Vulnerabilities (CVE)

Filtered by vendor Redhat Subscribe
Filtered by product Jboss Enterprise Application Platform Text-only Advisories
Total 3 CVE
CVE Vendors Products Updated CVSS v2 CVSS v3
CVE-2023-3223 1 Redhat 8 Enterprise Linux, Jboss Enterprise Application Platform, Jboss Enterprise Application Platform Text-only Advisories and 5 more 2024-11-21 N/A 7.5 HIGH
A flaw was found in undertow. Servlets annotated with @MultipartConfig may cause an OutOfMemoryError due to large multipart content. This may allow unauthorized users to cause remote Denial of Service (DoS) attack. If the server uses fileSizeThreshold to limit the file size, it's possible to bypass the limit by setting the file name in the request to null.
CVE-2020-7238 4 Debian, Fedoraproject, Netty and 1 more 6 Debian Linux, Fedora, Netty and 3 more 2024-11-21 5.0 MEDIUM 7.5 HIGH
Netty 4.1.43.Final allows HTTP Request Smuggling because it mishandles Transfer-Encoding whitespace (such as a [space]Transfer-Encoding:chunked line) and a later Content-Length header. This issue exists because of an incomplete fix for CVE-2019-16869.
CVE-2011-2487 2 Apache, Redhat 10 Cxf, Wss4j, Jboss Business Rules Management System and 7 more 2024-11-21 4.3 MEDIUM 5.9 MEDIUM
The implementations of PKCS#1 v1.5 key transport mechanism for XMLEncryption in JBossWS and Apache WSS4J before 1.6.5 is susceptible to a Bleichenbacher attack.