Jboss Enterprise Application Platform

DATE	CVE	VULNERABILITY TITLE	RISK
2024-10-22	CVE-2024-10234	Cross-site Scripting vulnerability in Redhat products A vulnerability was found in Wildfly, where a user may perform Cross-site scripting in the Wildfly deployment system. network low complexity redhat CWE-79	7.3
2024-08-21	CVE-2024-7885	Unspecified vulnerability in Redhat products A vulnerability was found in Undertow where the ProxyProtocolReadListener reuses the same StringBuilder instance across multiple requests. network low complexity redhat	7.5
2024-02-06	CVE-2023-4503	Improper Initialization vulnerability in Redhat products An improper initialization vulnerability was found in Galleon. network low complexity redhat CWE-665	7.5
2023-12-27	CVE-2023-3171	Allocation of Resources Without Limits or Throttling vulnerability in Redhat Jboss Enterprise Application Platform 7.4 A flaw was found in EAP-7 during deserialization of certain classes, which permits instantiation of HashMap and HashTable with no checks on resources consumed. network low complexity redhat CWE-770	7.5
2023-12-18	CVE-2023-48795	Improper Validation of Integrity Check Value vulnerability in multiple products The SSH transport protocol with certain OpenSSH extensions, found in OpenSSH before 9.6 and other products, allows remote attackers to bypass integrity checks such that some packets are omitted (from the extension negotiation message), and a client and server may consequently end up with a connection for which some security features have been downgraded or disabled, aka a Terrapin attack. network high complexity openbsd putty filezilla-project microsoft panic roumenpetrov winscp bitvise lancom-systems vandyke libssh net-ssh ssh2-project proftpd freebsd crates tera-term-project oryx-embedded crushftp netsarang paramiko redhat golang russh-project sftpgo-project erlang matez libssh2 asyncssh-project dropbear-ssh-project jadaptive ssh thorntech netgate connectbot apache tinyssh trilead 9bis gentoo fedoraproject debian apple CWE-354	5.9
2023-12-18	CVE-2023-3628	A flaw was found in Infinispan's REST. network low complexity redhat infinispan	6.5
2023-12-18	CVE-2023-3629	A flaw was found in Infinispan's REST, Cache retrieval endpoints do not properly evaluate the necessary admin permissions for the operation. network low complexity redhat infinispan	6.5
2023-12-12	CVE-2023-5379	Allocation of Resources Without Limits or Throttling vulnerability in Redhat products A flaw was found in Undertow. network low complexity redhat CWE-770	7.5
2023-11-08	CVE-2023-4061	Unspecified vulnerability in Redhat products A flaw was found in wildfly-core. network low complexity redhat	6.5
2023-10-10	CVE-2023-44487	The HTTP/2 protocol allows a denial of service (server resource consumption) because request cancellation can reset many streams quickly, as exploited in the wild in August through October 2023. network low complexity ietf nghttp2 netty envoyproxy eclipse caddyserver golang f5 apache apple grpc microsoft nodejs dena facebook amazon debian kazu-yamamoto istio varnish-cache-project traefik projectcontour linkerd linecorp redhat fedoraproject netapp akka konghq jenkins openresty cisco	7.5