracle Database products: Oracle Java SE JDK Oracle Java SE JRE Oracle Java Oracle Java Web Start The vulnerabilities allow an unauthenticated remote malicious person to remote may be able to launch attacks that result in the following categories ...

CVE-2020-14781

Vulnerability in the Java SE, Java SE Embedded product of Oracle Java SE component: JNDI. Supported versions that are affected are Java SE: 7u271, 8u261, 11.0.8 and 15; Java SE Embedded: 8u261. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple...

Unauthorized Modification And Access

Vulnerability in the Java SE, Java SE Embedded product of Oracle Java SE component: Libraries. Supported versions that are affected are Java SE: 7u231, 8u221, 11.0.4 and 13; Java SE Embedded: 8u221. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multipl...