Jboss Fuse Security Vulnerabilities and Issues — Jboss Fuse CVE List

Lucene search

RedhatJboss Fuse

4 matches found

CVE•added 2018/04/18 1:29 a.m.•445 views

CVE-2017-12196

undertow before versions 1.4.18.SP1, 2.0.2.Final, 1.4.24.Final was found vulnerable when using Digest authentication, the server does not ensure that the value of URI in the Authorization header matches the URI in HTTP request line. This allows the attacker to cause a MITM attack and access the des...

5.9CVSS5.6AI score0.00226EPSS

CVE•added 2021/08/05 9:15 p.m.•166 views

CVE-2021-3642

A flaw was found in Wildfly Elytron in versions prior to 1.10.14.Final, prior to 1.15.5.Final and prior to 1.16.1.Final where ScramServer may be susceptible to Timing Attack if enabled. The highest threat of this vulnerability is confidentiality.

5.3CVSS5.3AI score0.00234EPSS

CVE•added 2021/06/02 1:15 p.m.•131 views

CVE-2020-14340

A vulnerability was discovered in XNIO where file descriptor leak caused by growing amounts of NIO Selector file handles between garbage collection cycles. It may allow the attacker to cause a denial of service. It affects XNIO versions 3.6.0.Beta1 through 3.8.1.Final.

5.9CVSS5.5AI score0.00344EPSS

CVE•added 2018/08/01 2:29 p.m.•50 views

CVE-2016-8653

It was found that the JMX endpoint of Red Hat JBoss Fuse 6, and Red Hat A-MQ 6 deserializes the credentials passed to it. An attacker could use this flaw to launch a denial of service attack.

5.3CVSS5.2AI score0.00345EPSS