📦 Jboss Enterprise Application Platform
by Redhat
🔍 What is Jboss Enterprise Application Platform?
Description coming soon...
🛡️ Security Overview
Click on a severity to filter vulnerabilities
⚠️ Known Vulnerabilities
This vulnerability in Undertow allows malicious clients to send malformed requests that trigger server-side stream resets without incrementing abuse counters. This 'MadeYouReset' attack enables denial...
This vulnerability in WildFly Elytron integration allows attackers to perform brute force attacks against CLI authentication due to insufficient rate limiting. Systems using WildFly with Elytron authe...
CVE-2023-44487 is an HTTP/2 protocol vulnerability that allows attackers to cause denial of service by rapidly resetting streams, consuming server resources. This affects any system using HTTP/2, incl...
CVE-2023-1108 is a denial-of-service vulnerability in Undertow's SSL/TLS implementation where an infinite loop in the handshake process can crash the server. This affects any system running vulnerable...
CVE-2022-4492 is a server certificate validation bypass vulnerability in Undertow HTTP client. It allows attackers to perform man-in-the-middle attacks by presenting invalid certificates that should b...
CVE-2021-3717 is a security flaw in Wildfly's elytron configuration that incorrectly handles JBOSS_LOCAL_USER challenges. This allows any local user on the machine to gain JBOSS_LOCAL_USER access, pot...
CVE-2022-0853 is a memory leak vulnerability in JBoss client applications that repeatedly use UserTransaction. This allows attackers to cause information leakage by exhausting memory resources. Organi...
This vulnerability allows remote attackers to execute arbitrary code by exploiting a deserialization flaw in HornetQ/Artemis JMS ObjectMessage handling. It affects JBoss EAP 7 systems using the vulner...
CVE-2021-4104 is a deserialization vulnerability in Log4j 1.2's JMSAppender that allows remote code execution when attackers can modify Log4j configuration files. This affects systems running Log4j 1....
CVE-2020-25710 is an assertion failure vulnerability in OpenLDAP's csnNormalize23() function that allows remote attackers to crash the LDAP service by sending specially crafted packets. This affects O...
CVE-2019-19343 is a memory leak vulnerability in Undertow's HttpOpenListener when using Remoting in Red Hat JBoss EAP. This flaw allows attackers to cause denial of service by exhausting server memory...
This vulnerability in Infinispan CLI exposes sensitive passwords in error messages when commands fail. Attackers could potentially capture passwords by triggering command errors. This affects systems ...
This vulnerability allows users with Monitor or Auditor roles in Wildfly Server to suspend or resume the server despite having only read permissions. It affects Wildfly Server deployments using Role B...
This vulnerability allows attackers to bypass Hibernate Validator's SafeHtml validation by omitting tag endings with less-than characters. This enables HTML injection and Cross-Site Scripting (XSS) at...