Redhat Jboss Enterprise Application Platform vulnerabilities

CVE-2020-1757 [HIGH] CWE-20 CVE-2020-1757: A flaw was found in all undertow-2.x.x SP1 versions prior to undertow-2.0.30.SP1, all undertow-1.x.x A flaw was found in all undertow-2.x.x SP1 versions prior to undertow-2.0.30.SP1, all undertow-1.x.x and undertow-2.x.x versions prior to undertow-2.1.0.Final, where the Servlet container causes servletPath to normalize incorrectly by truncating the path after semicolon which may lead to an application mapping resulting in the security bypass.

CVE-2019-14887 [CRITICAL] CWE-757 CVE-2019-14887: A flaw was found when an OpenSSL security provider is used with Wildfly, the 'enabled-protocols' val A flaw was found when an OpenSSL security provider is used with Wildfly, the 'enabled-protocols' value in the Wildfly configuration isn't honored. An attacker could target the traffic sent from Wildfly and downgrade the connection to a weaker version of TLS, potentially breaking the encryption. This could lead to a leak of the data being passed ov

CVE-2011-2487 [MEDIUM] CWE-327 CVE-2011-2487: The implementations of PKCS#1 v1.5 key transport mechanism for XMLEncryption in JBossWS and Apache W The implementations of PKCS#1 v1.5 key transport mechanism for XMLEncryption in JBossWS and Apache WSS4J before 1.6.5 is susceptible to a Bleichenbacher attack.

CVE-2019-14892 [CRITICAL] CWE-200 CVE-2019-14892: A flaw was discovered in jackson-databind in versions before 2.9.10, 2.8.11.5 and 2.6.7.3, where it A flaw was discovered in jackson-databind in versions before 2.9.10, 2.8.11.5 and 2.6.7.3, where it would permit polymorphic deserialization of a malicious object using commons-configuration 1 and 2 JNDI classes. An attacker could use this flaw to execute arbitrary code.

CVE-2019-20445 [CRITICAL] CWE-444 CVE-2019-20445: HttpObjectDecoder.java in Netty before 4.1.44 allows a Content-Length header to be accompanied by a HttpObjectDecoder.java in Netty before 4.1.44 allows a Content-Length header to be accompanied by a second Content-Length header, or by a Transfer-Encoding header.

CVE-2019-20444 [CRITICAL] CWE-444 CVE-2019-20444: HttpObjectDecoder.java in Netty before 4.1.44 allows an HTTP header that lacks a colon, which might HttpObjectDecoder.java in Netty before 4.1.44 allows an HTTP header that lacks a colon, which might be interpreted as a separate header with an incorrect syntax, or might be interpreted as an "invalid fold."

CVE-2020-7238 [HIGH] CVE-2020-7238: Netty 4.1.43.Final allows HTTP Request Smuggling because it mishandles Transfer-Encoding whitespace Netty 4.1.43.Final allows HTTP Request Smuggling because it mishandles Transfer-Encoding whitespace (such as a [space]Transfer-Encoding:chunked line) and a later Content-Length header. This issue exists because of an incomplete fix for CVE-2019-16869.

CVE-2019-14888 [HIGH] CWE-400 CVE-2019-14888: A vulnerability was found in the Undertow HTTP server in versions before 2.0.28.SP1 when listening o A vulnerability was found in the Undertow HTTP server in versions before 2.0.28.SP1 when listening on HTTPS. An attacker can target the HTTPS port to carry out a Denial Of Service (DOS) to make the service unavailable on SSL.

CVE-2012-5626 [HIGH] CVE-2012-5626: EJB method in Red Hat JBoss BRMS 5; Red Hat JBoss Enterprise Application Platform 5; Red Hat JBoss O EJB method in Red Hat JBoss BRMS 5; Red Hat JBoss Enterprise Application Platform 5; Red Hat JBoss Operations Network 3.1; Red Hat JBoss Portal 4 and 5; Red Hat JBoss SOA Platform 4.2, 4.3, and 5; in Red Hat JBoss Enterprise Web Server 1 ignores roles specified using the @RunAs annotation.

