The Vigil@nce team watches public vulnerabilities impacting your computers, and then offers security solutions, a database and tools to fix them.

Computer vulnerabilities of Red Hat JBoss EAP

vulnerability CVE-2018-8088

Simple Logging Facade for Java: code execution via EventData XML Deserialisation

Synthesis of the vulnerability

An attacker can use a vulnerability via EventData XML Deserialisation of Simple Logging Facade for Java, in order to run code.
Impacted products: Fedora, openSUSE Leap, RHEL, JBoss EAP by Red Hat, SLF4J, SUSE Linux Enterprise Desktop, SLES.
Severity: 3/4.
Consequences: user access/rights.
Provenance: document.
Creation date: 26/03/2018.
Identifiers: 1548909, CVE-2018-8088, FEDORA-2018-a4353f97db, FEDORA-2018-a46b358764, openSUSE-SU-2018:1625-1, RHSA-2018:0582-01, RHSA-2018:0592-01, RHSA-2018:0627-01, RHSA-2018:0628-01, RHSA-2018:0629-01, RHSA-2018:0630-01, RHSA-2018:1247-01, RHSA-2018:1248-01, RHSA-2018:1249-01, RHSA-2018:1251-01, RHSA-2018:1447-01, RHSA-2018:1448-01, RHSA-2018:1449-01, RHSA-2018:1450-01, RHSA-2018:1451-01, RHSA-2018:1575-01, RHSA-2018:2419-01, RHSA-2018:2420-01, RHSA-2018:2669-01, RHSA-2018:2930-01, SUSE-SU-2018:1744-1, VIGILANCE-VUL-25650, ZOOKEEPER-2952.

Description of the vulnerability

An attacker can use a vulnerability via EventData XML Deserialisation of Simple Logging Facade for Java, in order to run code.
Full Vigil@nce bulletin... (Free trial)

vulnerability announce CVE-2017-12196

Undertow: privilege escalation via Digest Authentication URI

Synthesis of the vulnerability

An attacker can bypass restrictions via Digest Authentication URI of Undertow, in order to escalate his privileges.
Impacted products: JBoss EAP by Red Hat.
Severity: 2/4.
Consequences: privileged access/rights, user access/rights.
Provenance: intranet client.
Creation date: 13/03/2018.
Identifiers: CVE-2017-12196, RHSA-2018:0478-01, RHSA-2018:0479-01, RHSA-2018:0480-01, RHSA-2018:0481-01, VIGILANCE-VUL-25532.

Description of the vulnerability

An attacker can bypass restrictions via Digest Authentication URI of Undertow, in order to escalate his privileges.
Full Vigil@nce bulletin... (Free trial)

vulnerability bulletin CVE-2016-9585

Red Hat JBoss EAP 5: denial of service via Remote JMX Deserialization

Synthesis of the vulnerability

An attacker can generate a fatal error via Remote JMX Deserialization of Red Hat JBoss EAP 5, in order to trigger a denial of service.
Impacted products: JBoss EAP by Red Hat.
Severity: 2/4.
Consequences: denial of service on service.
Provenance: intranet client.
Creation date: 12/03/2018.
Identifiers: 1404528, CVE-2016-9585, VIGILANCE-VUL-25523.

Description of the vulnerability

An attacker can generate a fatal error via Remote JMX Deserialization of Red Hat JBoss EAP 5, in order to trigger a denial of service.
Full Vigil@nce bulletin... (Free trial)

vulnerability alert CVE-2017-12624

Apache CXF: denial of service via JAX-WS/JAX-RS

Synthesis of the vulnerability

An attacker can generate a fatal error via JAX-WS/JAX-RS of Apache CXF, in order to trigger a denial of service.
Impacted products: WebSphere AS Liberty, WebSphere AS Traditional, JBoss EAP by Red Hat.
Severity: 2/4.
Consequences: denial of service on service, denial of service on client.
Provenance: intranet client.
Creation date: 09/03/2018.
Identifiers: 2013597, 7043863, 7048591, CVE-2017-12624, ibm10715641, ibm10738249, RHSA-2018:2423-01, RHSA-2018:2424-01, RHSA-2018:2425-01, VIGILANCE-VUL-25511.

Description of the vulnerability

An attacker can generate a fatal error via JAX-WS/JAX-RS of Apache CXF, in order to trigger a denial of service.
Full Vigil@nce bulletin... (Free trial)

computer vulnerability bulletin CVE-2018-1304 CVE-2018-1305

Apache Tomcat: privilege escalation

Synthesis of the vulnerability

An attacker can bypass restrictions of Apache Tomcat, in order to escalate his privileges.
Impacted products: Tomcat, Debian, Fedora, QRadar SIEM, openSUSE Leap, Oracle Communications, Oracle Fusion Middleware, Oracle GlassFish Server, Oracle Identity Management, Solaris, Tuxedo, Oracle Virtual Directory, WebLogic, RHEL, JBoss EAP by Red Hat, SUSE Linux Enterprise Desktop, SLES, Ubuntu.
Severity: 2/4.
Consequences: client access/rights.
Provenance: document.
Number of vulnerabilities in this bulletin: 2.
Creation date: 23/02/2018.
Identifiers: bulletinapr2018, cpuapr2019, cpujul2019, cpuoct2018, CVE-2018-1304, CVE-2018-1305, DLA-1301-1, DLA-1400-1, DLA-1400-2, DLA-1450-1, DSA-4281-1, FEDORA-2018-50f0da5d38, FEDORA-2018-a233dae4ab, ibm10719117, openSUSE-SU-2018:0852-1, RHSA-2018:0465-01, RHSA-2018:0466-01, RHSA-2018:1447-01, RHSA-2018:1448-01, RHSA-2018:1449-01, RHSA-2018:1450-01, RHSA-2018:1451-01, RHSA-2019:2205-01, SUSE-SU-2018:1847-1, SUSE-SU-2018:3261-1, SUSE-SU-2018:3388-1, USN-3665-1, VIGILANCE-VUL-25358.

