Vulnerabilities > Redhat > Jboss Enterprise Application Platform > High

DATE CVE VULNERABILITY TITLE RISK
2024-10-22 CVE-2024-10234 Cross-site Scripting vulnerability in Redhat products
A vulnerability was found in Wildfly, where a user may perform Cross-site scripting in the Wildfly deployment system.
network
low complexity
redhat CWE-79
7.3
2024-08-21 CVE-2024-7885 Unspecified vulnerability in Redhat products
A vulnerability was found in Undertow where the ProxyProtocolReadListener reuses the same StringBuilder instance across multiple requests.
network
low complexity
redhat
7.5
2024-02-06 CVE-2023-4503 Unspecified vulnerability in Redhat products
An improper initialization vulnerability was found in Galleon.
network
low complexity
redhat
7.5
2023-12-27 CVE-2023-3171 Allocation of Resources Without Limits or Throttling vulnerability in Redhat Jboss Enterprise Application Platform 7.4
A flaw was found in EAP-7 during deserialization of certain classes, which permits instantiation of HashMap and HashTable with no checks on resources consumed.
network
low complexity
redhat CWE-770
7.5
2023-12-12 CVE-2023-5379 Allocation of Resources Without Limits or Throttling vulnerability in Redhat products
A flaw was found in Undertow.
network
low complexity
redhat CWE-770
7.5
2023-10-10 CVE-2023-44487 The HTTP/2 protocol allows a denial of service (server resource consumption) because request cancellation can reset many streams quickly, as exploited in the wild in August through October 2023. 7.5
2023-09-27 CVE-2023-3223 Unspecified vulnerability in Redhat products
A flaw was found in undertow.
network
low complexity
redhat
7.5
2023-09-14 CVE-2023-1108 Infinite Loop vulnerability in multiple products
A flaw was found in undertow.
network
low complexity
redhat netapp CWE-835
7.5
2023-02-23 CVE-2022-4492 Unspecified vulnerability in Redhat products
The undertow client is not checking the server identity presented by the server certificate in https connections.
network
low complexity
redhat
7.5
2023-01-13 CVE-2022-3143 Information Exposure Through Discrepancy vulnerability in Redhat products
wildfly-elytron: possible timing attacks via use of unsafe comparator.
network
high complexity
redhat CWE-203
7.4