Vulnerabilities > Redhat > Jboss Enterprise Application Platform > High

DATE CVE VULNERABILITY TITLE RISK
2019-08-13 CVE-2019-9511 Allocation of Resources Without Limits or Throttling vulnerability in multiple products
Some HTTP/2 implementations are vulnerable to window size manipulation and stream prioritization manipulation, potentially leading to a denial of service.
7.5
2019-07-25 CVE-2019-10184 Missing Authorization vulnerability in multiple products
undertow before version 2.0.23.Final is vulnerable to an information leak issue.
network
low complexity
redhat netapp CWE-862
7.5
2019-05-03 CVE-2019-3894 Unspecified vulnerability in Redhat Jboss Enterprise Application Platform and Wildfly
It was discovered that the ElytronManagedThread in Wildfly's Elytron subsystem in versions from 11 to 16 stores a SecurityIdentity to run the thread as.
network
low complexity
redhat
8.8
2019-03-21 CVE-2018-12023 Deserialization of Untrusted Data vulnerability in multiple products
An issue was discovered in FasterXML jackson-databind prior to 2.7.9.4, 2.8.11.2, and 2.9.6.
7.5
2019-03-21 CVE-2018-12022 Deserialization of Untrusted Data vulnerability in multiple products
An issue was discovered in FasterXML jackson-databind prior to 2.7.9.4, 2.8.11.2, and 2.9.6.
7.5
2018-09-11 CVE-2016-7066 Permission Issues vulnerability in Redhat Jboss Enterprise Application Platform
It was found that the improper default permissions on /tmp/auth directory in JBoss Enterprise Application Platform before 7.1.0 can allow any local user to connect to CLI and allow the user to execute any arbitrary operations.
local
low complexity
redhat CWE-275
7.8
2018-08-20 CVE-2018-1000632 XML Injection (aka Blind XPath Injection) vulnerability in multiple products
dom4j version prior to version 2.1.1 contains a CWE-91: XML Injection vulnerability in Class: Element.
network
low complexity
dom4j-project debian oracle redhat netapp CWE-91
7.5
2018-08-02 CVE-2018-1336 Infinite Loop vulnerability in multiple products
An improper handing of overflow in the UTF-8 decoder with supplementary characters can lead to an infinite loop in the decoder causing a Denial of Service.
network
low complexity
apache redhat debian canonical CWE-835
7.5
2018-07-31 CVE-2016-8657 Permissions, Privileges, and Access Controls vulnerability in Redhat Jboss Enterprise Application Platform 5.0.0/6.0.0/6.4.0
It was discovered that EAP packages in certain versions of Red Hat Enterprise Linux use incorrect permissions for /etc/sysconfig/jbossas configuration files.
local
low complexity
redhat CWE-264
7.8
2018-07-27 CVE-2017-2670 Infinite Loop vulnerability in multiple products
It was found in Undertow before 1.3.28 that with non-clean TCP close, the Websocket server gets into infinite loop on every IO thread, effectively causing DoS.
network
low complexity
redhat debian CWE-835
7.5