Page 2 of 20 results (0.026 seconds)

CVSS: 6.5EPSS: 0%CPEs: 5EXPL: 0

A vulnerability was found in Wildfly's Enterprise Java Beans (EJB) versions shipped with Red Hat JBoss EAP 7, where SessionOpenInvocations are never removed from the remote InvocationTracker after a response is received in the EJB Client, as well as the server. This flaw allows an attacker to craft a denial of service attack to make the service unavailable. Se encontró una vulnerabilidad en Wildfly's Enterprise Java Beans (EJB) versiones incluidas con Red Hat JBoss EAP 7, donde SessionOpenInvocations nunca es eliminada del InvocationTracker remoto después que una respuesta es recibida en el EJB Client, así como en el servidor. Este fallo permite a un atacante diseñar un ataque de denegación de servicio para hacer que el servicio no esté disponible A vulnerability was found in Wildfly's Enterprise Java Beans (EJB), where SessionOpenInvocations are never removed from the remote InvocationTracker after a response is received in the EJB Client, as well as the server. This flaw allows an attacker to craft a denial of service attack to make the service unavailable. • https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2020-14307 https://access.redhat.com/security/cve/CVE-2020-14307 https://bugzilla.redhat.com/show_bug.cgi?id=1851327 • CWE-404: Improper Resource Shutdown or Release •

CVSS: 8.1EPSS: 0%CPEs: 12EXPL: 0

A flaw was found in all undertow-2.x.x SP1 versions prior to undertow-2.0.30.SP1, all undertow-1.x.x and undertow-2.x.x versions prior to undertow-2.1.0.Final, where the Servlet container causes servletPath to normalize incorrectly by truncating the path after semicolon which may lead to an application mapping resulting in the security bypass. Se encontró un fallo en todas las versiones undertow-2.x.x SP1 anteriores a undertow-2.0.30.SP1, en todas las versiones undertow-1.x.x y versiones undertow-2.x.x anteriores a undertow-2.1.0.Final, donde el contenedor de servlets causa que servletPath se normalice incorrectamente al truncar la ruta después del punto y coma, lo que puede conllevar a un mapeo de la aplicación resultando en la omisión de la seguridad. A flaw was found in Undertow, where the servlet container causes the servletPath to normalize incorrectly by truncating the path after the semicolon. The flaw may lead to application mapping, resulting in a security bypass. • https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2020-1757 https://access.redhat.com/security/cve/CVE-2020-1757 https://bugzilla.redhat.com/show_bug.cgi?id=1752770 • CWE-20: Improper Input Validation CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •

CVSS: 7.5EPSS: 0%CPEs: 10EXPL: 0

A vulnerability was found in the Undertow HTTP server in versions before 2.0.28.SP1 when listening on HTTPS. An attacker can target the HTTPS port to carry out a Denial Of Service (DOS) to make the service unavailable on SSL. Se detectó una vulnerabilidad en el servidor HTTP Undertow en versiones anteriores a 2.0.28.SP1, al escuchar sobre HTTPS. Un atacante puede apuntar al puerto HTTPS para llevar a cabo una Denegación de Servicio (DOS) para hacer que el servicio no esté disponible en SSL. A vulnerability was found in the Undertow HTTP server listening on HTTPS. • https://access.redhat.com/errata/RHSA-2020:0729 https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-14888 https://security.netapp.com/advisory/ntap-20220211-0001 https://access.redhat.com/security/cve/CVE-2019-14888 https://bugzilla.redhat.com/show_bug.cgi?id=1772464 • CWE-400: Uncontrolled Resource Consumption •

CVSS: 5.3EPSS: 0%CPEs: 2EXPL: 0

It was found that the JMX endpoint of Red Hat JBoss Fuse 6, and Red Hat A-MQ 6 deserializes the credentials passed to it. An attacker could use this flaw to launch a denial of service attack. Se ha detectado que el endpoint JMX de Red Hat JBoss Fuse 6 y Red Hat A-MQ 6 deserializa las credenciales que se les pasa. Un atacante podría explotar este error para iniciar un ataque de denegación de servicio (DoS). • http://www.securityfocus.com/bid/94544 https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2016-8653 • CWE-502: Deserialization of Untrusted Data •

CVSS: 7.2EPSS: 0%CPEs: 2EXPL: 0

It was found that the Karaf container used by Red Hat JBoss Fuse 6.x, and Red Hat JBoss A-MQ 6.x, deserializes objects passed to MBeans via JMX operations. An attacker could use this flaw to execute remote code on the server as the user running the Java Virtual Machine if the target MBean contain deserialization gadgets in its classpath. Se ha detectado que el contenedor Karaf empleado por Red Hat JBoss Fuse 6.x y Red Hat JBoss A-MQ 6.x deserializa los objetos que se pasan a MBeans mediante operaciones JMX. Un atacante podría emplear este error para ejecutar código remoto en el servidor como el usuario que ejecuta la máquina virtual de Java si el MBean objetivo contiene gadgets de deserialización en su ruta de clase. • http://www.securityfocus.com/bid/94513 https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2016-8648 • CWE-502: Deserialization of Untrusted Data •