CVE-2019-14885 [MEDIUM] CWE-532 CVE-2019-14885: A flaw was found in the JBoss EAP Vault system in all versions before 7.2.6.GA. Confidential informa A flaw was found in the JBoss EAP Vault system in all versions before 7.2.6.GA. Confidential information of the system property's security attribute value is revealed in the JBoss EAP log file when executing a JBoss CLI 'reload' command. This flaw can lead to the exposure of confidential information.

CVE-2019-14820 [MEDIUM] CWE-200 CVE-2019-14820: It was found that keycloak before version 8.0.0 exposes internal adapter endpoints in org.keycloak.c It was found that keycloak before version 8.0.0 exposes internal adapter endpoints in org.keycloak.constants.AdapterConstants, which can be invoked via a specially-crafted URL. This vulnerability could allow an attacker to access unauthorized information.

CVE-2019-14843 [HIGH] CWE-592 CVE-2019-14843: A flaw was found in Wildfly Security Manager, running under JDK 11 or 8, that authorized requests fo A flaw was found in Wildfly Security Manager, running under JDK 11 or 8, that authorized requests for any requester. This flaw could be used by a malicious app deployed on the app server to access unauthorized information and possibly conduct further attacks. Versions shipped with Red Hat Jboss EAP 7 and Red Hat SSO 7 are vulnerable to this issue.

CVE-2014-0169 [MEDIUM] CWE-863 CVE-2014-0169: In JBoss EAP 6 a security domain is configured to use a cache that is shared between all application In JBoss EAP 6 a security domain is configured to use a cache that is shared between all applications that are in the security domain. This could allow an authenticated user in one application to access protected resources in another application without proper authorization. Although this is an intended functionality, it was not clearly documented whi

CVE-2012-2312 [HIGH] CWE-269 CVE-2012-2312: An Elevated Privileges issue exists in JBoss AS 7 Community Release due to the improper implementati An Elevated Privileges issue exists in JBoss AS 7 Community Release due to the improper implementation in the security context propagation, A threat gets reused from the thread pool that still retains the security context from the process last used, which lets a local user obtain elevated privileges.

CVE-2019-10174 [HIGH] CWE-470 CVE-2019-10174: A vulnerability was found in Infinispan such that the invokeAccessibly method from the public class A vulnerability was found in Infinispan such that the invokeAccessibly method from the public class ReflectionUtil allows any application class to invoke private methods in any class with Infinispan's privileges. The attacker can use reflection to introduce new, malicious behavior into the application.

CVE-2019-10172 [HIGH] CVE-2019-10172: A flaw was found in org.codehaus.jackson:jackson-mapper-asl:1.9.x libraries. XML external entity vul A flaw was found in org.codehaus.jackson:jackson-mapper-asl:1.9.x libraries. XML external entity vulnerabilities similar CVE-2016-3720 also affects codehaus jackson-mapper-asl libraries but in different classes.

CVE-2019-10219 [MEDIUM] CWE-79 CVE-2019-10219: A vulnerability was found in Hibernate-Validator. The SafeHtml validator annotation fails to properl A vulnerability was found in Hibernate-Validator. The SafeHtml validator annotation fails to properly sanitize payloads consisting of potentially malicious code in HTML comments and instructions. This vulnerability can result in an XSS attack.

CVE-2019-0210 [HIGH] CWE-125 CVE-2019-0210: In Apache Thrift 0.9.3 to 0.12.0, a server implemented in Go using TJSONProtocol or TSimpleJSONProto In Apache Thrift 0.9.3 to 0.12.0, a server implemented in Go using TJSONProtocol or TSimpleJSONProtocol may panic when feed with invalid input data.

CVE-2019-0205 [HIGH] CWE-835 CVE-2019-0205: In Apache Thrift all versions up to and including 0.12.0, a server or client may run into an endless In Apache Thrift all versions up to and including 0.12.0, a server or client may run into an endless loop when feed with specific input data. Because the issue had already been partially fixed in version 0.11.0, depending on the installed version it affects only certain language bindings.

CVE-2019-14838 [MEDIUM] CWE-284 CVE-2019-14838: A flaw was found in wildfly-core before 7.2.5.GA. The Management users with Monitor, Auditor and Dep A flaw was found in wildfly-core before 7.2.5.GA. The Management users with Monitor, Auditor and Deployer Roles should not be allowed to modify the runtime state of the server