Description of the vulnerability

An attacker can bypass restrictions of Apache Tomcat, in order to escalate his privileges.
Full Vigil@nce bulletin... (Free trial)

computer vulnerability announce CVE-2017-12174 CVE-2018-1041

Red Hat JBoss Enterprise Application Platform: denial of service

Synthesis of the vulnerability

An attacker can generate a fatal error of Red Hat JBoss Enterprise Application Platform, in order to trigger a denial of service.
Impacted products: JBoss EAP by Red Hat.
Severity: 3/4.
Consequences: denial of service on server, denial of service on service.
Provenance: internet client.
Number of vulnerabilities in this bulletin: 2.
Creation date: 05/02/2018.
Identifiers: CVE-2017-12174, CVE-2018-1041, RHSA-2018:0268-01, RHSA-2018:0269-01, RHSA-2018:0270-01, RHSA-2018:0271-01, RHSA-2018:0275-01, RHSA-2018:0478-01, RHSA-2018:0479-01, RHSA-2018:0480-01, RHSA-2018:0481-01, VIGILANCE-VUL-25217.

Description of the vulnerability

An attacker can generate a fatal error of Red Hat JBoss Enterprise Application Platform, in order to trigger a denial of service.
Full Vigil@nce bulletin... (Free trial)

vulnerability announce CVE-2018-1048

Red Hat JBoss Enterprise Application Platform: directory traversal

Synthesis of the vulnerability

An attacker can traverse directories of Red Hat JBoss Enterprise Application Platform, in order to read a file outside the service root path.
Impacted products: JBoss EAP by Red Hat.
Severity: 2/4.
Consequences: data reading.
Provenance: internet client.
Creation date: 25/01/2018.
Identifiers: 1534343, CVE-2018-1048, RHSA-2018:0478-01, RHSA-2018:0479-01, RHSA-2018:0480-01, RHSA-2018:0481-01, VIGILANCE-VUL-25152.

Description of the vulnerability

An attacker can traverse directories of Red Hat JBoss Enterprise Application Platform, in order to read a file outside the service root path.
Full Vigil@nce bulletin... (Free trial)

vulnerability alert CVE-2018-1047

WildFly: directory traversal

Synthesis of the vulnerability

An attacker can traverse directories of WildFly, in order to read a file outside the service root path.
Impacted products: JBoss EAP by Red Hat, WildFly.
Severity: 2/4.
Consequences: data reading.
Provenance: internet client.
Creation date: 25/01/2018.
Identifiers: CVE-2018-1047, RHSA-2018:1247-01, RHSA-2018:1248-01, RHSA-2018:1249-01, RHSA-2018:1251-01, VIGILANCE-VUL-25151, WFLY-9620.

Description of the vulnerability

An attacker can traverse directories of WildFly, in order to read a file outside the service root path.
Full Vigil@nce bulletin... (Free trial)

vulnerability announce CVE-2017-12189

Red Hat JBoss EAP: privilege escalation via Init Script File Handling

Synthesis of the vulnerability

An attacker can bypass restrictions via Init Script File Handling of Red Hat JBoss EAP, in order to escalate his privileges.
Impacted products: JBoss EAP by Red Hat.
Severity: 2/4.
Consequences: administrator access/rights, privileged access/rights.
Provenance: user shell.
Creation date: 03/01/2018.
Identifiers: CVE-2017-12189, RHSA-2018:0002-01, RHSA-2018:0003-01, RHSA-2018:0004-01, RHSA-2018:0005-01, VIGILANCE-VUL-24932.

Description of the vulnerability

An attacker can bypass restrictions via Init Script File Handling of Red Hat JBoss EAP, in order to escalate his privileges.
Full Vigil@nce bulletin... (Free trial)

vulnerability CVE-2017-12167

Red Hat JBoss EAP: information disclosure via Properties Files

Synthesis of the vulnerability

An attacker can bypass access restrictions to data via Properties Files of Red Hat JBoss EAP, in order to obtain sensitive information.
Impacted products: JBoss EAP by Red Hat.
Severity: 2/4.
Consequences: data reading.
Provenance: user shell.
Creation date: 14/12/2017.
Identifiers: CVE-2017-12167, RHSA-2017:3454-01, RHSA-2017:3455-01, RHSA-2017:3456-01, RHSA-2017:3458-01, RHSA-2018:0002-01, RHSA-2018:0003-01, RHSA-2018:0004-01, RHSA-2018:0005-01, VIGILANCE-VUL-24770.

Description of the vulnerability

An attacker can bypass access restrictions to data via Properties Files of Red Hat JBoss EAP, in order to obtain sensitive information.
Full Vigil@nce bulletin... (Free trial)
Our database contains other pages. You can request a free trial to read them.

Display information about Red Hat JBoss EAP: