cve,link,title,description,vendor,products,score,severity,epss,cisa,article,ransomware,exploited,poc,trended,trended_no_1,published,trended_score
CVE-2024-6162,https://securityvulnerability.io/vulnerability/CVE-2024-6162,Undertow Ajp-Listener Vulnerability: URL-Encoded Request Path Information Can Be Broken,"A vulnerability in Undertow affects the processing of URL-encoded request paths on the AJP listener when handling concurrent requests. The issue stems from the sharing of a buffer used for decoding paths across multiple requests, which may result in the server misinterpreting the path, leading to errors like '404 Not Found' or other application failures. This flaw can hinder access to legitimate resources, potentially resulting in a denial of service. Organizations relying on Undertow for handling AJP traffic should assess their systems for exposure to this vulnerability.",Red Hat,"Eap 8.0.1,Red Hat Build Of Apache Camel 4.4.1 For Spring Boot,Red Hat Jboss Enterprise Application Platform Expansion Pack,Red Hat Build Of Apache Camel For Spring Boot,Red Hat Build Of Apache Camel - Hawtio,Red Hat Build Of Keycloak,Red Hat Data Grid 8,Red Hat Integration Camel K,Red Hat Jboss Data Grid 7,Red Hat Jboss Enterprise Application Platform 7,Red Hat Jboss Enterprise Application Platform 8,Red Hat Jboss Fuse 7,Red Hat Process Automation 7,Red Hat Single Sign-on 7",7.5,HIGH,0.0004400000034365803,false,false,false,false,,false,false,2024-06-20T14:33:10.342Z,0
CVE-2023-5685,https://securityvulnerability.io/vulnerability/CVE-2023-5685,Stack Overflow Exception in XNIO NotifierState Could Lead to Denial of Service,"A flaw identified in the XNIO NotifierState component allows for a stack overflow exception due to an excessively large chain of notifier states. This vulnerability can lead to uncontrolled resource management, which may result in a denial of service (DoS) condition on systems utilizing the affected versions of XNIO. Administrators should take appropriate precautions to mitigate potential risks associated with this issue.",Red Hat,"Eap 7.4.14,Red Hat Build Of Apache Camel 4.4.0 For Spring Boot,Red Hat Jboss Enterprise Application Platform 7.1 Eus For Rhel 7,Red Hat Jboss Enterprise Application Platform 7.3 Eus For Rhel 7,Red Hat Jboss Enterprise Application Platform 7.4 For Rhel 8,Red Hat Jboss Enterprise Application Platform 7.4 For Rhel 9,Red Hat Jboss Enterprise Application Platform 7.4 On Rhel 7,Red Hat Build Of Apache Camel For Spring Boot 3,Red Hat Build Of Apache Camel - Hawtio,Red Hat Build Of Keycloak,Red Hat Data Grid 8,Red Hat Integration Camel K,Red Hat Jboss Data Grid 7,Red Hat Jboss Enterprise Application Platform 8,Red Hat Jboss Enterprise Application Platform Expansion Pack,Red Hat Jboss Fuse Service Works 6,Red Hat Process Automation 7,Red Hat Single Sign-on 7",7.5,HIGH,0.0004400000034365803,false,false,false,false,,false,false,2024-03-22T18:24:42.696Z,0
CVE-2023-4503,https://securityvulnerability.io/vulnerability/CVE-2023-4503,Unsecured Server Provisioning Vulnerability in Galleon,"An improper initialization vulnerability was found in Galleon. When using Galleon to provision custom EAP or EAP-XP servers, the servers are created unsecured. This issue could allow an attacker to access remote HTTP services available from the server.",Red Hat,"Eap 7.4.14,Red Hat Jboss Enterprise Application Platform 7.4 For Rhel 8,Red Hat Jboss Enterprise Application Platform 7.4 For Rhel 9,Red Hat Jboss Enterprise Application Platform 7.4 On Rhel 7,Red Hat Jboss Enterprise Application Platform Expansion Pack",6.8,MEDIUM,0.0008099999977275729,false,false,false,false,,false,false,2024-02-06T08:39:01.685Z,0
CVE-2023-3171,https://securityvulnerability.io/vulnerability/CVE-2023-3171,Heap exhaustion via deserialization,"A vulnerability exists in EAP-7 related to the deserialization of specific classes. This flaw can allow an attacker to create malicious requests that exploit these classes, leading to resource consumption issues. As a consequence, this could exhaust the heap memory, resulting in a Denial of Service condition where legitimate users are unable to access the application or service.",Red Hat,"eap,EAP 7.4.13,Red Hat JBoss Enterprise Application Platform 7.4 for RHEL 8,Red Hat JBoss Enterprise Application Platform 7.4 for RHEL 9,Red Hat JBoss Enterprise Application Platform 7.4 on RHEL 7",7.5,HIGH,0.00215000007301569,false,false,false,false,,false,false,2023-12-27T16:15:00.000Z,0
