Product:

Jboss_enterprise_application_platform

(Redhat)
Repositories https://github.com/FasterXML/jackson-databind
https://github.com/qos-ch/slf4j
https://github.com/bcgit/bc-java
https://github.com/apache/cxf
https://github.com/dom4j/dom4j
#Vulnerabilities 223
Date Id Summary Products Score Patch Annotated
2018-07-27 CVE-2017-2670 It was found in Undertow before 1.3.28 that with non-clean TCP close, the Websocket server gets into infinite loop on every IO thread, effectively causing DoS. Debian_linux, Jboss_enterprise_application_platform, Undertow 7.5
2018-07-27 CVE-2017-2666 It was discovered in Undertow that the code that parsed the HTTP request line permitted invalid characters. This could be exploited, in conjunction with a proxy that also permitted the invalid characters but with a different interpretation, to inject data into the HTTP response. By manipulating the HTTP response the attacker could poison a web-cache, perform an XSS attack, or obtain sensitive information from requests other than their own. Debian_linux, Jboss_enterprise_application_platform, Undertow 6.5
2018-07-27 CVE-2017-2595 It was found that the log file viewer in Red Hat JBoss Enterprise Application 6 and 7 allows arbitrary file read to authenticated user via path traversal. Jboss_enterprise_application_platform 6.5
2018-04-18 CVE-2017-12196 undertow before versions 1.4.18.SP1, 2.0.2.Final, 1.4.24.Final was found vulnerable when using Digest authentication, the server does not ensure that the value of URI in the Authorization header matches the URI in HTTP request line. This allows the attacker to cause a MITM attack and access the desired content on the server. Jboss_enterprise_application_platform, Jboss_fuse, Undertow, Virtualization 5.9
2018-01-10 CVE-2017-12189 It was discovered that the jboss init script as used in Red Hat JBoss Enterprise Application Platform 7.0.7.GA performed unsafe file handling which could result in local privilege escalation. This issue is a result of an incomplete fix for CVE-2016-8656. Enterprise_linux, Jboss_enterprise_application_platform 7.8
2018-07-26 CVE-2017-12167 It was found in EAP 7 before 7.0.9 that properties based files of the management and the application realm configuration that contain user to role mapping are world readable allowing access to users and roles information to all the users logged in to the system. Jboss_enterprise_application_platform 5.5
2018-07-27 CVE-2017-12165 It was discovered that Undertow before 1.4.17, 1.3.31 and 2.0.0 processes http request headers with unusual whitespaces which can cause possible http request smuggling. Jboss_enterprise_application_platform, Undertow 7.5
2018-03-09 CVE-2016-9585 Red Hat JBoss EAP version 5 is vulnerable to a deserialization of untrusted data in the JMX endpoint when deserializes the credentials passed to it. An attacker could exploit this vulnerability resulting in a denial of service attack. Jboss_enterprise_application_platform 5.3
2013-07-29 CVE-2011-1483 wsf/common/DOMUtils.java in JBossWS Native in Red Hat JBoss Enterprise Application Platform 4.2.0.CP09, 4.3, and 5.1.1; JBoss Enterprise Portal Platform 4.3.CP06 and 5.1.1; JBoss Enterprise SOA Platform 4.2.CP05, 4.3.CP05, and 5.1.0; JBoss Communications Platform 1.2.11 and 5.1.1; JBoss Enterprise BRMS Platform 5.1.0; and JBoss Enterprise Web Platform 5.1.1 does not properly handle recursion during entity expansion, which allows remote attackers to cause a denial of service (memory and CPU... Network_node_manager_i, Jboss_communications_platform, Jboss_enterprise_application_platform, Jboss_enterprise_brms_platform, Jboss_enterprise_portal_platform, Jboss_enterprise_soa_platform, Jboss_enterprise_web_platform N/A
2017-09-13 CVE-2017-7561 Red Hat JBoss EAP version 3.0.7 through before 4.0.0.Beta1 is vulnerable to a server-side cache poisoning or CORS requests in the JAX-RS component resulting in a moderate impact. Jboss_enterprise_application_platform 7.5