Vulnerabilities > Redhat > Jboss Enterprise Application Platform > Medium

DATE CVE VULNERABILITY TITLE RISK
2019-08-13 CVE-2019-9516 Allocation of Resources Without Limits or Throttling vulnerability in multiple products
Some HTTP/2 implementations are vulnerable to a header leak, potentially leading to a denial of service.
6.5
2019-06-12 CVE-2019-3872 Cross-site Scripting vulnerability in Redhat products
It was found that a SAMLRequest containing a script could be processed by Picketlink versions shipped in Jboss Application Platform 7.2.x and 7.1.x.
network
low complexity
redhat CWE-79
5.4
2019-05-03 CVE-2019-3805 Improper Privilege Management vulnerability in Redhat Jboss Enterprise Application Platform and Wildfly
A flaw was discovered in wildfly versions up to 16.0.0.Final that would allow local users who are able to execute init.d script to terminate arbitrary processes on the system.
local
high complexity
redhat CWE-269
4.7
2019-03-27 CVE-2018-10934 Cross-site Scripting vulnerability in Redhat products
A cross-site scripting (XSS) vulnerability was found in the JBoss Management Console versions before 7.1.6.CR1, 7.1.6.GA.
network
low complexity
redhat CWE-79
5.4
2018-09-18 CVE-2018-14642 Information Exposure vulnerability in Redhat Jboss Enterprise Application Platform and Undertow
An information leak vulnerability was found in Undertow.
network
low complexity
redhat CWE-200
5.3
2018-09-10 CVE-2016-7061 Information Exposure vulnerability in Redhat Jboss Enterprise Application Platform
An information disclosure vulnerability was found in JBoss Enterprise Application Platform before 7.0.4.
network
low complexity
redhat CWE-200
6.5
2018-07-27 CVE-2017-2595 Path Traversal vulnerability in Redhat Jboss Enterprise Application Platform
It was found that the log file viewer in Red Hat JBoss Enterprise Application 6 and 7 allows arbitrary file read to authenticated user via path traversal.
network
low complexity
redhat CWE-22
6.5
2018-07-27 CVE-2018-10862 Path Traversal vulnerability in Redhat products
WildFly Core before version 6.0.0.Alpha3 does not properly validate file paths in .war archives, allowing for the extraction of crafted .war archives to overwrite arbitrary files.
local
low complexity
redhat CWE-22
5.5
2018-07-27 CVE-2017-2666 HTTP Request Smuggling vulnerability in multiple products
It was discovered in Undertow that the code that parsed the HTTP request line permitted invalid characters.
network
low complexity
redhat debian CWE-444
6.5
2018-07-26 CVE-2017-2582 Information Exposure vulnerability in Redhat Keycloak
It was found that while parsing the SAML messages the StaxParserUtil class of keycloak before 2.5.1 replaces special strings for obtaining attribute values with system property.
network
low complexity
redhat CWE-200
6.5