7 matches found
CVE-2023-44487
CVE-2023-44487 – HTTP/2 Rapid Reset DoS Root cause: HTTP/2 stream resets can cause servers to continue processing, leading to unbounded resource consumption and potential DoS when clients rapidly cancel streams. What’s affected: Various HTTP/2 implementations and deployments, including servers, p...
CVE-2023-1108
CVE-2023-1108 affects Undertow within Red Hat JBoss EAP 7.3.x (SSLConduit) where an infinite loop on close can cause DoS. Connected RHSA-2025-9583 confirms the issue and indicates a fix in the eap-7.3.z line (Patched Undertow). Remediation is to upgrade to the patched EAP 7.3.x release (eap-7.3.z...
CVE-2022-41862
CVE-2022-41862 affects PostgreSQL libpq/client memory disclosure when connecting with Kerberos to a modified server. Connected documents confirm impact across multiple package tracks (libpq for AL2/Linux distros and PostgreSQL server/client suites for various versions, including 12.x–15.x), with ...
CVE-2021-3536
CVE-2021-3536 concerns WildFly/JBoss EAP domain-mode admin console vulnerability allowing XSS via the name field when creating roles, affecting Confidentiality and Integrity. Affected software is WildFly (prior to 23.0.2.Final). The issue arises in the domain mode role-creation flow and can be tr...
CVE-2023-4853
CVE-2023-4853 affects Quarkus, where HTTP security policy sanitization fails for certain character permutations in requests. The root cause is improper sanitization, allowing bypass of the security policy and potentially granting unauthorized access to endpoints and causing denial of service. The...
CVE-2022-4492
CVE-2022-4492 is linked to Undertow: the undertow client does not verify the server identity presented by the server certificate in HTTPS connections, a TLS-level check that should be performed by default. This can enable weaknesses in TLS client verification and potential MITM scenarios. Connect...
CVE-2022-1278
Summary: CVE-2022-1278 affects WildFly and relates to information disclosure via the trace payload, allowing an attacker to view deployment names, endpoints, and other data contained in traces. What is affected: WildFly stack (as referenced across CVE listings and Red Hat advisories) with exposur...