Vulnerabilities > Redhat > Jboss Enterprise Application Platform

DATE CVE VULNERABILITY TITLE RISK
2019-08-13 CVE-2019-9515 Allocation of Resources Without Limits or Throttling vulnerability in multiple products
Some HTTP/2 implementations are vulnerable to a settings flood, potentially leading to a denial of service.
7.5
2019-08-13 CVE-2019-9514 Allocation of Resources Without Limits or Throttling vulnerability in multiple products
Some HTTP/2 implementations are vulnerable to a reset flood, potentially leading to a denial of service.
7.5
2019-08-13 CVE-2019-9513 Some HTTP/2 implementations are vulnerable to resource loops, potentially leading to a denial of service. 7.5
2019-08-13 CVE-2019-9511 Allocation of Resources Without Limits or Throttling vulnerability in multiple products
Some HTTP/2 implementations are vulnerable to window size manipulation and stream prioritization manipulation, potentially leading to a denial of service.
7.5
2019-07-29 CVE-2019-14379 SubTypeValidator.java in FasterXML jackson-databind before 2.9.9.2 mishandles default typing when ehcache is used (because of net.sf.ehcache.transaction.manager.DefaultTransactionManagerLookup), leading to remote code execution.
network
low complexity
fasterxml debian netapp fedoraproject redhat oracle apple
critical
9.8
2019-07-25 CVE-2019-10184 Missing Authorization vulnerability in multiple products
undertow before version 2.0.23.Final is vulnerable to an information leak issue.
network
low complexity
redhat netapp CWE-862
7.5
2019-06-12 CVE-2019-3873 Cross-site Scripting vulnerability in Redhat products
It was found that Picketlink as shipped with Jboss Enterprise Application Platform 7.2 would accept an xinclude parameter in SAMLresponse XML.
network
low complexity
redhat CWE-79
critical
9.0
2019-06-12 CVE-2019-3872 Cross-site Scripting vulnerability in Redhat products
It was found that a SAMLRequest containing a script could be processed by Picketlink versions shipped in Jboss Application Platform 7.2.x and 7.1.x.
network
low complexity
redhat CWE-79
5.4
2019-05-03 CVE-2019-3894 Unspecified vulnerability in Redhat Jboss Enterprise Application Platform and Wildfly
It was discovered that the ElytronManagedThread in Wildfly's Elytron subsystem in versions from 11 to 16 stores a SecurityIdentity to run the thread as.
network
low complexity
redhat
8.8
2019-05-03 CVE-2019-3805 Improper Privilege Management vulnerability in Redhat Jboss Enterprise Application Platform and Wildfly
A flaw was discovered in wildfly versions up to 16.0.0.Final that would allow local users who are able to execute init.d script to terminate arbitrary processes on the system.
local
high complexity
redhat CWE-269
4.7