cve,link,title,description,vendor,products,score,severity,epss,cisa,cisa_published,article,ransomware,exploited,exploited_date,poc,trended,trended_no_1,trended_no_1_date,published,trended_score
CVE-2024-6162,https://securityvulnerability.io/vulnerability/CVE-2024-6162,Undertow Ajp-Listener Vulnerability: URL-Encoded Request Path Information Can Be Broken,"A vulnerability in Undertow affects the processing of URL-encoded request paths on the AJP listener when handling concurrent requests. The issue stems from the sharing of a buffer used for decoding paths across multiple requests, which may result in the server misinterpreting the path, leading to errors like '404 Not Found' or other application failures. This flaw can hinder access to legitimate resources, potentially resulting in a denial of service. Organizations relying on Undertow for handling AJP traffic should assess their systems for exposure to this vulnerability.",Red Hat,"Eap 8.0.1,Red Hat Build Of Apache Camel 4.4.1 For Spring Boot,Red Hat Jboss Enterprise Application Platform Expansion Pack,Red Hat Build Of Apache Camel For Spring Boot,Red Hat Build Of Apache Camel - Hawtio,Red Hat Build Of Keycloak,Red Hat Data Grid 8,Red Hat Integration Camel K,Red Hat Jboss Data Grid 7,Red Hat Jboss Enterprise Application Platform 7,Red Hat Jboss Enterprise Application Platform 8,Red Hat Jboss Fuse 7,Red Hat Process Automation 7,Red Hat Single Sign-on 7",7.5,HIGH,0.0004400000034365803,false,,false,false,false,,,false,false,,2024-06-20T14:33:10.342Z,0
CVE-2023-5685,https://securityvulnerability.io/vulnerability/CVE-2023-5685,Stack Overflow Exception in XNIO NotifierState Could Lead to Denial of Service,"A flaw identified in the XNIO NotifierState component allows for a stack overflow exception due to an excessively large chain of notifier states. This vulnerability can lead to uncontrolled resource management, which may result in a denial of service (DoS) condition on systems utilizing the affected versions of XNIO. Administrators should take appropriate precautions to mitigate potential risks associated with this issue.",Red Hat,"Eap 7.4.14,Red Hat Build Of Apache Camel 4.4.0 For Spring Boot,Red Hat Jboss Enterprise Application Platform 7.1 Eus For Rhel 7,Red Hat Jboss Enterprise Application Platform 7.3 Eus For Rhel 7,Red Hat Jboss Enterprise Application Platform 7.4 For Rhel 8,Red Hat Jboss Enterprise Application Platform 7.4 For Rhel 9,Red Hat Jboss Enterprise Application Platform 7.4 On Rhel 7,Red Hat Build Of Apache Camel For Spring Boot 3,Red Hat Build Of Apache Camel - Hawtio,Red Hat Build Of Keycloak,Red Hat Data Grid 8,Red Hat Integration Camel K,Red Hat Jboss Data Grid 7,Red Hat Jboss Enterprise Application Platform 8,Red Hat Jboss Enterprise Application Platform Expansion Pack,Red Hat Jboss Fuse Service Works 6,Red Hat Process Automation 7,Red Hat Single Sign-on 7",7.5,HIGH,0.0004400000034365803,false,,false,false,false,,,false,false,,2024-03-22T18:24:42.696Z,0
CVE-2023-4503,https://securityvulnerability.io/vulnerability/CVE-2023-4503,Unsecured Server Provisioning Vulnerability in Galleon,"An improper initialization vulnerability was found in Galleon. When using Galleon to provision custom EAP or EAP-XP servers, the servers are created unsecured. This issue could allow an attacker to access remote HTTP services available from the server.",Red Hat,"Eap 7.4.14,Red Hat Jboss Enterprise Application Platform 7.4 For Rhel 8,Red Hat Jboss Enterprise Application Platform 7.4 For Rhel 9,Red Hat Jboss Enterprise Application Platform 7.4 On Rhel 7,Red Hat Jboss Enterprise Application Platform Expansion Pack",6.8,MEDIUM,0.0013800000306218863,false,,false,false,false,,,false,false,,2024-02-06T08:39:01.685Z,0
