Vulnerabilities > Redhat > Jboss Enterprise Application Platform

DATE CVE VULNERABILITY TITLE RISK
2020-01-29 CVE-2019-20444 HTTP Request Smuggling vulnerability in multiple products
HttpObjectDecoder.java in Netty before 4.1.44 allows an HTTP header that lacks a colon, which might be interpreted as a separate header with an incorrect syntax, or might be interpreted as an "invalid fold."
network
low complexity
netty debian fedoraproject canonical redhat CWE-444
critical
9.1
2020-01-27 CVE-2020-7238 HTTP Request Smuggling vulnerability in multiple products
Netty 4.1.43.Final allows HTTP Request Smuggling because it mishandles Transfer-Encoding whitespace (such as a [space]Transfer-Encoding:chunked line) and a later Content-Length header.
network
low complexity
netty fedoraproject debian redhat CWE-444
7.5
2020-01-23 CVE-2019-14885 Information Exposure Through Log Files vulnerability in Redhat products
A flaw was found in the JBoss EAP Vault system in all versions before 7.2.6.GA.
network
low complexity
redhat CWE-532
4.3
2020-01-23 CVE-2012-5626 Unspecified vulnerability in Redhat products
EJB method in Red Hat JBoss BRMS 5; Red Hat JBoss Enterprise Application Platform 5; Red Hat JBoss Operations Network 3.1; Red Hat JBoss Portal 4 and 5; Red Hat JBoss SOA Platform 4.2, 4.3, and 5; in Red Hat JBoss Enterprise Web Server 1 ignores roles specified using the @RunAs annotation.
network
low complexity
redhat
7.5
2020-01-23 CVE-2019-14888 A vulnerability was found in the Undertow HTTP server in versions before 2.0.28.SP1 when listening on HTTPS.
network
low complexity
redhat netapp
7.5
2020-01-08 CVE-2019-14820 Unspecified vulnerability in Redhat products
It was found that keycloak before version 8.0.0 exposes internal adapter endpoints in org.keycloak.constants.AdapterConstants, which can be invoked via a specially-crafted URL.
network
low complexity
redhat
4.3
2020-01-07 CVE-2019-14843 Incorrect Authorization vulnerability in Redhat products
A flaw was found in Wildfly Security Manager, running under JDK 11 or 8, that authorized requests for any requester.
network
low complexity
redhat CWE-863
8.8
2020-01-02 CVE-2014-0169 Incorrect Authorization vulnerability in Redhat Jboss Enterprise Application Platform 6.0.0
In JBoss EAP 6 a security domain is configured to use a cache that is shared between all applications that are in the security domain.
network
low complexity
redhat CWE-863
6.5
2019-12-18 CVE-2012-2312 Improper Privilege Management vulnerability in Redhat products
An Elevated Privileges issue exists in JBoss AS 7 Community Release due to the improper implementation in the security context propagation, A threat gets reused from the thread pool that still retains the security context from the process last used, which lets a local user obtain elevated privileges.
local
low complexity
redhat CWE-269
7.8
2019-12-11 CVE-2013-6495 Cross-site Scripting vulnerability in Redhat products
JBossWeb Bayeux has reflected XSS
network
low complexity
redhat CWE-79
6.1