Redhat Jboss Enterprise Application Platform vulnerabilities

CVE-2023-3628 [MEDIUM] CWE-304 CVE-2023-3628: A flaw was found in Infinispan's REST. Bulk read endpoints do not properly evaluate user permissions A flaw was found in Infinispan's REST. Bulk read endpoints do not properly evaluate user permissions for the operation. This issue could allow an authenticated user to access information outside of their intended permissions.

CVE-2023-48795 [MEDIUM] CWE-354 CVE-2023-48795: The SSH transport protocol with certain OpenSSH extensions, found in OpenSSH before 9.6 and other pr The SSH transport protocol with certain OpenSSH extensions, found in OpenSSH before 9.6 and other products, allows remote attackers to bypass integrity checks such that some packets are omitted (from the extension negotiation message), and a client and server may consequently end up with a connection for which some security features have been downgr

CVE-2023-5379 [HIGH] CWE-770 CVE-2023-5379: A flaw was found in Undertow. When an AJP request is sent that exceeds the max-header-size attribute A flaw was found in Undertow. When an AJP request is sent that exceeds the max-header-size attribute in ajp-listener, JBoss EAP is marked in an error state by mod_cluster in httpd, causing JBoss EAP to close the TCP connection without returning an AJP response. This happens because mod_proxy_cluster marks the JBoss EAP instance as an error worker when t

CVE-2023-4061 [MEDIUM] CWE-200 CVE-2023-4061: A flaw was found in wildfly-core. A management user could use the resolve-expression in the HAL Inte A flaw was found in wildfly-core. A management user could use the resolve-expression in the HAL Interface to read possible sensitive information from the Wildfly system. This issue could allow a malicious user to access the system and obtain possible sensitive information from the system.

CVE-2023-44487 [HIGH] CWE-400 CVE-2023-44487: The HTTP/2 protocol allows a denial of service (server resource consumption) because request cancell The HTTP/2 protocol allows a denial of service (server resource consumption) because request cancellation can reset many streams quickly, as exploited in the wild in August through October 2023.

CVE-2023-3223 [HIGH] CWE-789 CVE-2023-3223: A flaw was found in undertow. Servlets annotated with @MultipartConfig may cause an OutOfMemoryError A flaw was found in undertow. Servlets annotated with @MultipartConfig may cause an OutOfMemoryError due to large multipart content. This may allow unauthorized users to cause remote Denial of Service (DoS) attack. If the server uses fileSizeThreshold to limit the file size, it's possible to bypass the limit by setting the file name in the request to nu

CVE-2023-1108 [HIGH] CWE-835 CVE-2023-1108: A flaw was found in undertow. This issue makes achieving a denial of service possible due to an unex A flaw was found in undertow. This issue makes achieving a denial of service possible due to an unexpected handshake status updated in SslConduit, where the loop never terminates.

CVE-2022-4492 [HIGH] CWE-918 CVE-2022-4492: The undertow client is not checking the server identity presented by the server certificate in https The undertow client is not checking the server identity presented by the server certificate in https connections. This is a compulsory step (at least it should be performed by default) in https and in http/2. I would add it to any TLS client protocol.

CVE-2022-3143 [HIGH] CWE-203 CVE-2022-3143: wildfly-elytron: possible timing attacks via use of unsafe comparator. A flaw was found in Wildfly-e wildfly-elytron: possible timing attacks via use of unsafe comparator. A flaw was found in Wildfly-elytron. Wildfly-elytron uses java.util.Arrays.equals in several places, which is unsafe and vulnerable to timing attacks. To compare values securely, use java.security.MessageDigest.isEqual instead. This flaw allows an attacker to access secure informatio

CVE-2022-2764 [MEDIUM] CWE-400 CVE-2022-2764: A flaw was found in Undertow. Denial of service can be achieved as Undertow server waits for the LAS A flaw was found in Undertow. Denial of service can be achieved as Undertow server waits for the LAST_CHUNK forever for EJB invocations.

