The Vigil@nce team watches public vulnerabilities impacting your computers, and then offers security solutions, a vigilance database and tools to fix them.

Computer vulnerabilities of JBoss EAP by Red Hat

Apache CXF: Cross Site Scripting via Endpoint Names
An attacker can trigger a Cross Site Scripting via Endpoint Names of Apache CXF, in order to run JavaScript code in the context of the web site...
6100132, CVE-2019-17573, RHSA-2020:2058-01, RHSA-2020:2059-01, RHSA-2020:2060-01, RHSA-2020:2061-01, RHSA-2020:2106-01, RHSA-2020:2107-01, RHSA-2020:2108-01, RHSA-2020:2112-01, RHSA-2020:2113-01, RHSA-2020:2511-01, RHSA-2020:2512-01, RHSA-2020:2513-01, RHSA-2020:2515-01, VIGILANCE-VUL-31835
Red Hat JBoss EAP: three vulnerabilities
An attacker can use several vulnerabilities of Red Hat JBoss Enterprise Application Platform...
CERTFR-2020-AVI-179, CVE-2019-0205, CVE-2019-0210, CVE-2019-14887, RHSA-2020:0804-01, RHSA-2020:0805-01, RHSA-2020:0806-01, RHSA-2020:0811-01, RHSA-2020:0951-01, RHSA-2020:0952-01, RHSA-2020:0961-01, RHSA-2020:0962-01, RHSA-2020:2511-01, RHSA-2020:2512-01, RHSA-2020:2513-01, RHSA-2020:2515-01, VIGILANCE-VUL-31779
FasterXML jackson-databind: privilege escalation via xbean-reflect/JNDI
An attacker can bypass restrictions via xbean-reflect/JNDI of FasterXML jackson-databind, in order to escalate his privileges...
CVE-2020-8840, DLA-2111-1, K15320518, RHSA-2020:2511-01, RHSA-2020:2512-01, RHSA-2020:2513-01, RHSA-2020:2515-01, VIGILANCE-VUL-31653
Netty: information disclosure via Transfer-Encoding Whitespace Request Smuggling
An attacker can bypass access restrictions to data via Transfer-Encoding Whitespace Request Smuggling of Netty, in order to obtain sensitive information...
CERTFR-2020-AVI-179, CVE-2020-7238, DLA-2109-1, DLA-2110-1, RHSA-2020:0605-01, RHSA-2020:0606-01, RHSA-2020:0804-01, RHSA-2020:0805-01, RHSA-2020:0806-01, RHSA-2020:0811-01, RHSA-2020:0951-01, RHSA-2020:0952-01, VIGILANCE-VUL-31647
Netty: information disclosure via HttpObjectDecoder.java Double Content-Length
An attacker can bypass access restrictions to data via HttpObjectDecoder.java Double Content-Length of Netty, in order to obtain sensitive information...
CERTFR-2020-AVI-179, CVE-2019-20445, DLA-2109-1, DLA-2110-1, DSA-2020-066, DSA-2020-067, RHSA-2020:0804-01, RHSA-2020:0805-01, RHSA-2020:0806-01, RHSA-2020:0811-01, RHSA-2020:0951-01, RHSA-2020:0952-01, VIGILANCE-VUL-31614
Netty: information disclosure via HttpObjectDecoder.java HTTP Header Injection
An attacker can bypass access restrictions to data via HttpObjectDecoder.java HTTP Header Injection of Netty, in order to obtain sensitive information...
CERTFR-2020-AVI-179, CVE-2019-20444, DLA-2109-1, DLA-2110-1, DSA-2020-066, DSA-2020-067, RHSA-2020:0804-01, RHSA-2020:0805-01, RHSA-2020:0806-01, RHSA-2020:0811-01, RHSA-2020:0951-01, RHSA-2020:0952-01, VIGILANCE-VUL-31613
FasterXML jackson-databind: external XML entity injection via jackson-mapper-asl
An attacker can transmit malicious XML data via jackson-mapper-asl to FasterXML jackson-databind, in order to read a file, scan sites, or trigger a denial of service...
6198380, CVE-2019-10172, DLA-2091-1, RHSA-2020:2058-01, RHSA-2020:2059-01, RHSA-2020:2060-01, RHSA-2020:2061-01, RHSA-2020:2106-01, RHSA-2020:2107-01, RHSA-2020:2108-01, RHSA-2020:2112-01, RHSA-2020:2113-01, RHSA-2020:2511-01, RHSA-2020:2512-01, RHSA-2020:2513-01, RHSA-2020:2515-01, VIGILANCE-VUL-31485
Cryptacular: denial of service via CiphertextHeader Decode Operation
An attacker can trigger a fatal error via CiphertextHeader Decode Operation of Cryptacular, in order to trigger a denial of service...
52, CVE-2020-7226, RHSA-2020:2058-01, RHSA-2020:2059-01, RHSA-2020:2060-01, RHSA-2020:2061-01, RHSA-2020:2106-01, RHSA-2020:2107-01, RHSA-2020:2108-01, RHSA-2020:2112-01, RHSA-2020:2113-01, RHSA-2020:2511-01, RHSA-2020:2512-01, RHSA-2020:2513-01, RHSA-2020:2515-01, VIGILANCE-VUL-31437
FasterXML jackson-databind: code execution via Xalan Serialization Gadgets
An attacker can use a vulnerability via Xalan Serialization Gadgets of FasterXML jackson-databind, in order to run code...
CVE-2019-14893, RHSA-2020:0159-01, RHSA-2020:0160-01, RHSA-2020:0161-01, RHSA-2020:0164-01, RHSA-2020:0445-01, VIGILANCE-VUL-31385
FasterXML jackson-databind: code execution via Commons-configuration Serialization Gadgets
An attacker can use a vulnerability via Commons-configuration Serialization Gadgets of FasterXML jackson-databind, in order to run code...
CVE-2019-14892, RHSA-2020:0159-01, RHSA-2020:0160-01, RHSA-2020:0161-01, RHSA-2020:0164-01, RHSA-2020:0445-01, VIGILANCE-VUL-31384
Our database contains other pages. You can request a free trial to read them.

Display information about JBoss EAP by Red Hat: