Vulnerabilities > Redhat > Jboss Enterprise Application Platform > 7.0.0
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2019-05-03 | CVE-2019-3894 | Unspecified vulnerability in Redhat Jboss Enterprise Application Platform and Wildfly It was discovered that the ElytronManagedThread in Wildfly's Elytron subsystem in versions from 11 to 16 stores a SecurityIdentity to run the thread as. | 6.5 |
| 2019-05-03 | CVE-2019-3805 | Improper Privilege Management vulnerability in Redhat Jboss Enterprise Application Platform and Wildfly A flaw was discovered in wildfly versions up to 16.0.0.Final that would allow local users who are able to execute init.d script to terminate arbitrary processes on the system. | 4.7 |
| 2018-09-10 | CVE-2016-7061 | Information Exposure vulnerability in Redhat Jboss Enterprise Application Platform An information disclosure vulnerability was found in JBoss Enterprise Application Platform before 7.0.4. | 6.5 |
| 2018-07-27 | CVE-2017-2670 | Infinite Loop vulnerability in multiple products It was found in Undertow before 1.3.28 that with non-clean TCP close, the Websocket server gets into infinite loop on every IO thread, effectively causing DoS. | 5.0 |
| 2018-07-27 | CVE-2017-2595 | Path Traversal vulnerability in Redhat Jboss Enterprise Application Platform It was found that the log file viewer in Red Hat JBoss Enterprise Application 6 and 7 allows arbitrary file read to authenticated user via path traversal. | 4.0 |
| 2018-07-27 | CVE-2017-12165 | HTTP Request Smuggling vulnerability in Redhat Jboss Enterprise Application Platform and Undertow It was discovered that Undertow before 1.4.17, 1.3.31 and 2.0.0 processes http request headers with unusual whitespaces which can cause possible http request smuggling. | 5.0 |
| 2018-07-27 | CVE-2017-2666 | HTTP Request Smuggling vulnerability in multiple products It was discovered in Undertow that the code that parsed the HTTP request line permitted invalid characters. | 6.4 |
| 2018-07-26 | CVE-2017-2582 | Information Exposure vulnerability in Redhat Jboss Enterprise Application Platform and Keycloak It was found that while parsing the SAML messages the StaxParserUtil class of keycloak before 2.5.1 replaces special strings for obtaining attribute values with system property. | 4.0 |
| 2018-07-26 | CVE-2017-12167 | Information Exposure vulnerability in Redhat Jboss Enterprise Application Platform It was found in EAP 7 before 7.0.9 that properties based files of the management and the application realm configuration that contain user to role mapping are world readable allowing access to users and roles information to all the users logged in to the system. | 2.1 |
| 2018-06-27 | CVE-2017-7465 | XXE vulnerability in Redhat Jboss Enterprise Application Platform 7.0.0 It was found that the JAXP implementation used in JBoss EAP 7.0 for XSLT processing is vulnerable to code injection. | 9.8 |