Redhat Jboss Enterprise Application Platform vulnerabilities

CVE-2019-3873 [CRITICAL] CWE-79 CVE-2019-3873: It was found that Picketlink as shipped with Jboss Enterprise Application Platform 7.2 would accept It was found that Picketlink as shipped with Jboss Enterprise Application Platform 7.2 would accept an xinclude parameter in SAMLresponse XML. An attacker could use this flaw to send a URL to achieve cross-site scripting or possibly conduct further attacks.

CVE-2019-3872 [MEDIUM] CWE-79 CVE-2019-3872: It was found that a SAMLRequest containing a script could be processed by Picketlink versions shippe It was found that a SAMLRequest containing a script could be processed by Picketlink versions shipped in Jboss Application Platform 7.2.x and 7.1.x. An attacker could use this to send a malicious script to achieve cross-site scripting and obtain unauthorized information or conduct further attacks.

CVE-2019-3894 [HIGH] CWE-358 CVE-2019-3894: It was discovered that the ElytronManagedThread in Wildfly's Elytron subsystem in versions from 11 t It was discovered that the ElytronManagedThread in Wildfly's Elytron subsystem in versions from 11 to 16 stores a SecurityIdentity to run the thread as. These threads do not necessarily terminate if the keep alive time has not expired. This could allow a shared thread to use the wrong security identity when executing.

CVE-2019-3805 [MEDIUM] CWE-364 CVE-2019-3805: A flaw was discovered in wildfly versions up to 16.0.0.Final that would allow local users who are ab A flaw was discovered in wildfly versions up to 16.0.0.Final that would allow local users who are able to execute init.d script to terminate arbitrary processes on the system. An attacker could exploit this by modifying the PID file in /var/run/jboss-eap/ allowing the init.d script to terminate any process as root.

CVE-2018-10934 [MEDIUM] CWE-79 CVE-2018-10934: A cross-site scripting (XSS) vulnerability was found in the JBoss Management Console versions before A cross-site scripting (XSS) vulnerability was found in the JBoss Management Console versions before 7.1.6.CR1, 7.1.6.GA. Users with roles that can create objects in the application can exploit this to attack other privileged users.

CVE-2018-12023 [HIGH] CWE-502 CVE-2018-12023: An issue was discovered in FasterXML jackson-databind prior to 2.7.9.4, 2.8.11.2, and 2.9.6. When De An issue was discovered in FasterXML jackson-databind prior to 2.7.9.4, 2.8.11.2, and 2.9.6. When Default Typing is enabled (either globally or for a specific property), the service has the Oracle JDBC jar in the classpath, and an attacker can provide an LDAP service to access, it is possible to make the service execute a malicious payload.

CVE-2018-12022 [HIGH] CWE-502 CVE-2018-12022: An issue was discovered in FasterXML jackson-databind prior to 2.7.9.4, 2.8.11.2, and 2.9.6. When De An issue was discovered in FasterXML jackson-databind prior to 2.7.9.4, 2.8.11.2, and 2.9.6. When Default Typing is enabled (either globally or for a specific property), the service has the Jodd-db jar (for database access for the Jodd framework) in the classpath, and an attacker can provide an LDAP service to access, it is possible to make the servic

CVE-2018-14720 [CRITICAL] CWE-502 CVE-2018-14720: FasterXML jackson-databind 2.x before 2.9.7 might allow attackers to conduct external XML entity (XX FasterXML jackson-databind 2.x before 2.9.7 might allow attackers to conduct external XML entity (XXE) attacks by leveraging failure to block unspecified JDK classes from polymorphic deserialization.

CVE-2018-14721 [CRITICAL] CWE-918 CVE-2018-14721: FasterXML jackson-databind 2.x before 2.9.7 might allow remote attackers to conduct server-side requ FasterXML jackson-databind 2.x before 2.9.7 might allow remote attackers to conduct server-side request forgery (SSRF) attacks by leveraging failure to block the axis2-jaxws class from polymorphic deserialization.

CVE-2018-14642 [MEDIUM] CWE-200 CVE-2018-14642: An information leak vulnerability was found in Undertow. If all headers are not written out in the f An information leak vulnerability was found in Undertow. If all headers are not written out in the first write() call then the code that handles flushing the buffer will always write out the full contents of the writevBuffer buffer, which may contain data from previous requests.

