Jboss Enterprise Application Platform@7.1 Security Vulnerabilities and Issues — Jboss Enterprise Application Platform@7.1 CVE List

Lucene search

RedhatJboss Enterprise Application Platform7.1

7 matches found

CVE•added 2018/05/21 5:29 p.m.•518 views

CVE-2018-1067

In Undertow before versions 7.1.2.CR1, 7.1.2.GA it was found that the fix for CVE-2016-4993 was incomplete and Undertow web server is vulnerable to the injection of arbitrary HTTP headers, and also response splitting, due to insufficient sanitization and validation of user input before the input is...

6.1CVSS6.6AI score0.00622EPSS

CVE•added 2018/02/06 3:29 p.m.•400 views

CVE-2017-7525

A deserialization flaw was discovered in the jackson-databind, versions before 2.6.7.1, 2.7.9.1 and 2.8.9, which could allow an unauthenticated user to perform code execution by sending the maliciously crafted input to the readValue method of the ObjectMapper.

9.8CVSS9.2AI score0.77336EPSS

CVE•added 2018/01/10 6:29 p.m.•232 views

CVE-2017-17485

FasterXML jackson-databind through 2.8.10 and 2.9.x through 2.9.3 allows unauthenticated remote code execution because of an incomplete fix for the CVE-2017-7525 deserialization flaw. This is exploitable by sending maliciously crafted JSON input to the readValue method of the ObjectMapper, bypassin...

9.8CVSS9.5AI score0.77336EPSS

CVE•added 2018/03/20 4:29 p.m.•203 views

CVE-2018-8088

org.slf4j.ext.EventData in the slf4j-ext module in QOS.CH SLF4J before 1.8.0-beta2 allows remote attackers to bypass intended access restrictions via crafted data. EventData in the slf4j-ext module in QOS.CH SLF4J, has been fixed in SLF4J versions 1.7.26 later and in the 2.0.x series.

9.8CVSS9.3AI score0.00836EPSS

CVE•added 2018/01/22 4:29 a.m.•184 views

CVE-2018-5968

FasterXML jackson-databind through 2.8.11 and 2.9.x through 2.9.3 allows unauthenticated remote code execution because of an incomplete fix for the CVE-2017-7525 and CVE-2017-17485 deserialization flaws. This is exploitable via two different gadgets that bypass a blacklist.

8.1CVSS9.6AI score0.77336EPSS

CVE•added 2018/01/10 3:29 p.m.•153 views

CVE-2017-7536

In Hibernate Validator 5.2.x before 5.2.5 final, 5.3.x, and 5.4.x, it was found that when the security manager's reflective permissions, which allows it to access the private members of the class, are granted to Hibernate Validator, a potential privilege escalation can occur. By allowing the callin...

7CVSS7.3AI score0.00104EPSS

CVE•added 2018/09/18 1:29 p.m.•98 views

CVE-2018-14642

An information leak vulnerability was found in Undertow. If all headers are not written out in the first write() call then the code that handles flushing the buffer will always write out the full contents of the writevBuffer buffer, which may contain data from previous requests.

5.3CVSS5.4AI score0.00776EPSS