The Vigil@nce team watches public vulnerabilities impacting your computers, and then offers security solutions, a vigilance database and tools to fix them.

Computer vulnerabilities of Red Hat JBoss Enterprise Application Platform

Red Hat JBoss EAP: external XML entity injection via JAXP
An attacker can transmit malicious XML data via JAXP to Red Hat JBoss EAP, in order to read a file, scan sites, or trigger a denial of service...
1439520, CVE-2017-7464, VIGILANCE-VUL-26869
WildFly: directory traversal
An attacker can traverse directories of WildFly, in order to create a file outside the service root path. This vulnerability is a member of the Zip Slip family (VIGILANCE-VUL-26357)...
1593527, CVE-2018-10862, RHSA-2018:2276-01, RHSA-2018:2277-01, RHSA-2018:2423-01, RHSA-2018:2424-01, RHSA-2018:2425-01, VIGILANCE-VUL-26853, WFCORE-3938
Apache CXF: Man-in-the-Middle via com.sun.net.ssl
An attacker can act as a Man-in-the-Middle via com.sun.net.ssl on Apache CXF, in order to read or write data in the session...
cpuapr2020, cpujul2019, CVE-2018-8039, ibm10720065, ibm10734899, RHSA-2018:2276-01, RHSA-2018:2277-01, RHSA-2018:2423-01, RHSA-2018:2424-01, RHSA-2018:2425-01, RHSA-2018:3817-01, VIGILANCE-VUL-26852
Apache Tomcat: Man-in-the-Middle via WebSocket Client
An attacker can act as a Man-in-the-Middle via WebSocket Client on Apache Tomcat, in order to read or write data in the session...
CERTFR-2018-AVI-584, cpuoct2019, CVE-2018-8034, DLA-1453-1, DLA-1491-1, DSA-4281-1, FEDORA-2018-b1832101b8, HPESBUX04015, ibm10742719, openSUSE-SU-2018:2740-1, openSUSE-SU-2018:3054-1, RHSA-2019:0130-01, RHSA-2019:0131-01, RHSA-2019:0450-01, RHSA-2019:0451-01, RHSA-2019:1159-01, RHSA-2019:1160-01, RHSA-2019:1161-01, RHSA-2019:1162-01, RHSA-2019:1529-01, RHSA-2019:2205-01, SUSE-SU-2018:2699-1, SUSE-SU-2018:3011-2, SUSE-SU-2018:3261-1, SUSE-SU-2018:3388-1, SYMSA1463, USN-3723-1, VIGILANCE-VUL-26817
Apache Tomcat: infinite loop via UTF-8 Decoder
An attacker can generate an infinite loop via UTF-8 Decoder of Apache Tomcat, in order to trigger a denial of service...
CERTFR-2018-AVI-356, CVE-2018-1336, DLA-1491-1, DSA-4281-1, HPESBUX04015, JSA10993, K73008537, openSUSE-SU-2018:2740-1, openSUSE-SU-2018:3054-1, RHSA-2018:2700-01, RHSA-2018:2701-01, RHSA-2018:2740-01, RHSA-2018:2741-01, RHSA-2018:2742-01, RHSA-2018:2743-01, RHSA-2018:2921-01, RHSA-2018:2930-01, SUSE-SU-2018:2699-1, SUSE-SU-2018:3011-2, SUSE-SU-2018:3261-1, SUSE-SU-2018:3388-1, SYMSA1463, USN-3723-1, VIGILANCE-VUL-26815
Red Hat JBoss EAP: code execution via XSL JAXP
An attacker can use a vulnerability via XSL JAXP of Red Hat JBoss EAP, in order to run code...
1439980, CVE-2017-7465, VIGILANCE-VUL-26578
Bouncy Castle: vulnerability via RSA Digital Signature Prime Generation
A vulnerability via RSA Digital Signature Prime Generation of Bouncy Castle was announced...
6356449, CERTFR-2019-AVI-325, cpuapr2019, cpuapr2020, cpuapr2021, cpujan2019, cpujul2019, CVE-2018-1000180, DSA-4233-1, FEDORA-2018-ceced55c5e, FEDORA-2018-da9fe79871, JSA10939, JSA11023, openSUSE-SU-2018:2820-1, RHSA-2018:2423-01, RHSA-2018:2424-01, RHSA-2018:2425-01, RHSA-2018:2669-01, VIGILANCE-VUL-26323
Red Hat JBoss EAP: code execution via ReadOnlyAccessFilter
An attacker can use a vulnerability via ReadOnlyAccessFilter of Red Hat JBoss EAP, in order to run code...
1486220, CVE-2017-12149, RHSA-2018:1607-01, RHSA-2018:1608-01, VIGILANCE-VUL-26162
jackson-databind: code execution via Deserializing
An attacker can use a vulnerability via Deserializing of jackson-databind, in order to run code...
5048, 521680, 521682, 527583, cpuapr2019, cpujan2019, cpujul2018, cpuoct2018, CVE-2018-7489, DSA-2018-096, DSA-2018-102, DSA-2018-207, DSA-4190-1, KB0085481, RHSA-2018:1447-01, RHSA-2018:1448-01, RHSA-2018:1449-01, RHSA-2018:1450-01, RHSA-2018:1451-01, RHSA-2018:2088-01, RHSA-2018:2089-01, RHSA-2018:2090-01, VIGILANCE-VUL-26043
Undertow: HTTP header injection
An attacker can inject HTTP headers in Undertow, in order to read or alter data...
CVE-2018-1067, RHSA-2018:1247-01, RHSA-2018:1248-01, RHSA-2018:1249-01, RHSA-2018:1251-01, VIGILANCE-VUL-25990
Our database contains other pages. You can request a free trial to read them.

Display information about Red Hat JBoss Enterprise Application Platform: