The Vigil@nce team watches public vulnerabilities impacting your computers, and then offers security solutions, a database and tools to fix them.

Computer vulnerabilities of Red Hat JBoss EAP

vulnerability announce CVE-2018-1048

Red Hat JBoss Enterprise Application Platform: directory traversal

Synthesis of the vulnerability

An attacker can traverse directories of Red Hat JBoss Enterprise Application Platform, in order to read a file outside the service root path.
Impacted products: JBoss EAP by Red Hat.
Severity: 2/4.
Consequences: data reading.
Provenance: internet client.
Creation date: 25/01/2018.
Identifiers: 1534343, CVE-2018-1048, RHSA-2018:0478-01, RHSA-2018:0479-01, RHSA-2018:0480-01, RHSA-2018:0481-01, VIGILANCE-VUL-25152.

Description of the vulnerability

An attacker can traverse directories of Red Hat JBoss Enterprise Application Platform, in order to read a file outside the service root path.
Full Vigil@nce bulletin... (Free trial)

vulnerability alert CVE-2018-1047

WildFly: directory traversal

Synthesis of the vulnerability

An attacker can traverse directories of WildFly, in order to read a file outside the service root path.
Impacted products: JBoss EAP by Red Hat, WildFly.
Severity: 2/4.
Consequences: data reading.
Provenance: internet client.
Creation date: 25/01/2018.
Identifiers: CVE-2018-1047, RHSA-2018:1247-01, RHSA-2018:1248-01, RHSA-2018:1249-01, RHSA-2018:1251-01, VIGILANCE-VUL-25151, WFLY-9620.

Description of the vulnerability

An attacker can traverse directories of WildFly, in order to read a file outside the service root path.
Full Vigil@nce bulletin... (Free trial)

vulnerability announce CVE-2017-12189

Red Hat JBoss EAP: privilege escalation via Init Script File Handling

Synthesis of the vulnerability

An attacker can bypass restrictions via Init Script File Handling of Red Hat JBoss EAP, in order to escalate his privileges.
Impacted products: JBoss EAP by Red Hat.
Severity: 2/4.
Consequences: administrator access/rights, privileged access/rights.
Provenance: user shell.
Creation date: 03/01/2018.
Identifiers: CVE-2017-12189, RHSA-2018:0002-01, RHSA-2018:0003-01, RHSA-2018:0004-01, RHSA-2018:0005-01, VIGILANCE-VUL-24932.

Description of the vulnerability

An attacker can bypass restrictions via Init Script File Handling of Red Hat JBoss EAP, in order to escalate his privileges.
Full Vigil@nce bulletin... (Free trial)

vulnerability CVE-2017-12167

Red Hat JBoss EAP: information disclosure via Properties Files

Synthesis of the vulnerability

An attacker can bypass access restrictions to data via Properties Files of Red Hat JBoss EAP, in order to obtain sensitive information.
Impacted products: JBoss EAP by Red Hat.
Severity: 2/4.
Consequences: data reading.
Provenance: user shell.
Creation date: 14/12/2017.
Identifiers: CVE-2017-12167, RHSA-2017:3454-01, RHSA-2017:3455-01, RHSA-2017:3456-01, RHSA-2017:3458-01, RHSA-2018:0002-01, RHSA-2018:0003-01, RHSA-2018:0004-01, RHSA-2018:0005-01, VIGILANCE-VUL-24770.

Description of the vulnerability

An attacker can bypass access restrictions to data via Properties Files of Red Hat JBoss EAP, in order to obtain sensitive information.
Full Vigil@nce bulletin... (Free trial)

computer vulnerability note CVE-2017-12165

Undertow: HTTP header injection via Whitespace Parsing

Synthesis of the vulnerability

An attacker can inject HTTP headers in Undertow, in order to read or alter data.
Impacted products: JBoss EAP by Red Hat.
Severity: 2/4.
Consequences: data creation/edition.
Provenance: internet client.
Creation date: 14/12/2017.
Identifiers: CVE-2017-12165, RHSA-2017:3454-01, RHSA-2017:3455-01, RHSA-2017:3456-01, RHSA-2017:3458-01, RHSA-2018:0002-01, RHSA-2018:0003-01, RHSA-2018:0004-01, RHSA-2018:0005-01, RHSA-2018:1322-01, VIGILANCE-VUL-24769.

Description of the vulnerability

An attacker can inject HTTP headers in Undertow, in order to read or alter data.
Full Vigil@nce bulletin... (Free trial)

computer vulnerability bulletin CVE-2017-7559

Undertow: HTTP header injection

Synthesis of the vulnerability

An attacker can inject HTTP headers in Undertow, in order to read or alter data.
Impacted products: JBoss EAP by Red Hat.
Severity: 2/4.
Consequences: data creation/edition.
Provenance: internet client.
Creation date: 14/12/2017.
Identifiers: CVE-2017-7559, RHSA-2017:3454-01, RHSA-2017:3455-01, RHSA-2017:3456-01, RHSA-2017:3458-01, RHSA-2018:0002-01, RHSA-2018:0003-01, RHSA-2018:0004-01, RHSA-2018:0005-01, RHSA-2018:1322-01, VIGILANCE-VUL-24768.