CVE-2016-7066 [HIGH] CWE-266 CVE-2016-7066: It was found that the improper default permissions on /tmp/auth directory in JBoss Enterprise Applic It was found that the improper default permissions on /tmp/auth directory in JBoss Enterprise Application Platform before 7.1.0 can allow any local user to connect to CLI and allow the user to execute any arbitrary operations.

CVE-2016-7061 [MEDIUM] CWE-200 CVE-2016-7061: An information disclosure vulnerability was found in JBoss Enterprise Application Platform before 7. An information disclosure vulnerability was found in JBoss Enterprise Application Platform before 7.0.4. It was discovered that when configuring RBAC and marking information as sensitive, users with a Monitor role are able to view the sensitive information.

CVE-2018-1000632 [HIGH] CWE-91 CVE-2018-1000632: dom4j version prior to version 2.1.1 contains a CWE-91: XML Injection vulnerability in Class: Elemen dom4j version prior to version 2.1.1 contains a CWE-91: XML Injection vulnerability in Class: Element. Methods: addElement, addAttribute that can result in an attacker tampering with XML documents through XML injection. This attack appear to be exploitable via an attacker specifying attributes or elements in the XML document. This vulnerability app

CVE-2018-1336 [HIGH] CWE-835 CVE-2018-1336: An improper handing of overflow in the UTF-8 decoder with supplementary characters can lead to an in An improper handing of overflow in the UTF-8 decoder with supplementary characters can lead to an infinite loop in the decoder causing a Denial of Service. Versions Affected: Apache Tomcat 9.0.0.M9 to 9.0.7, 8.5.0 to 8.5.30, 8.0.0.RC1 to 8.0.51, and 7.0.28 to 7.0.86.

CVE-2016-8657 [HIGH] CWE-264 CVE-2016-8657: It was discovered that EAP packages in certain versions of Red Hat Enterprise Linux use incorrect pe It was discovered that EAP packages in certain versions of Red Hat Enterprise Linux use incorrect permissions for /etc/sysconfig/jbossas configuration files. The file is writable to jboss group (root:jboss, 664). On systems using classic /etc/init.d init scripts (i.e. on Red Hat Enterprise Linux 6 and earlier), the file is sourced by the jboss init scri

CVE-2017-7464 [CRITICAL] CWE-611 CVE-2017-7464: It was found that the JAXP implementation used in JBoss EAP 7.0 for SAX and DOM parsing is vulnerabl It was found that the JAXP implementation used in JBoss EAP 7.0 for SAX and DOM parsing is vulnerable to certain XXE flaws. An attacker could use this flaw to cause DoS, SSRF, or information disclosure if they are able to provide XML content for parsing.

CVE-2017-2670 [HIGH] CWE-835 CVE-2017-2670: It was found in Undertow before 1.3.28 that with non-clean TCP close, the Websocket server gets into It was found in Undertow before 1.3.28 that with non-clean TCP close, the Websocket server gets into infinite loop on every IO thread, effectively causing DoS.

CVE-2017-12165 [HIGH] CWE-444 CVE-2017-12165: It was discovered that Undertow before 1.4.17, 1.3.31 and 2.0.0 processes http request headers with It was discovered that Undertow before 1.4.17, 1.3.31 and 2.0.0 processes http request headers with unusual whitespaces which can cause possible http request smuggling.

CVE-2018-10862 [MEDIUM] CWE-22 CVE-2018-10862: WildFly Core before version 6.0.0.Alpha3 does not properly validate file paths in .war archives, all WildFly Core before version 6.0.0.Alpha3 does not properly validate file paths in .war archives, allowing for the extraction of crafted .war archives to overwrite arbitrary files. This is an instance of the 'Zip Slip' vulnerability.

CVE-2017-2595 [MEDIUM] CWE-22 CVE-2017-2595: It was found that the log file viewer in Red Hat JBoss Enterprise Application 6 and 7 allows arbitra It was found that the log file viewer in Red Hat JBoss Enterprise Application 6 and 7 allows arbitrary file read to authenticated user via path traversal.