Vulnerabilities > Redhat > Jboss Enterprise Application Platform > 6.0.0

DATE	CVE	VULNERABILITY TITLE	RISK
2023-10-10	CVE-2023-44487	The HTTP/2 protocol allows a denial of service (server resource consumption) because request cancellation can reset many streams quickly, as exploited in the wild in August through October 2023. network low complexity ietf nghttp2 netty envoyproxy eclipse caddyserver golang f5 apache apple grpc microsoft nodejs dena facebook amazon debian kazu-yamamoto istio varnish-cache-project traefik projectcontour linkerd linecorp redhat fedoraproject netapp akka konghq jenkins openresty cisco	7.5
2021-12-14	CVE-2021-4104	Deserialization of Untrusted Data vulnerability in multiple products JMSAppender in Log4j 1.2 is vulnerable to deserialization of untrusted data when the attacker has write access to the Log4j configuration. network high complexity apache fedoraproject redhat oracle CWE-502	7.5
2021-06-02	CVE-2020-14340	A vulnerability was discovered in XNIO where file descriptor leak caused by growing amounts of NIO Selector file handles between garbage collection cycles. network high complexity redhat oracle	5.9
2021-03-23	CVE-2019-19343	Improper Resource Shutdown or Release vulnerability in multiple products A flaw was found in Undertow when using Remoting as shipped in Red Hat Jboss EAP before version 7.2.4. network low complexity redhat netapp CWE-404	7.5
2020-09-09	CVE-2020-14384	Unspecified vulnerability in Redhat Jboss Enterprise Application Platform and Jbossweb A flaw was found in JBossWeb in versions before 7.5.31.Final-redhat-3. network low complexity redhat	7.5
2020-01-23	CVE-2019-14885	Information Exposure Through Log Files vulnerability in Redhat products A flaw was found in the JBoss EAP Vault system in all versions before 7.2.6.GA. network low complexity redhat CWE-532	4.3
2020-01-02	CVE-2014-0169	Incorrect Authorization vulnerability in Redhat Jboss Enterprise Application Platform 6.0.0 In JBoss EAP 6 a security domain is configured to use a cache that is shared between all applications that are in the security domain. network low complexity redhat CWE-863	6.5
2019-12-18	CVE-2012-2312	Improper Privilege Management vulnerability in Redhat products An Elevated Privileges issue exists in JBoss AS 7 Community Release due to the improper implementation in the security context propagation, A threat gets reused from the thread pool that still retains the security context from the process last used, which lets a local user obtain elevated privileges. local low complexity redhat CWE-269	7.8
2019-12-11	CVE-2013-6495	Cross-site Scripting vulnerability in Redhat products JBossWeb Bayeux has reflected XSS network low complexity redhat CWE-79	6.1
2019-05-03	CVE-2019-3805	Improper Privilege Management vulnerability in Redhat Jboss Enterprise Application Platform and Wildfly A flaw was discovered in wildfly versions up to 16.0.0.Final that would allow local users who are able to execute init.d script to terminate arbitrary processes on the system. local high complexity redhat CWE-269	4.7

CVE is a registered MITRE Corporation trademark and MITRE's CVE website is the authoritative source of CVE content. CWE is a registered MITRE Corporation trademark and MITRE's CWE website is the authoritative source of CWE content.