Filtered by vendor Redhat
Subscriptions
Filtered by product Jboss Enterprise Application Platform
Subscriptions
Total
548 CVE
CVE | Vendors | Products | Updated | CVSS v3.1 |
---|---|---|---|---|
CVE-2023-4503 | 1 Redhat | 4 Enterprise Linux, Jboss Enterprise Application Platform, Jboss Enterprise Application Platform Expansion Pack and 1 more | 2024-11-21 | 6.8 Medium |
An improper initialization vulnerability was found in Galleon. When using Galleon to provision custom EAP or EAP-XP servers, the servers are created unsecured. This issue could allow an attacker to access remote HTTP services available from the server. | ||||
CVE-2023-4043 | 2 Eclipse, Redhat | 6 Parsson, Camel Quarkus, Camel Spring Boot and 3 more | 2024-11-21 | 5.9 Medium |
In Eclipse Parsson before versions 1.1.4 and 1.0.5, Parsing JSON from untrusted sources can lead malicious actors to exploit the fact that the built-in support for parsing numbers with large scale in Java has a number of edge cases where the input text of a number can lead to much larger processing time than one would expect. To mitigate the risk, parsson put in place a size limit for the numbers as well as their scale. | ||||
CVE-2023-44483 | 2 Apache, Redhat | 6 Santuario Xml Security For Java, Apache Camel Spring Boot, Camel Quarkus and 3 more | 2024-11-21 | 6.5 Medium |
All versions of Apache Santuario - XML Security for Java prior to 2.2.6, 2.3.4, and 3.0.3, when using the JSR 105 API, are vulnerable to an issue where a private key may be disclosed in log files when generating an XML Signature and logging with debug level is enabled. Users are recommended to upgrade to version 2.2.6, 2.3.4, or 3.0.3, which fixes this issue. | ||||
CVE-2023-3223 | 1 Redhat | 20 Enterprise Linux, Integration, Jboss Data Grid and 17 more | 2024-11-21 | 7.5 High |
A flaw was found in undertow. Servlets annotated with @MultipartConfig may cause an OutOfMemoryError due to large multipart content. This may allow unauthorized users to cause remote Denial of Service (DoS) attack. If the server uses fileSizeThreshold to limit the file size, it's possible to bypass the limit by setting the file name in the request to null. | ||||
CVE-2023-3171 | 1 Redhat | 3 Enterprise Linux, Jboss Enterprise Application Platform, Jboss Enterprise Application Platform Eus | 2024-11-21 | 7.5 High |
A flaw was found in EAP-7 during deserialization of certain classes, which permits instantiation of HashMap and HashTable with no checks on resources consumed. This issue could allow an attacker to submit malicious requests using these classes, which could eventually exhaust the heap and result in a Denial of Service. | ||||
CVE-2023-39410 | 2 Apache, Redhat | 6 Avro, Camel Quarkus, Jboss Enterprise Application Platform and 3 more | 2024-11-21 | 7.5 High |
When deserializing untrusted or corrupted data, it is possible for a reader to consume memory beyond the allowed constraints and thus lead to out of memory on the system. This issue affects Java applications using Apache Avro Java SDK up to and including 1.11.2. Users should update to apache-avro version 1.11.3 which addresses this issue. | ||||
CVE-2023-35887 | 2 Apache, Redhat | 4 Sshd, Jboss Data Grid, Jboss Enterprise Application Platform and 1 more | 2024-11-21 | 5 Medium |
Exposure of Sensitive Information to an Unauthorized Actor vulnerability in Apache Software Foundation Apache MINA. In SFTP servers implemented using Apache MINA SSHD that use a RootedFileSystem, logged users may be able to discover "exists/does not exist" information about items outside the rooted tree via paths including parent navigation ("..") beyond the root, or involving symlinks. This issue affects Apache MINA: from 1.0 before 2.10. Users are recommended to upgrade to 2.10 | ||||
CVE-2023-34462 | 2 Netty, Redhat | 11 Netty, Amq Broker, Amq Clients and 8 more | 2024-11-21 | 6.5 Medium |