Description of the vulnerability

An attacker can inject HTTP headers in Undertow, in order to read or alter data.
Full Vigil@nce bulletin... (Free trial)

vulnerability announce CVE-2017-17485 CVE-2017-7525 CVE-2018-5968

Apache Struts: code execution via com.fasterxml.jackson

Synthesis of the vulnerability

An attacker can use a vulnerability (VIGILANCE-VUL-23406) of com.fasterxml.jackson of Apache Struts, in order to run code.
Impacted products: Struts, Debian, Oracle Communications, Oracle Directory Services Plus, Oracle Fusion Middleware, Oracle GlassFish Server, Oracle Identity Management, Oracle Internet Directory, Tuxedo, Oracle Virtual Directory, WebLogic, Puppet, JBoss EAP by Red Hat.
Severity: 3/4.
Consequences: user access/rights.
Provenance: document.
Number of vulnerabilities in this bulletin: 3.
Creation date: 12/12/2017.
Identifiers: CERTFR-2017-AVI-470, cpuapr2018, cpuapr2019, cpujan2019, cpujul2018, cpuoct2018, CVE-2017-17485, CVE-2017-7525, CVE-2018-5968, DSA-4037-1, DSA-4114-1, ibm10715641, ibm10738249, RHSA-2017:3454-01, RHSA-2017:3455-01, RHSA-2017:3456-01, RHSA-2017:3458-01, RHSA-2018:0294-01, RHSA-2018:0478-01, RHSA-2018:0479-01, RHSA-2018:0480-01, RHSA-2018:0481-01, RHSA-2018:1447-01, RHSA-2018:1448-01, RHSA-2018:1449-01, RHSA-2018:1450-01, RHSA-2018:1451-01, RHSA-2018:2930-01, S2-055, VIGILANCE-VUL-24732.

Description of the vulnerability

An attacker can use a vulnerability (VIGILANCE-VUL-23406) of com.fasterxml.jackson of Apache Struts, in order to run code.
Full Vigil@nce bulletin... (Free trial)

computer vulnerability alert CVE-2017-15095 CVE-2017-17485

Jackson: code execution via Black List

Synthesis of the vulnerability

An attacker can use a vulnerability via Black List of Jackson, in order to run code.
Impacted products: Debian, Avamar, Fedora, Oracle Communications, Oracle DB, Oracle Fusion Middleware, Oracle GlassFish Server, Oracle Identity Management, Tuxedo, Oracle Virtual Directory, WebLogic, JBoss EAP by Red Hat.
Severity: 2/4.
Consequences: user access/rights.
Provenance: document.
Number of vulnerabilities in this bulletin: 2.
Creation date: 16/11/2017.
Identifiers: 519493, cpuapr2018, cpujan2019, cpujul2018, cpuoct2018, CVE-2017-15095, CVE-2017-17485, DSA-2018-048, DSA-4037-1, DSA-4114-1, FEDORA-2017-4a071ecbc7, FEDORA-2017-e16ed3f7a1, FEDORA-2018-bbf8c38b51, FEDORA-2018-e4b025841e, ibm10715641, ibm10738249, RHSA-2018:0478-01, RHSA-2018:0479-01, RHSA-2018:0480-01, RHSA-2018:0481-01, RHSA-2018:0576-01, RHSA-2018:0577-01, RHSA-2018:1447-01, RHSA-2018:1448-01, RHSA-2018:1449-01, RHSA-2018:1450-01, RHSA-2018:1451-01, RHSA-2018:2930-01, VIGILANCE-VUL-24456.

Description of the vulnerability

An attacker can use a vulnerability via Black List of Jackson, in order to run code.
Full Vigil@nce bulletin... (Free trial)

vulnerability alert CVE-2013-6440

OpenSAML: information disclosure via XML Entities

Synthesis of the vulnerability

An attacker can bypass access restrictions to data via XML Entities of OpenSAML, in order to obtain sensitive information.
Impacted products: WebSphere AS Liberty, RHEL, JBoss EAP by Red Hat.
Severity: 2/4.
Consequences: data reading.
Provenance: document.
Creation date: 15/11/2017.
Identifiers: 2010415, 2011863, CVE-2013-6440, RHSA-2014:0170-01, RHSA-2014:0171-01, RHSA-2014:0172-01, RHSA-2014:0195-01, RHSA-2014:0452-01, RHSA-2014:1290-01, RHSA-2014:1291-01, RHSA-2014:1995-01, VIGILANCE-VUL-24441.

Description of the vulnerability

An attacker can bypass access restrictions to data via XML Entities of OpenSAML, in order to obtain sensitive information.
Full Vigil@nce bulletin... (Free trial)

vulnerability note CVE-2017-12629

Apache Lucene: code execution via Solr

Synthesis of the vulnerability

An attacker can use a vulnerability via Solr of Apache Lucene, in order to run code.
Impacted products: Debian, Fedora, RHEL, JBoss EAP by Red Hat.
Severity: 2/4.
Consequences: user access/rights.
Provenance: document.
Creation date: 02/11/2017.
Identifiers: CVE-2017-12629, DLA-1254-1, DSA-4124-1, FEDORA-2017-005f8f7f7d, FEDORA-2017-0929e71b41, FEDORA-2017-195e7ea9a8, FEDORA-2017-c7bdf540b4, FEDORA-2017-f1535b86fa, RHSA-2017:3123-01, RHSA-2017:3124-01, RHSA-2017:3244-01, RHSA-2017:3451-01, RHSA-2017:3452-01, RHSA-2018:0002-01, RHSA-2018:0003-01, RHSA-2018:0004-01, RHSA-2018:0005-01, VIGILANCE-VUL-24304.

Description of the vulnerability

An attacker can use a vulnerability via Solr of Apache Lucene, in order to run code.
Full Vigil@nce bulletin... (Free trial)
Our database contains other pages. You can request a free trial to read them.

Display information about Red Hat JBoss EAP: