Lucene search

Veracode Vulnerability DatabaseVERACODE:25388

HistoryMay 13, 2020 - 3:23 a.m.

Privilege Escalation

2020-05-1303:23:37

Veracode Vulnerability Database

sca.analysiscenter.veracode.com

6.5 Medium

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

LOW

Integrity Impact

LOW

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N

6.4 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:L/Au:N/C:P/I:P/A:N

JSON

undertow is vulnerable to privilege escalation. The vulnerability exists through invalid HTTP request with large chunk size.

CPENameOperatorVersion
eap7-weld-cdi-2.0-apieq2.0.0__3.SP1_redhat_00001.1.el6eap
eap7-weld-cdi-2.0-apieq2.0.0__3.SP1_redhat_00001.1.el8eap
eap7-weld-cdi-2.0-apieq2.0.0__3.SP1_redhat_00001.1.el7eap
eap7-smallrye-configeq1.3.4__1.redhat_00001.1.el8eap
eap7-smallrye-configeq1.3.6__1.SP01_redhat_00001.1.el8eap
eap7-smallrye-configeq1.3.4__1.redhat_00001.1.el6eap
eap7-smallrye-configeq1.3.6__1.redhat_00001.1.el7eap
eap7-smallrye-configeq1.3.4__1.redhat_00001.1.el7eap
eap7-jboss-threadseq2.2.1__1.Final_redhat_1.1.ep7.el7
eap7-jboss-threadseq2.3.2__2.Final_redhat_1.1.el8eap

Name	Operator	Version
eap7-weld-cdi-2.0-api	eq	2.0.0__3.SP1_redhat_00001.1.el6eap
eap7-weld-cdi-2.0-api	eq	2.0.0__3.SP1_redhat_00001.1.el8eap
eap7-weld-cdi-2.0-api	eq	2.0.0__3.SP1_redhat_00001.1.el7eap
eap7-smallrye-config	eq	1.3.4__1.redhat_00001.1.el8eap
eap7-smallrye-config	eq	1.3.6__1.SP01_redhat_00001.1.el8eap
eap7-smallrye-config	eq	1.3.4__1.redhat_00001.1.el6eap
eap7-smallrye-config	eq	1.3.6__1.redhat_00001.1.el7eap
eap7-smallrye-config	eq	1.3.4__1.redhat_00001.1.el7eap
eap7-jboss-threads	eq	2.2.1__1.Final_redhat_1.1.ep7.el7
eap7-jboss-threads	eq	2.3.2__2.Final_redhat_1.1.el8eap

Rows per page:

1-10 of 22781

References

access.redhat.com/documentation/en-us/red_hat_jboss_enterprise_application_platform/7.2/

access.redhat.com/documentation/en-us/red_hat_jboss_enterprise_application_platform/7.2/html-single/installation_guide/

access.redhat.com/errata/RHSA-2020:2060

access.redhat.com/security/updates/classification/#important

bugzilla.redhat.com/show_bug.cgi?id=CVE-2020-10719

issues.redhat.com/browse/JBEAP-18071

issues.redhat.com/browse/JBEAP-18267

issues.redhat.com/browse/JBEAP-18278

issues.redhat.com/browse/JBEAP-18423

issues.redhat.com/browse/JBEAP-18438

issues.redhat.com/browse/JBEAP-18503

issues.redhat.com/browse/JBEAP-18506

issues.redhat.com/browse/JBEAP-18536

issues.redhat.com/browse/JBEAP-18595

issues.redhat.com/browse/JBEAP-18616

issues.redhat.com/browse/JBEAP-18628

issues.redhat.com/browse/JBEAP-18631

issues.redhat.com/browse/JBEAP-18639

issues.redhat.com/browse/JBEAP-18646

issues.redhat.com/browse/JBEAP-18652

issues.redhat.com/browse/JBEAP-18664

issues.redhat.com/browse/JBEAP-18724

issues.redhat.com/browse/JBEAP-18729

issues.redhat.com/browse/JBEAP-18787

issues.redhat.com/browse/JBEAP-18789

issues.redhat.com/browse/JBEAP-18817

issues.redhat.com/browse/JBEAP-18827

issues.redhat.com/browse/JBEAP-18835

issues.redhat.com/browse/JBEAP-18885

issues.redhat.com/browse/JBEAP-18887

issues.redhat.com/browse/JBEAP-18931

issues.redhat.com/browse/JBEAP-18988

issues.redhat.com/browse/JBEAP-18989

issues.redhat.com/browse/JBEAP-19233

issues.redhat.com/browse/JBEAP-19234

security.netapp.com/advisory/ntap-20220210-0014/

6.5 Medium

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

LOW

Integrity Impact

LOW

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N

6.4 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:L/Au:N/C:P/I:P/A:N

JSON

Related for VERACODE:25388