The Vigil@nce team watches public vulnerabilities impacting your computers, and then offers security solutions, a database and tools to fix them.

Computer vulnerabilities of Red Hat JBoss EAP

security vulnerability CVE-2017-7465

Red Hat JBoss EAP: code execution via XSL JAXP

Synthesis of the vulnerability

An attacker can use a vulnerability via XSL JAXP of Red Hat JBoss EAP, in order to run code.
Severity: 2/4.
Creation date: 28/06/2018.
Identifiers: 1439980, CVE-2017-7465, VIGILANCE-VUL-26578.
Full Vigil@nce bulletin... (Free trial)

Description of the vulnerability

An attacker can use a vulnerability via XSL JAXP of Red Hat JBoss EAP, in order to run code.
Full Vigil@nce bulletin... (Free trial)

computer vulnerability CVE-2018-1000180

Bouncy Castle: vulnerability via RSA Digital Signature Prime Generation

Synthesis of the vulnerability

A vulnerability via RSA Digital Signature Prime Generation of Bouncy Castle was announced.
Severity: 1/4.
Creation date: 06/06/2018.
Identifiers: CERTFR-2019-AVI-325, cpuapr2019, cpujan2019, cpujul2019, CVE-2018-1000180, DSA-4233-1, FEDORA-2018-ceced55c5e, FEDORA-2018-da9fe79871, JSA10939, openSUSE-SU-2018:2820-1, RHSA-2018:2423-01, RHSA-2018:2424-01, RHSA-2018:2425-01, RHSA-2018:2669-01, VIGILANCE-VUL-26323.
Full Vigil@nce bulletin... (Free trial)

Description of the vulnerability

A vulnerability via RSA Digital Signature Prime Generation of Bouncy Castle was announced.
Full Vigil@nce bulletin... (Free trial)

security bulletin CVE-2018-7489

jackson-databind: code execution via Deserializing

Synthesis of the vulnerability

An attacker can use a vulnerability via Deserializing of jackson-databind, in order to run code.
Severity: 2/4.
Creation date: 04/05/2018.
Identifiers: 5048, 521680, 521682, 527583, cpuapr2019, cpujan2019, cpujul2018, cpuoct2018, CVE-2018-7489, DSA-2018-096, DSA-2018-102, DSA-2018-207, DSA-4190-1, RHSA-2018:1447-01, RHSA-2018:1448-01, RHSA-2018:1449-01, RHSA-2018:1450-01, RHSA-2018:1451-01, RHSA-2018:2088-01, RHSA-2018:2089-01, RHSA-2018:2090-01, VIGILANCE-VUL-26043.
Full Vigil@nce bulletin... (Free trial)

Description of the vulnerability

An attacker can use a vulnerability via Deserializing of jackson-databind, in order to run code.
Full Vigil@nce bulletin... (Free trial)

computer threat bulletin CVE-2018-1067

Undertow: HTTP header injection

Synthesis of the vulnerability

An attacker can inject HTTP headers in Undertow, in order to read or alter data.
Severity: 2/4.
Creation date: 26/04/2018.
Identifiers: CVE-2018-1067, RHSA-2018:1247-01, RHSA-2018:1248-01, RHSA-2018:1249-01, RHSA-2018:1251-01, VIGILANCE-VUL-25990.
Full Vigil@nce bulletin... (Free trial)

Description of the vulnerability

An attacker can inject HTTP headers in Undertow, in order to read or alter data.
Full Vigil@nce bulletin... (Free trial)

cybersecurity alert CVE-2011-4314

OpenID4Java: read-write access via Attribute Exchange

Synthesis of the vulnerability

An attacker can bypass access restrictions via Attribute Exchange of OpenID4Java, in order to read or alter data.
Severity: 2/4.
Creation date: 25/04/2018.
Identifiers: 2015821, 2 Apr 2012 20:14:16, CVE-2011-4314, RHSA-2011:1798-01, RHSA-2011:1799-01, RHSA-2011:1800-01, RHSA-2011:1802-01, RHSA-2011:1803-01, RHSA-2011:1804-01, RHSA-2011:1805-01, RHSA-2011:1806-01, RHSA-2012:0378-01, RHSA-2012:0519-01, VIGILANCE-VUL-25976.
Full Vigil@nce bulletin... (Free trial)

Description of the vulnerability

An attacker can bypass access restrictions via Attribute Exchange of OpenID4Java, in order to read or alter data.
Full Vigil@nce bulletin... (Free trial)

weakness bulletin CVE-2014-0193

Netty: denial of service via WebSocket08FrameDecoder

Synthesis of the vulnerability

An attacker can generate a fatal error via WebSocket08FrameDecoder of Netty, in order to trigger a denial of service.
Severity: 2/4.
Creation date: 25/04/2018.
Identifiers: 2015818, CVE-2014-0193, RHSA-2014:0818-01, RHSA-2014:0910-01, RHSA-2014:1019-01, RHSA-2014:1020-01, RHSA-2014:1021-01, RHSA-2014:1351-01, RHSA-2015:0234-01, RHSA-2015:0235-01, RHSA-2015:0675-01, RHSA-2015:0720-01, RHSA-2015:0765-01, RHSA-2015:1009, VIGILANCE-VUL-25974.
Full Vigil@nce bulletin... (Free trial)

Description of the vulnerability

An attacker can generate a fatal error via WebSocket08FrameDecoder of Netty, in order to trigger a denial of service.
Full Vigil@nce bulletin... (Free trial)

cybersecurity announce CVE-2018-8088

Simple Logging Facade for Java: code execution via EventData XML Deserialisation

Synthesis of the vulnerability

An attacker can use a vulnerability via EventData XML Deserialisation of Simple Logging Facade for Java, in order to run code.
Severity: 3/4.
Creation date: 26/03/2018.
Identifiers: 1548909, CVE-2018-8088, FEDORA-2018-a4353f97db, FEDORA-2018-a46b358764, openSUSE-SU-2018:1625-1, RHSA-2018:0582-01, RHSA-2018:0592-01, RHSA-2018:0627-01, RHSA-2018:0628-01, RHSA-2018:0629-01, RHSA-2018:0630-01, RHSA-2018:1247-01, RHSA-2018:1248-01, RHSA-2018:1249-01, RHSA-2018:1251-01, RHSA-2018:1447-01, RHSA-2018:1448-01, RHSA-2018:1449-01, RHSA-2018:1450-01, RHSA-2018:1451-01, RHSA-2018:1575-01, RHSA-2018:2419-01, RHSA-2018:2420-01, RHSA-2018:2669-01, RHSA-2018:2930-01, SUSE-SU-2018:1744-1, VIGILANCE-VUL-25650, ZOOKEEPER-2952.
Full Vigil@nce bulletin... (Free trial)

Description of the vulnerability

An attacker can use a vulnerability via EventData XML Deserialisation of Simple Logging Facade for Java, in order to run code.
Full Vigil@nce bulletin... (Free trial)

threat note CVE-2017-12196

Undertow: privilege escalation via Digest Authentication URI

Synthesis of the vulnerability

An attacker can bypass restrictions via Digest Authentication URI of Undertow, in order to escalate his privileges.
Severity: 2/4.
Creation date: 13/03/2018.
Identifiers: CVE-2017-12196, RHSA-2018:0478-01, RHSA-2018:0479-01, RHSA-2018:0480-01, RHSA-2018:0481-01, VIGILANCE-VUL-25532.
Full Vigil@nce bulletin... (Free trial)

Description of the vulnerability

An attacker can bypass restrictions via Digest Authentication URI of Undertow, in order to escalate his privileges.
Full Vigil@nce bulletin... (Free trial)

vulnerability alert CVE-2016-9585

Red Hat JBoss EAP 5: denial of service via Remote JMX Deserialization

Synthesis of the vulnerability

An attacker can generate a fatal error via Remote JMX Deserialization of Red Hat JBoss EAP 5, in order to trigger a denial of service.
Severity: 2/4.
Creation date: 12/03/2018.
Identifiers: 1404528, CVE-2016-9585, VIGILANCE-VUL-25523.
Full Vigil@nce bulletin... (Free trial)

Description of the vulnerability

An attacker can generate a fatal error via Remote JMX Deserialization of Red Hat JBoss EAP 5, in order to trigger a denial of service.
Full Vigil@nce bulletin... (Free trial)

computer threat CVE-2017-12624

Apache CXF: denial of service via JAX-WS/JAX-RS

Synthesis of the vulnerability

An attacker can generate a fatal error via JAX-WS/JAX-RS of Apache CXF, in order to trigger a denial of service.
Severity: 2/4.
Creation date: 09/03/2018.
Identifiers: 2013597, 7043863, 7048591, CVE-2017-12624, ibm10715641, ibm10738249, RHSA-2018:2423-01, RHSA-2018:2424-01, RHSA-2018:2425-01, VIGILANCE-VUL-25511.
Full Vigil@nce bulletin... (Free trial)

Description of the vulnerability

An attacker can generate a fatal error via JAX-WS/JAX-RS of Apache CXF, in order to trigger a denial of service.
Full Vigil@nce bulletin... (Free trial)
Our database contains other pages. You can request a free trial to read them.

Display information about Red Hat JBoss EAP: