Vulnerabilities > Redhat > Jboss Fuse > High

DATE CVE VULNERABILITY TITLE RISK
2024-08-21 CVE-2024-7885 Unspecified vulnerability in Redhat products
A vulnerability was found in Undertow where the ProxyProtocolReadListener reuses the same StringBuilder instance across multiple requests.
network
low complexity
redhat
7.5
2023-10-10 CVE-2023-44487 The HTTP/2 protocol allows a denial of service (server resource consumption) because request cancellation can reset many streams quickly, as exploited in the wild in August through October 2023. 7.5
2023-02-23 CVE-2022-4492 Unspecified vulnerability in Redhat products
The undertow client is not checking the server identity presented by the server certificate in https connections.
network
low complexity
redhat
7.5
2022-08-05 CVE-2022-2053 Resource Exhaustion vulnerability in Redhat Integration Camel K, Jboss Fuse and Undertow
When a POST request comes through AJP and the request exceeds the max-post-size limit (maxEntitySize), Undertow's AjpServerRequestConduit implementation closes a connection without sending any response to the client/proxy.
network
low complexity
redhat CWE-400
7.5
2021-12-14 CVE-2021-4104 Deserialization of Untrusted Data vulnerability in multiple products
JMSAppender in Log4j 1.2 is vulnerable to deserialization of untrusted data when the attacker has write access to the Log4j configuration.
network
high complexity
apache fedoraproject redhat oracle CWE-502
7.5
2021-03-16 CVE-2021-20218 Unspecified vulnerability in Redhat products
A flaw was found in the fabric8 kubernetes-client in version 4.2.0 and after.
network
high complexity
redhat
7.4
2021-02-23 CVE-2020-27782 Unspecified vulnerability in Redhat products
A flaw was found in the Undertow AJP connector.
network
low complexity
redhat
7.5
2020-10-06 CVE-2020-25644 Memory Leak vulnerability in multiple products
A memory leak flaw was found in WildFly OpenSSL in versions prior to 1.1.3.Final, where it removes an HTTP session.
network
low complexity
redhat netapp CWE-401
7.5
2020-09-23 CVE-2020-10714 A flaw was found in WildFly Elytron version 1.11.3.Final and before.
network
high complexity
redhat netapp
7.5
2020-09-16 CVE-2020-10718 Unspecified vulnerability in Redhat Jboss Fuse and Wildfly
A flaw was found in Wildfly before wildfly-embedded-13.0.0.Final, where the embedded managed process API has an exposed setting of the Thread Context Classloader (TCCL).
network
low complexity
redhat
7.5