CVEInsight.

Free vulnerability intelligence for developers, security teams, and researchers. Data sourced from public databases for informational purposes only.

Explore

Legal

CVE data sourced from NVD / NIST & public disclosures.

redhat

jboss_enterprise_application_platform_text-only_advisories

3 known vulnerabilities · sorted by CVSS score

CVE-2023-3223

HIGH7.5

A flaw was found in undertow. Servlets annotated with @MultipartConfig may cause an OutOfMemoryError due to large multipart content. This may allow unauthorized users to cause remote Denial of Service (DoS) attack. If the server uses fileSizeThreshold to limit the file size, it's possible to bypass the limit by setting the file name in the request to null.

redhat / undertow+10

Network

Published Sep 27, 2023

CVE-2020-7238

HIGH7.5

Netty 4.1.43.Final allows HTTP Request Smuggling because it mishandles Transfer-Encoding whitespace (such as a [space]Transfer-Encoding:chunked line) and a later Content-Length header. This issue exists because of an incomplete fix for CVE-2019-16869.

netty / netty+9

Network

Published Jan 27, 2020

CVE-2011-2487

MEDIUM5.9

The implementations of PKCS#1 v1.5 key transport mechanism for XMLEncryption in JBossWS and Apache WSS4J before 1.6.5 is susceptible to a Bleichenbacher attack.

apache / cxf+11

Network

Published Mar 11, 2020