Vulnerabilities > Redhat > Jboss Enterprise Application Platform > 7.1.0
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2018-01-24 | CVE-2018-1048 | Improper Encoding or Escaping of Output vulnerability in Redhat Jboss Enterprise Application Platform 7.1.0 It was found that the AJP connector in undertow, as shipped in Jboss EAP 7.1.0.GA, does not use the ALLOW_ENCODED_SLASH option and thus allow the the slash / anti-slash characters encoded in the url which may lead to path traversal and result in the information disclosure of arbitrary local files. | 7.5 |
| 2018-01-24 | CVE-2018-1047 | Improper Input Validation vulnerability in Redhat products A flaw was found in Wildfly 9.x. | 5.5 |
| 2017-10-14 | CVE-2017-12629 | XXE vulnerability in multiple products Remote code execution occurs in Apache Solr before 7.1 with Apache Lucene before 7.1 by exploiting XXE in conjunction with use of a Config API add-listener command to reach the RunExecutableListener class. | 9.8 |
| 2016-09-27 | CVE-2016-4978 | Deserialization of Untrusted Data vulnerability in multiple products The getObject method of the javax.jms.ObjectMessage class in the (1) JMS Core client, (2) Artemis broker, and (3) Artemis REST component in Apache ActiveMQ Artemis before 1.4.0 might allow remote authenticated users with permission to send messages to the Artemis broker to deserialize arbitrary objects and execute arbitrary code by leveraging gadget classes being present on the Artemis classpath. | 7.2 |