ReportizFlow
Filtered by vendor Redhat
Subscriptions
Filtered by product Jboss Enterprise Application Platform
Subscriptions
Total
548 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2021-29425 | 5 Apache, Debian, Netapp and 2 more | 69 Commons Io, Debian Linux, Active Iq Unified Manager and 66 more | 2024-11-21 | 4.8 Medium |
| In Apache Commons IO before 2.7, When invoking the method FileNameUtils.normalize with an improper input string, like "//../foo", or "\\..\foo", the result would be the same value, thus possibly providing access to files in the parent directory, but not further above (thus "limited" path traversal), if the calling code would use the result to construct a path value. | ||||
| CVE-2021-28170 | 4 Eclipse, Oracle, Quarkus and 1 more | 11 Jakarta Expression Language, Communications Cloud Native Core Policy, Weblogic Server and 8 more | 2024-11-21 | 5.3 Medium |
| In the Jakarta Expression Language implementation 3.0.3 and earlier, a bug in the ELParserTokenManager enables invalid EL expressions to be evaluated as if they were valid. | ||||
| CVE-2021-23445 | 2 Datatables, Redhat | 2 Datatables.net, Jboss Enterprise Application Platform | 2024-11-21 | 3.1 Low |
| This affects the package datatables.net before 1.11.3. If an array is passed to the HTML escape entities function it would not have its contents escaped. | ||||
| CVE-2021-21409 | 6 Debian, Netapp, Netty and 3 more | 29 Debian Linux, Oncommand Api Services, Oncommand Workflow Automation and 26 more | 2024-11-21 | 5.9 Medium |
| Netty is an open-source, asynchronous event-driven network application framework for rapid development of maintainable high performance protocol servers & clients. In Netty (io.netty:netty-codec-http2) before version 4.1.61.Final there is a vulnerability that enables request smuggling. The content-length header is not correctly validated if the request only uses a single Http2HeaderFrame with the endStream set to to true. This could lead to request smuggling if the request is proxied to a remote peer and translated to HTTP/1.1. This is a followup of GHSA-wm47-8v5p-wjpj/CVE-2021-21295 which did miss to fix this one case. This was fixed as part of 4.1.61.Final. | ||||
| CVE-2021-21295 | 7 Apache, Debian, Netapp and 4 more | 19 Kudu, Zookeeper, Debian Linux and 16 more | 2024-11-21 | 5.9 Medium |
| Netty is an open-source, asynchronous event-driven network application framework for rapid development of maintainable high performance protocol servers & clients. In Netty (io.netty:netty-codec-http2) before version 4.1.60.Final there is a vulnerability that enables request smuggling. If a Content-Length header is present in the original HTTP/2 request, the field is not validated by `Http2MultiplexHandler` as it is propagated up. This is fine as long as the request is not proxied through as HTTP/1.1. If the request comes in as an HTTP/2 stream, gets converted into the HTTP/1.1 domain objects (`HttpRequest`, `HttpContent`, etc.) via `Http2StreamFrameToHttpObjectCodec `and then sent up to the child channel's pipeline and proxied through a remote peer as HTTP/1.1 this may result in request smuggling. In a proxy case, users may assume the content-length is validated somehow, which is not the case. If the request is forwarded to a backend channel that is a HTTP/1.1 connection, the Content-Length now has meaning and needs to be checked. An attacker can smuggle requests inside the body as it gets downgraded from HTTP/2 to HTTP/1.1. For an example attack refer to the linked GitHub Advisory. Users are only affected if all of this is true: `HTTP2MultiplexCodec` or `Http2FrameCodec` is used, `Http2StreamFrameToHttpObjectCodec` is used to convert to HTTP/1.1 objects, and these HTTP/1.1 objects are forwarded to another remote peer. This has been patched in 4.1.60.Final As a workaround, the user can do the validation by themselves by implementing a custom `ChannelInboundHandler` that is put in the `ChannelPipeline` behind `Http2StreamFrameToHttpObjectCodec`. | ||||
| CVE-2021-21290 | 6 Debian, Netapp, Netty and 3 more | 27 Debian Linux, Active Iq Unified Manager, Cloud Secure Agent and 24 more | 2024-11-21 | 6.2 Medium |
| Netty is an open-source, asynchronous event-driven network application framework for rapid development of maintainable high performance protocol servers & clients. In Netty before version 4.1.59.Final there is a vulnerability on Unix-like systems involving an insecure temp file. When netty's multipart decoders are used local information disclosure can occur via the local system temporary directory if temporary storing uploads on the disk is enabled. On unix-like systems, the temporary directory is shared between all user. As such, writing to this directory using APIs that do not explicitly set the file/directory permissions can lead to information disclosure. Of note, this does not impact modern MacOS Operating Systems. The method "File.createTempFile" on unix-like systems creates a random file, but, by default will create this file with the permissions "-rw-r--r--". Thus, if sensitive information is written to this file, other local users can read this information. This is the case in netty's "AbstractDiskHttpData" is vulnerable. This has been fixed in version 4.1.59.Final. As a workaround, one may specify your own "java.io.tmpdir" when you start the JVM or use "DefaultHttpDataFactory.setBaseDir(...)" to set the directory to something that is only readable by the current user. | ||||
| CVE-2021-20318 | 1 Redhat | 1 Jboss Enterprise Application Platform | 2024-11-21 | 7.2 High |
| The HornetQ component of Artemis in EAP 7 was not updated with the fix for CVE-2016-4978. A remote attacker could use this flaw to execute arbitrary code with the permissions of the application using a JMS ObjectMessage. | ||||
| CVE-2021-20289 | 4 Netapp, Oracle, Quarkus and 1 more | 12 Oncommand Insight, Communications Cloud Native Core Console, Quarkus and 9 more | 2024-11-21 | 5.3 Medium |
| A flaw was found in RESTEasy in all versions of RESTEasy up to 4.6.0.Final. The endpoint class and method names are returned as part of the exception response when RESTEasy cannot convert one of the request URI path or query values to the matching JAX-RS resource method's parameter value. The highest threat from this vulnerability is to data confidentiality. | ||||
| CVE-2021-20250 | 1 Redhat | 5 Jboss-ejb-client, Jboss Enterprise Application Platform, Jboss Enterprise Application Platform Expansion Pack and 2 more | 2024-11-21 | 4.3 Medium |
| A flaw was found in wildfly. The JBoss EJB client has publicly accessible privileged actions which may lead to information disclosure on the server it is deployed on. The highest threat from this vulnerability is to data confidentiality. | ||||
| CVE-2021-20220 | 2 Netapp, Redhat | 6 Active Iq Unified Manager, Oncommand Workflow Automation, Jboss Enterprise Application Platform and 3 more | 2024-11-21 | 4.8 Medium |
| A flaw was found in Undertow. A regression in the fix for CVE-2020-10687 was found. HTTP request smuggling related to CVE-2017-2666 is possible against HTTP/1.x and HTTP/2 due to permitting invalid characters in an HTTP request. This flaw allows an attacker to poison a web-cache, perform an XSS attack, or obtain sensitive information from request other than their own. The highest threat from this vulnerability is to data confidentiality and integrity. | ||||
| CVE-2020-9548 | 5 Debian, Fasterxml, Netapp and 2 more | 35 Debian Linux, Jackson-databind, Active Iq Unified Manager and 32 more | 2024-11-21 | 9.8 Critical |
| FasterXML jackson-databind 2.x before 2.9.10.4 mishandles the interaction between serialization gadgets and typing, related to br.com.anteros.dbcp.AnterosDBCPConfig (aka anteros-core). | ||||
| CVE-2020-9547 | 5 Debian, Fasterxml, Netapp and 2 more | 27 Debian Linux, Jackson-databind, Active Iq Unified Manager and 24 more | 2024-11-21 | 9.8 Critical |
