Filtered by vendor Redhat
Subscriptions
Filtered by product Jboss Fuse
Subscriptions
Total
563 CVE
CVE | Vendors | Products | Updated | CVSS v3.1 |
---|---|---|---|---|
CVE-2023-36479 | 3 Debian, Eclipse, Redhat | 7 Debian Linux, Jetty, Jboss Fuse and 4 more | 2024-11-21 | 3.5 Low |
Eclipse Jetty Canonical Repository is the canonical repository for the Jetty project. Users of the CgiServlet with a very specific command structure may have the wrong command executed. If a user sends a request to a org.eclipse.jetty.servlets.CGI Servlet for a binary with a space in its name, the servlet will escape the command by wrapping it in quotation marks. This wrapped command, plus an optional command prefix, will then be executed through a call to Runtime.exec. If the original binary name provided by the user contains a quotation mark followed by a space, the resulting command line will contain multiple tokens instead of one. This issue was patched in version 9.4.52, 10.0.16, 11.0.16 and 12.0.0-beta2. | ||||
CVE-2023-36478 | 4 Debian, Eclipse, Jenkins and 1 more | 4 Debian Linux, Jetty, Jenkins and 1 more | 2024-11-21 | 7.5 High |
Eclipse Jetty provides a web server and servlet container. In versions 11.0.0 through 11.0.15, 10.0.0 through 10.0.15, and 9.0.0 through 9.4.52, an integer overflow in `MetaDataBuilder.checkSize` allows for HTTP/2 HPACK header values to exceed their size limit. `MetaDataBuilder.java` determines if a header name or value exceeds the size limit, and throws an exception if the limit is exceeded. However, when length is very large and huffman is true, the multiplication by 4 in line 295 will overflow, and length will become negative. `(_size+length)` will now be negative, and the check on line 296 will not be triggered. Furthermore, `MetaDataBuilder.checkSize` allows for user-entered HPACK header value sizes to be negative, potentially leading to a very large buffer allocation later on when the user-entered size is multiplied by 2. This means that if a user provides a negative length value (or, more precisely, a length value which, when multiplied by the 4/3 fudge factor, is negative), and this length value is a very large positive number when multiplied by 2, then the user can cause a very large buffer to be allocated on the server. Users of HTTP/2 can be impacted by a remote denial of service attack. The issue has been fixed in versions 11.0.16, 10.0.16, and 9.4.53. There are no known workarounds. | ||||
CVE-2023-34055 | 2 Redhat, Vmware | 2 Jboss Fuse, Spring Boot | 2024-11-21 | 5.3 Medium |
In Spring Boot versions 2.7.0 - 2.7.17, 3.0.0-3.0.12 and 3.1.0-3.1.5, it is possible for a user to provide specially crafted HTTP requests that may cause a denial-of-service (DoS) condition. Specifically, an application is vulnerable when all of the following are true: * the application uses Spring MVC or Spring WebFlux * org.springframework.boot:spring-boot-actuator is on the classpath | ||||
CVE-2023-34034 | 2 Redhat, Vmware | 2 Jboss Fuse, Spring Security | 2024-11-21 | 9.1 Critical |
Using "**" as a pattern in Spring Security configuration for WebFlux creates a mismatch in pattern matching between Spring Security and Spring WebFlux, and the potential for a security bypass. | ||||
CVE-2023-22602 | 3 Apache, Redhat, Vmware | 4 Shiro, Camel Spring Boot, Jboss Fuse and 1 more | 2024-11-21 | 7.5 High |
When using Apache Shiro before 1.11.0 together with Spring Boot 2.6+, a specially crafted HTTP request may cause an authentication bypass. The authentication bypass occurs when Shiro and Spring Boot are using different pattern-matching techniques. Both Shiro and Spring Boot < 2.6 default to Ant style pattern matching. Mitigation: Update to Apache Shiro 1.11.0, or set the following Spring Boot configuration value: `spring.mvc.pathmatch.matching-strategy = ant_path_matcher` | ||||
CVE-2023-20883 | 2 Redhat, Vmware | 5 Camel Spring Boot, Jboss Enterprise Bpms Platform, Jboss Fuse and 2 more | 2024-11-21 | 7.5 High |
In Spring Boot versions 3.0.0 - 3.0.6, 2.7.0 - 2.7.11, 2.6.0 - 2.6.14, 2.5.0 - 2.5.14 and older unsupported versions, there is potential for a denial-of-service (DoS) attack if Spring MVC is used together with a reverse proxy cache. | ||||
CVE-2023-20861 | 2 Redhat, Vmware | 8 Amq Broker, Camel Spring Boot, Jboss Enterprise Bpms Platform and 5 more | 2024-11-21 | 6.5 Medium |
In Spring Framework versions 6.0.0 - 6.0.6, 5.3.0 - 5.3.25, 5.2.0.RELEASE - 5.2.22.RELEASE, and older unsupported versions, it is possible for a user to provide a specially crafted SpEL expression that may cause a denial-of-service (DoS) condition. | ||||
CVE-2023-20860 | 2 Redhat, Vmware | 9 Amq Broker, Camel Spring Boot, Jboss Enterprise Bpms Platform and 6 more | 2024-11-21 | 7.5 High |
Spring Framework running version 6.0.0 - 6.0.6 or 5.3.0 - 5.3.25 using "**" as a pattern in Spring Security configuration with the mvcRequestMatcher creates a mismatch in pattern matching between Spring Security and Spring MVC, and the potential for a security bypass. | ||||
CVE-2023-1370 | 2 Json-smart Project, Redhat | 9 Json-smart, Amq Clients, Amq Streams and 6 more | 2024-11-21 | 7.5 High |
[Json-smart](https://netplex.github.io/json-smart/) is a performance focused, JSON processor lib. When reaching a ‘[‘ or ‘{‘ character in the JSON input, the code parses an array or an object respectively. It was discovered that the code does not have any limit to the nesting of such arrays or objects. Since the parsing of nested arrays and objects is done recursively, nesting too many of them can cause a stack exhaustion (stack overflow) and crash the software. | ||||
CVE-2023-1108 | 2 Netapp, Redhat | 28 Oncommand Workflow Automation, Build Of Quarkus, Camel Quarkus and 25 more | 2024-11-21 | 7.5 High |
A flaw was found in undertow. This issue makes achieving a denial of service possible due to an unexpected handshake status updated in SslConduit, where the loop never terminates. | ||||
CVE-2022-4492 | 1 Redhat | 16 Build Of Quarkus, Camel Spring Boot, Integration Camel For Spring Boot and 13 more | 2024-11-21 | 7.5 High |
The undertow client is not checking the server identity presented by the server certificate in https connections. This is a compulsory step (at least it should be performed by default) in https and in http/2. I would add it to any TLS client protocol. | ||||
CVE-2022-4245 | 2 Codehaus-plexus, Redhat | 23 Plexus-utils, A Mq Clients, Amq Broker and 20 more | 2024-11-21 | 4.3 Medium |
A flaw was found in codehaus-plexus. The org.codehaus.plexus.util.xml.XmlWriterUtil#writeComment fails to sanitize comments for a --> sequence. This issue means that text contained in the command string could be interpreted as XML and allow for XML injection. | ||||
CVE-2022-4244 | 2 Codehaus-plexus, Redhat | 23 Plexus-utils, A Mq Clients, Amq Broker and 20 more | 2024-11-21 | 7.5 High |
A flaw was found in codeplex-codehaus. A directory traversal attack (also known as path traversal) aims to access files and directories stored outside the intended folder. By manipulating files with "dot-dot-slash (../)" sequences and their variations or by using absolute file paths, it may be possible to access arbitrary files and directories stored on the file system, including application source code, configuration, and other critical system files. | ||||
CVE-2022-46364 | 2 Apache, Redhat | 10 Cxf, Camel Spring Boot, Jboss Enterprise Application Platform and 7 more | 2024-11-21 | 9.8 Critical |
A SSRF vulnerability in parsing the href attribute of XOP:Include in MTOM requests in versions of Apache CXF before 3.5.5 and 3.4.10 allows an attacker to perform SSRF style attacks on webservices that take at least one parameter of any type. | ||||
CVE-2022-46363 | 2 Apache, Redhat | 8 Cxf, Camel K, Camel Spring Boot and 5 more | 2024-11-21 | 7.5 High |
A vulnerability in Apache CXF before versions 3.5.5 and 3.4.10 allows an attacker to perform a remote directory listing or code exfiltration. The vulnerability only applies when the CXFServlet is configured with both the static-resources-list and redirect-query-check attributes. These attributes are not supposed to be used together, and so the vulnerability can only arise if the CXF service is misconfigured. | ||||
CVE-2022-45143 | 2 Apache, Redhat | 4 Tomcat, Jboss Enterprise Web Server, Jboss Fuse and 1 more | 2024-11-21 | 7.5 High |
The JsonErrorReportValve in Apache Tomcat 8.5.83, 9.0.40 to 9.0.68 and 10.1.0-M1 to 10.1.1 did not escape the type, message or description values. In some circumstances these are constructed from user provided data and it was therefore possible for users to supply values that invalidated or manipulated the JSON output. | ||||
CVE-2022-42920 | 3 Apache, Fedoraproject, Redhat | 10 Commons Bcel, Fedora, Amq Streams and 7 more | 2024-11-21 | 9.8 Critical |
Apache Commons BCEL has a number of APIs that would normally only allow changing specific class characteristics. However, due to an out-of-bounds writing issue, these APIs can be used to produce arbitrary bytecode. This could be abused in applications that pass attacker-controllable data to those APIs, giving the attacker more control over the resulting bytecode than otherwise expected. Update to Apache Commons BCEL 6.6.0. | ||||
CVE-2022-42890 | 3 Apache, Debian, Redhat | 4 Batik, Debian Linux, Camel Spring Boot and 1 more | 2024-11-21 | 7.5 High |
A vulnerability in Batik of Apache XML Graphics allows an attacker to run Java code from untrusted SVG via JavaScript. This issue affects Apache XML Graphics prior to 1.16. Users are recommended to upgrade to version 1.16. | ||||
CVE-2022-42889 | 4 Apache, Juniper, Netapp and 1 more | 20 Commons Text, Jsa1500, Jsa3500 and 17 more | 2024-11-21 | 9.8 Critical |
Apache Commons Text performs variable interpolation, allowing properties to be dynamically evaluated and expanded. The standard format for interpolation is "${prefix:name}", where "prefix" is used to locate an instance of org.apache.commons.text.lookup.StringLookup that performs the interpolation. Starting with version 1.5 and continuing through 1.9, the set of default Lookup instances included interpolators that could result in arbitrary code execution or contact with remote servers. These lookups are: - "script" - execute expressions using the JVM script execution engine (javax.script) - "dns" - resolve dns records - "url" - load values from urls, including from remote servers Applications using the interpolation defaults in the affected versions may be vulnerable to remote code execution or unintentional contact with remote servers if untrusted configuration values are used. Users are recommended to upgrade to Apache Commons Text 1.10.0, which disables the problematic interpolators by default. | ||||
CVE-2022-41966 | 2 Redhat, Xstream Project | 10 Camel Quarkus, Camel Spring Boot, Jboss Enterprise Bpms Platform and 7 more | 2024-11-21 | 8.2 High |
XStream serializes Java objects to XML and back again. Versions prior to 1.4.20 may allow a remote attacker to terminate the application with a stack overflow error, resulting in a denial of service only via manipulation the processed input stream. The attack uses the hash code implementation for collections and maps to force recursive hash calculation causing a stack overflow. This issue is patched in version 1.4.20 which handles the stack overflow and raises an InputManipulationException instead. A potential workaround for users who only use HashMap or HashSet and whose XML refers these only as default map or set, is to change the default implementation of java.util.Map and java.util per the code example in the referenced advisory. However, this implies that your application does not care about the implementation of the map and all elements are comparable. |