CVE-2023-3171,https://securityvulnerability.io/vulnerability/CVE-2023-3171,Heap exhaustion via deserialization,"A vulnerability exists in EAP-7 related to the deserialization of specific classes. This flaw can allow an attacker to create malicious requests that exploit these classes, leading to resource consumption issues. As a consequence, this could exhaust the heap memory, resulting in a Denial of Service condition where legitimate users are unable to access the application or service.",Red Hat,"eap,EAP 7.4.13,Red Hat JBoss Enterprise Application Platform 7.4 for RHEL 8,Red Hat JBoss Enterprise Application Platform 7.4 for RHEL 9,Red Hat JBoss Enterprise Application Platform 7.4 on RHEL 7",7.5,HIGH,0.0032399999909102917,false,,false,false,false,,,false,false,,2023-12-27T16:15:00.000Z,0
CVE-2023-4061,https://securityvulnerability.io/vulnerability/CVE-2023-4061,Wildfly-core: management user rbac permission allows unexpected reading of system-properties to an unauthorized actor,A flaw was found in wildfly-core. A management user could use the resolve-expression in the HAL Interface to read possible sensitive information from the Wildfly system. This issue could allow a malicious user to access the system and obtain possible sensitive information from the system.,Red Hat,"Eap 7.4.13,Red Hat Jboss Enterprise Application Platform 7.4 For Rhel 8,Red Hat Jboss Enterprise Application Platform 7.4 For Rhel 9,Red Hat Jboss Enterprise Application Platform 7.4 On Rhel 7,Red Hat Jboss Enterprise Application Platform 8",6.5,MEDIUM,0.001449999981559813,false,,false,false,false,,,false,false,,2023-11-08T01:15:00.000Z,0
CVE-2019-14885,https://securityvulnerability.io/vulnerability/CVE-2019-14885,Information Exposure in JBoss EAP by Red Hat,"A security flaw in the JBoss EAP Vault system allows for the inadvertent disclosure of sensitive system property security attribute values. When executing a JBoss CLI 'reload' command, confidential information is logged, potentially exposing it to unauthorized access. This issue exists in all versions prior to 7.2.6.GA, impacting the confidentiality of sensitive data within the JBoss EAP environment.",Red Hat,Jboss Eap,5.4,MEDIUM,0.000539999979082495,false,,false,false,false,,,false,false,,2020-01-23T00:00:00.000Z,0
CVE-2014-0169,https://securityvulnerability.io/vulnerability/CVE-2014-0169,Caching Vulnerability in JBoss EAP 6 Impacting Security Domain Configurations,"In JBoss EAP 6, a security domain is designed to use a shared cache among all applications within it. This configuration can inadvertently allow an authenticated user from one application to access protected resources in another application without the necessary authorization. While this behavior may be intentional, it lacks clear documentation, potentially leading to user misconceptions about the isolation of security domain caches across applications. Proper precautions and awareness are critical to mitigate this risk.",Red Hat,Jboss Eap,6.5,MEDIUM,0.0006399999838322401,false,,false,false,false,,,false,false,,2020-01-02T19:09:51.000Z,0
CVE-2018-1048,https://securityvulnerability.io/vulnerability/CVE-2018-1048,,"It was found that the AJP connector in undertow, as shipped in Jboss EAP 7.1.0.GA, does not use the ALLOW_ENCODED_SLASH option and thus allow the the slash / anti-slash characters encoded in the url which may lead to path traversal and result in the information disclosure of arbitrary local files.",Red Hat,Undertow As Shipped In Jboss Eap 7.1.0.ga,7.5,HIGH,0.0027799999807029963,false,,false,false,false,,,false,false,,2018-01-24T23:00:00.000Z,0