| FasterXML jackson-databind 2.x before 2.9.10.4 mishandles the interaction between serialization gadgets and typing, related to com.ibatis.sqlmap.engine.transaction.jta.JtaTransactionConfig (aka ibatis-sqlmap). | ||||
| CVE-2020-9546 | 5 Debian, Fasterxml, Netapp and 2 more | 41 Debian Linux, Jackson-databind, Active Iq Unified Manager and 38 more | 2024-11-21 | 9.8 Critical |
| FasterXML jackson-databind 2.x before 2.9.10.4 mishandles the interaction between serialization gadgets and typing, related to org.apache.hadoop.shaded.com.zaxxer.hikari.HikariConfig (aka shaded hikari-config). | ||||
| CVE-2020-8908 | 5 Google, Netapp, Oracle and 2 more | 20 Guava, Active Iq Unified Manager, Commerce Guided Search and 17 more | 2024-11-21 | 3.3 Low |
| A temp directory creation vulnerability exists in all versions of Guava, allowing an attacker with access to the machine to potentially access data in a temporary directory created by the Guava API com.google.common.io.Files.createTempDir(). By default, on unix-like systems, the created directory is world-readable (readable by an attacker with access to the system). The method in question has been marked @Deprecated in versions 30.0 and later and should not be used. For Android developers, we recommend choosing a temporary directory API provided by Android, such as context.getCacheDir(). For other Java developers, we recommend migrating to the Java 7 API java.nio.file.Files.createTempDirectory() which explicitly configures permissions of 700, or configuring the Java runtime's java.io.tmpdir system property to point to a location whose permissions are appropriately configured. | ||||
| CVE-2020-8840 | 6 Debian, Fasterxml, Huawei and 3 more | 19 Debian Linux, Jackson-databind, Oceanstor 9000 and 16 more | 2024-11-21 | 9.8 Critical |
| FasterXML jackson-databind 2.0.0 through 2.9.10.2 lacks certain xbean-reflect/JNDI blocking, as demonstrated by org.apache.xbean.propertyeditor.JndiConverter. | ||||
| CVE-2020-7238 | 4 Debian, Fedoraproject, Netty and 1 more | 20 Debian Linux, Fedora, Netty and 17 more | 2024-11-21 | 7.5 High |
| Netty 4.1.43.Final allows HTTP Request Smuggling because it mishandles Transfer-Encoding whitespace (such as a [space]Transfer-Encoding:chunked line) and a later Content-Length header. This issue exists because of an incomplete fix for CVE-2019-16869. | ||||
| CVE-2020-7226 | 3 Oracle, Redhat, Vt | 7 Communications Services Gatekeeper, Webcenter Sites, Weblogic Server and 4 more | 2024-11-21 | 7.5 High |
| CiphertextHeader.java in Cryptacular 1.2.3, as used in Apereo CAS and other products, allows attackers to trigger excessive memory allocation during a decode operation, because the nonce array length associated with "new byte" may depend on untrusted input within the header of encoded data. | ||||
| CVE-2020-6950 | 3 Eclipse, Oracle, Redhat | 14 Mojarra, Banking Enterprise Default Management, Banking Platform and 11 more | 2024-11-21 | 6.5 Medium |
| Directory traversal in Eclipse Mojarra before 2.3.14 allows attackers to read arbitrary files via the loc parameter or con parameter. | ||||
| CVE-2020-36518 | 5 Debian, Fasterxml, Netapp and 2 more | 48 Debian Linux, Jackson-databind, Active Iq Unified Manager and 45 more | 2024-11-21 | 7.5 High |
| jackson-databind before 2.13.0 allows a Java StackOverflow exception and denial of service via a large depth of nested objects. | ||||
| CVE-2020-35510 | 1 Redhat | 5 Jboss-remoting, Jboss Enterprise Application Platform, Jboss Fuse and 2 more | 2024-11-21 | 5.9 Medium |
| A flaw was found in jboss-remoting in versions before 5.0.20.SP1-redhat-00001. A malicious attacker could cause threads to hold up forever in the EJB server by writing a sequence of bytes corresponding to the expected messages of a successful EJB client request, but omitting the ACK messages, or just tamper with jboss-remoting code, deleting the lines that send the ACK message from the EJB client code resulting in a denial of service. The highest threat from this vulnerability is to system availability. | ||||