CVE-2022-1259 [HIGH] CVE-2022-1259: A flaw was found in Undertow. A potential security issue in flow control handling by the browser ove A flaw was found in Undertow. A potential security issue in flow control handling by the browser over HTTP/2 may cause overhead or a denial of service in the server. This flaw exists because of an incomplete fix for CVE-2021-3629.

CVE-2021-3859 [HIGH] CWE-214 CVE-2021-3859: A flaw was found in Undertow that tripped the client-side invocation timeout with certain calls made A flaw was found in Undertow that tripped the client-side invocation timeout with certain calls made over HTTP2. This flaw allows an attacker to carry out denial of service attacks.

CVE-2021-3690 [HIGH] CWE-400 CVE-2021-3690: A flaw was found in Undertow. A buffer leak on the incoming WebSocket PONG message may lead to memor A flaw was found in Undertow. A buffer leak on the incoming WebSocket PONG message may lead to memory exhaustion. This flaw allows an attacker to cause a denial of service. The highest threat from this vulnerability is availability.

CVE-2021-3717 [HIGH] CWE-552 CVE-2021-3717: A flaw was found in Wildfly. An incorrect JBOSS_LOCAL_USER challenge location when using the elytron A flaw was found in Wildfly. An incorrect JBOSS_LOCAL_USER challenge location when using the elytron configuration may lead to JBOSS_LOCAL_USER access to all users on the machine. The highest threat from this vulnerability is to confidentiality, integrity, and availability. This flaw affects wildfly-core versions prior to 17.0.

CVE-2021-3629 [MEDIUM] CWE-400 CVE-2021-3629: A flaw was found in Undertow. A potential security issue in flow control handling by the browser ove A flaw was found in Undertow. A potential security issue in flow control handling by the browser over http/2 may potentially cause overhead or a denial of service in the server. The highest threat from this vulnerability is availability. This flaw affects Undertow versions prior to 2.0.40.Final and prior to 2.2.11.Final.

CVE-2021-3597 [MEDIUM] CWE-362 CVE-2021-3597: A flaw was found in undertow. The HTTP2SourceChannel fails to write the final frame under some circu A flaw was found in undertow. The HTTP2SourceChannel fails to write the final frame under some circumstances, resulting in a denial of service. The highest threat from this vulnerability is availability. This flaw affects Undertow versions prior to 2.0.35.SP1, prior to 2.2.6.SP1, prior to 2.2.7.SP1, prior to 2.0.36.SP1, prior to 2.2.9.Final and prior

CVE-2022-0866 [MEDIUM] CWE-863 CVE-2022-0866: This is a concurrency issue that can result in the wrong caller principal being returned from the se This is a concurrency issue that can result in the wrong caller principal being returned from the session context of an EJB that is configured with a RunAs principal. In particular, the org.jboss.as.ejb3.component.EJBComponent class has an incomingRunAsIdentity field. This field is used by the org.jboss.as.ejb3.security.RunAsPrincipalInterceptor to ke

CVE-2022-0853 [HIGH] CWE-401 CVE-2022-0853: A flaw was found in JBoss-client. The vulnerability occurs due to a memory leak on the JBoss client- A flaw was found in JBoss-client. The vulnerability occurs due to a memory leak on the JBoss client-side, when using UserTransaction repeatedly and leads to information leakage vulnerability.

CVE-2021-20318 [HIGH] CVE-2021-20318: The HornetQ component of Artemis in EAP 7 was not updated with the fix for CVE-2016-4978. A remote a The HornetQ component of Artemis in EAP 7 was not updated with the fix for CVE-2016-4978. A remote attacker could use this flaw to execute arbitrary code with the permissions of the application using a JMS ObjectMessage.

CVE-2021-4104 [HIGH] CWE-502 CVE-2021-4104: JMSAppender in Log4j 1.2 is vulnerable to deserialization of untrusted data when the attacker has wr JMSAppender in Log4j 1.2 is vulnerable to deserialization of untrusted data when the attacker has write access to the Log4j configuration. The attacker can provide TopicBindingName and TopicConnectionFactoryBindingName configurations causing JMSAppender to perform JNDI requests that result in remote code execution in a similar fashion to CVE-2021-44228.