Netty is an asynchronous event-driven network application framework for rapid development of maintainable high performance protocol servers & clients. The `SniHandler` can allocate up to 16MB of heap for each channel during the TLS handshake. When the handler or the channel does not have an idle timeout, it can be used to make a TCP server using the `SniHandler` to allocate 16MB of heap. The `SniHandler` class is a handler that waits for the TLS handshake to configure a `SslHandler` according to the indicated server name by the `ClientHello` record. For this matter it allocates a `ByteBuf` using the value defined in the `ClientHello` record. Normally the value of the packet should be smaller than the handshake packet but there are not checks done here and the way the code is written, it is possible to craft a packet that makes the `SslClientHelloHandler`. This vulnerability has been fixed in version 4.1.94.Final. | ||||
CVE-2023-2976 | 2 Google, Redhat | 10 Guava, Amq Broker, Amq Streams and 7 more | 2024-11-21 | 5.5 Medium |
Use of Java's default temporary directory for file creation in `FileBackedOutputStream` in Google Guava versions 1.0 to 31.1 on Unix systems and Android Ice Cream Sandwich allows other users and apps on the machine with access to the default Java temporary directory to be able to access the files created by the class. Even though the security vulnerability is fixed in version 32.0.0, we recommend using version 32.0.1 as version 32.0.0 breaks some functionality under Windows. | ||||
CVE-2023-26464 | 2 Apache, Redhat | 4 Log4j, Jboss Enterprise Application Platform, Jboss Enterprise Application Platform Eus and 1 more | 2024-11-21 | 7.5 High |
** UNSUPPORTED WHEN ASSIGNED ** When using the Chainsaw or SocketAppender components with Log4j 1.x on JRE less than 1.7, an attacker that manages to cause a logging entry involving a specially-crafted (ie, deeply nested) hashmap or hashtable (depending on which logging component is in use) to be processed could exhaust the available memory in the virtual machine and achieve Denial of Service when the object is deserialized. This issue affects Apache Log4j before 2. Affected users are recommended to update to Log4j 2.x. NOTE: This vulnerability only affects products that are no longer supported by the maintainer. | ||||
CVE-2023-26049 | 4 Debian, Eclipse, Netapp and 1 more | 15 Debian Linux, Jetty, Active Iq Unified Manager and 12 more | 2024-11-21 | 2.4 Low |
Jetty is a java based web server and servlet engine. Nonstandard cookie parsing in Jetty may allow an attacker to smuggle cookies within other cookies, or otherwise perform unintended behavior by tampering with the cookie parsing mechanism. If Jetty sees a cookie VALUE that starts with `"` (double quote), it will continue to read the cookie string until it sees a closing quote -- even if a semicolon is encountered. So, a cookie header such as: `DISPLAY_LANGUAGE="b; JSESSIONID=1337; c=d"` will be parsed as one cookie, with the name DISPLAY_LANGUAGE and a value of b; JSESSIONID=1337; c=d instead of 3 separate cookies. This has security implications because if, say, JSESSIONID is an HttpOnly cookie, and the DISPLAY_LANGUAGE cookie value is rendered on the page, an attacker can smuggle the JSESSIONID cookie into the DISPLAY_LANGUAGE cookie and thereby exfiltrate it. This is significant when an intermediary is enacting some policy based on cookies, so a smuggled cookie can bypass that policy yet still be seen by the Jetty server or its logging system. This issue has been addressed in versions 9.4.51, 10.0.14, 11.0.14, and 12.0.0.beta0 and users are advised to upgrade. There are no known workarounds for this issue. | ||||
CVE-2023-26048 | 2 Eclipse, Redhat | 8 Jetty, Amq Streams, Camel Spring Boot and 5 more | 2024-11-21 | 5.3 Medium |
Jetty is a java based web server and servlet engine. In affected versions servlets with multipart support (e.g. annotated with `@MultipartConfig`) that call `HttpServletRequest.getParameter()` or `HttpServletRequest.getParts()` may cause `OutOfMemoryError` when the client sends a multipart request with a part that has a name but no filename and very large content. This happens even with the default settings of `fileSizeThreshold=0` which should stream the whole part content to disk. An attacker client may send a large multipart request and cause the server to throw `OutOfMemoryError`. However, the server may be able to recover after the `OutOfMemoryError` and continue its service -- although it may take some time. This issue has been patched in versions 9.4.51, 10.0.14, and 11.0.14. Users are advised to upgrade. Users unable to upgrade may set the multipart parameter `maxRequestSize` which must be set to a non-negative value, so the whole multipart content is limited (although still read into memory). | ||||
CVE-2023-1436 | 2 Jettison Project, Redhat | 9 Jettison, Camel Quarkus, Camel Spring Boot and 6 more | 2024-11-21 | 5.9 Medium |
An infinite recursion is triggered in Jettison when constructing a JSONArray from a Collection that contains a self-reference in one of its elements. This leads to a StackOverflowError exception being thrown. | ||||
CVE-2023-1108 | 2 Netapp, Redhat | 28 Oncommand Workflow Automation, Build Of Quarkus, Camel Quarkus and 25 more | 2024-11-21 | 7.5 High |
A flaw was found in undertow. This issue makes achieving a denial of service possible due to an unexpected handshake status updated in SslConduit, where the loop never terminates. | ||||
CVE-2023-0482 | 1 Redhat | 8 Amq Broker, Amq Streams, Jboss Enterprise Application Platform and 5 more | 2024-11-21 | 5.5 Medium |
In RESTEasy the insecure File.createTempFile() is used in the DataSourceProvider, FileProvider and Mime4JWorkaround classes which creates temp files with insecure permissions that could be read by a local user. | ||||
CVE-2022-4492 | 1 Redhat | 16 Build Of Quarkus, Camel Spring Boot, Integration Camel For Spring Boot and 13 more | 2024-11-21 | 7.5 High |
The undertow client is not checking the server identity presented by the server certificate in https connections. This is a compulsory step (at least it should be performed by default) in https and in http/2. I would add it to any TLS client protocol. | ||||
CVE-2022-4245 | 2 Codehaus-plexus, Redhat | 23 Plexus-utils, A Mq Clients, Amq Broker and 20 more | 2024-11-21 | 4.3 Medium |
A flaw was found in codehaus-plexus. The org.codehaus.plexus.util.xml.XmlWriterUtil#writeComment fails to sanitize comments for a --> sequence. This issue means that text contained in the command string could be interpreted as XML and allow for XML injection. | ||||
CVE-2022-4244 | 2 Codehaus-plexus, Redhat | 23 Plexus-utils, A Mq Clients, Amq Broker and 20 more | 2024-11-21 | 7.5 High |
A flaw was found in codeplex-codehaus. A directory traversal attack (also known as path traversal) aims to access files and directories stored outside the intended folder. By manipulating files with "dot-dot-slash (../)" sequences and their variations or by using absolute file paths, it may be possible to access arbitrary files and directories stored on the file system, including application source code, configuration, and other critical system files. | ||||
CVE-2022-46364 | 2 Apache, Redhat | 10 Cxf, Camel Spring Boot, Jboss Enterprise Application Platform and 7 more | 2024-11-21 | 9.8 Critical |
A SSRF vulnerability in parsing the href attribute of XOP:Include in MTOM requests in versions of Apache CXF before 3.5.5 and 3.4.10 allows an attacker to perform SSRF style attacks on webservices that take at least one parameter of any type. | ||||
CVE-2022-46363 | 2 Apache, Redhat | 8 Cxf, Camel K, Camel Spring Boot and 5 more | 2024-11-21 | 7.5 High |
A vulnerability in Apache CXF before versions 3.5.5 and 3.4.10 allows an attacker to perform a remote directory listing or code exfiltration. The vulnerability only applies when the CXFServlet is configured with both the static-resources-list and redirect-query-check attributes. These attributes are not supposed to be used together, and so the vulnerability can only arise if the CXF service is misconfigured. |