Openshift Application Runtimes Security Vulnerabilities and Issues — Openshift Application Runtimes CVE List

Lucene search

RedhatOpenshift Application Runtimes

10 matches found

CVE•added 2023/09/14 3:15 p.m.•2607 views

CVE-2023-1108

A flaw was found in undertow. This issue makes achieving a denial of service possible due to an unexpected handshake status updated in SslConduit, where the loop never terminates.

7.5CVSS7.3AI score0.01068EPSS

CVE•added 2021/12/14 12:15 p.m.•1094 views

CVE-2021-4104

JMSAppender in Log4j 1.2 is vulnerable to deserialization of untrusted data when the attacker has write access to the Log4j configuration. The attacker can provide TopicBindingName and TopicConnectionFactoryBindingName configurations causing JMSAppender to perform JNDI requests that result in remot...

7.5CVSS9.4AI score0.94358EPSS

CVE•added 2019/07/25 9:15 p.m.•310 views

CVE-2019-10184

undertow before version 2.0.23.Final is vulnerable to an information leak issue. Web apps may have their directory structures predicted through requests without trailing slashes via the api.

7.5CVSS7.2AI score0.01089EPSS

CVE•added 2022/08/23 4:15 p.m.•259 views

CVE-2021-3690

A flaw was found in Undertow. A buffer leak on the incoming WebSocket PONG message may lead to memory exhaustion. This flaw allows an attacker to cause a denial of service. The highest threat from this vulnerability is availability.

7.5CVSS7.1AI score0.00557EPSS

CVE•added 2021/02/23 7:15 p.m.•173 views

CVE-2020-27782

A flaw was found in the Undertow AJP connector. Malicious requests and abrupt connection closes could be triggered by an attacker using query strings with non-RFC compliant characters resulting in a denial of service. The highest threat from this vulnerability is to system availability. This affect...

7.8CVSS7.1AI score0.00313EPSS

CVE•added 2020/10/06 2:15 p.m.•166 views

CVE-2020-25644

A memory leak flaw was found in WildFly OpenSSL in versions prior to 1.1.3.Final, where it removes an HTTP session. It may allow the attacker to cause OOM leading to a denial of service. The highest threat from this vulnerability is to system availability.

7.5CVSS6.9AI score0.00597EPSS

CVE•added 2022/08/31 4:15 p.m.•165 views

CVE-2022-1319

A flaw was found in Undertow. For an AJP 400 response, EAP 7 is improperly sending two response packets, and those packets have the reuse flag set even though JBoss EAP closes the connection. A failure occurs when the connection is reused after a 400 by CPING since it reads in the second SEND_HEADE...

7.5CVSS7.3AI score0.002EPSS

CVE•added 2022/08/31 4:15 p.m.•133 views

CVE-2022-1259

A flaw was found in Undertow. A potential security issue in flow control handling by the browser over HTTP/2 may cause overhead or a denial of service in the server. This flaw exists because of an incomplete fix for CVE-2021-3629.

7.5CVSS6.3AI score0.00151EPSS

CVE•added 2020/06/10 8:15 p.m.•130 views

CVE-2020-10705

A flaw was discovered in Undertow in versions before Undertow 2.1.1.Final where certain requests to the "Expect: 100-continue" header may cause an out of memory error. This flaw may potentially lead to a denial of service.

7.5CVSS7.1AI score0.00384EPSS

CVE•added 2020/09/16 4:15 p.m.•102 views

CVE-2020-10758

A vulnerability was found in Keycloak before 11.0.1 where DoS attack is possible by sending twenty requests simultaneously to the specified keycloak server, all with a Content-Length header value that exceeds the actual byte count of the request body.

7.5CVSS7.2AI score0.00529EPSS