CVE-2023-4061,https://securityvulnerability.io/vulnerability/CVE-2023-4061,Wildfly-core: management user rbac permission allows unexpected reading of system-properties to an unauthorized actor,A flaw was found in wildfly-core. A management user could use the resolve-expression in the HAL Interface to read possible sensitive information from the Wildfly system. This issue could allow a malicious user to access the system and obtain possible sensitive information from the system.,Red Hat,"Eap 7.4.13,Red Hat Jboss Enterprise Application Platform 7.4 For Rhel 8,Red Hat Jboss Enterprise Application Platform 7.4 For Rhel 9,Red Hat Jboss Enterprise Application Platform 7.4 On Rhel 7,Red Hat Jboss Enterprise Application Platform 8",6.5,MEDIUM,0.0013699999544769526,false,false,false,false,,false,false,2023-11-08T01:15:00.000Z,0
CVE-2019-14885,https://securityvulnerability.io/vulnerability/CVE-2019-14885,,A flaw was found in the JBoss EAP Vault system in all versions before 7.2.6.GA. Confidential information of the system property's security attribute value is revealed in the JBoss EAP log file when executing a JBoss CLI 'reload' command. This flaw can lead to the exposure of confidential information.,Red Hat,Jboss Eap,5.4,MEDIUM,0.000539999979082495,false,false,false,false,,false,false,2020-01-23T00:00:00.000Z,0
CVE-2014-0169,https://securityvulnerability.io/vulnerability/CVE-2014-0169,,"In JBoss EAP 6 a security domain is configured to use a cache that is shared between all applications that are in the security domain. This could allow an authenticated user in one application to access protected resources in another application without proper authorization. Although this is an intended functionality, it was not clearly documented which can mislead users into thinking that a security domain cache is isolated to a single application.",Red Hat,Jboss Eap,6.5,MEDIUM,0.0006399999838322401,false,false,false,false,,false,false,2020-01-02T19:09:51.000Z,0
CVE-2016-7061,https://securityvulnerability.io/vulnerability/CVE-2016-7061,,"An information disclosure vulnerability was found in JBoss Enterprise Application Platform before 7.0.4. It was discovered that when configuring RBAC and marking information as sensitive, users with a Monitor role are able to view the sensitive information.",Red Hat,Eap,3.5,LOW,0.001970000099390745,false,false,false,false,,false,false,2018-09-10T16:00:00.000Z,0
CVE-2017-12167,https://securityvulnerability.io/vulnerability/CVE-2017-12167,,It was found in EAP 7 before 7.0.9 that properties based files of the management and the application realm configuration that contain user to role mapping are world readable allowing access to users and roles information to all the users logged in to the system.,Red Hat,Eap-7,5.5,MEDIUM,0.0006200000061653554,false,false,false,false,,false,false,2018-07-26T17:00:00.000Z,0
CVE-2016-9585,https://securityvulnerability.io/vulnerability/CVE-2016-9585,,Red Hat JBoss EAP version 5 is vulnerable to a deserialization of untrusted data in the JMX endpoint when deserializes the credentials passed to it. An attacker could exploit this vulnerability resulting in a denial of service attack.,Red Hat,Eap-5,5.3,MEDIUM,0.0013099999632686377,false,false,false,false,,false,false,2018-03-09T15:00:00.000Z,0
CVE-2018-1048,https://securityvulnerability.io/vulnerability/CVE-2018-1048,,"It was found that the AJP connector in undertow, as shipped in Jboss EAP 7.1.0.GA, does not use the ALLOW_ENCODED_SLASH option and thus allow the the slash / anti-slash characters encoded in the url which may lead to path traversal and result in the information disclosure of arbitrary local files.",Red Hat,Undertow As Shipped In Jboss Eap 7.1.0.ga,7.5,HIGH,0.0027799999807029963,false,false,false,false,,false,false,2018-01-24T23:00:00.000Z,0