CVE-2023-1108

all versions

A flaw was found in undertow. This issue makes achieving a denial of service possible due to an unexpected handshake status update

7.5HIGH

CVE-2022-1319

all versions

A flaw was found in Undertow. For an AJP 400 response, EAP 7 is improperly sending two response packets, and those packets have th

7.5HIGH

CVE-2022-1259

all versions

A flaw was found in Undertow. A potential security issue in flow control handling by the browser over HTTP/2 may cause overhead or

7.5HIGH

CVE-2021-3914

all versions

It was found that the smallrye health metrics UI component did not properly sanitize some user inputs. An attacker could use this

6.1MEDIUM

CVE-2021-4178

all versions

A arbitrary code execution flaw was found in the Fabric 8 Kubernetes client affecting versions 5.0.0-beta-1 and above. Due to an i

6.7MEDIUM

CVE-2021-3690

all versions

A flaw was found in Undertow. A buffer leak on the incoming WebSocket PONG message may lead to memory exhaustion. This flaw allows

7.5HIGH

CVE-2021-3597

all versions

A flaw was found in undertow. The HTTP2SourceChannel fails to write the final frame under some circumstances, resulting in a denia

5.9MEDIUM

CVE-2021-4104

all versions

JMSAppender in Log4j 1.2 is vulnerable to deserialization of untrusted data when the attacker has write access to the Log4j config

7.5HIGH

CVE-2021-3642

all versions

A flaw was found in Wildfly Elytron in versions prior to 1.10.14.Final, prior to 1.15.5.Final and prior to 1.16.1.Final where Scra

5.3MEDIUM

CVE-2020-10688

all versions

A cross-site scripting (XSS) flaw was found in RESTEasy in versions before 3.11.1.Final and before 4.5.3.Final, where it did not p

6.1MEDIUM

CVE-2020-27782

all versions

A flaw was found in the Undertow AJP connector. Malicious requests and abrupt connection closes could be triggered by an attacker

7.5HIGH

CVE-2020-1717

all versions

A flaw was found in Keycloak 7.0.1. A logged in user can do an account email enumeration attack.

2.7LOW

CVE-2020-10734

all versions

A vulnerability was found in keycloak in the way that the OIDC logout endpoint does not have CSRF protection. Versions shipped wit

3.3LOW

CVE-2020-25689

all versions

A memory leak flaw was found in WildFly in all versions up to 21.0.0.Final, where host-controller tries to reconnect in a loop, ge

5.3MEDIUM

CVE-2020-14299

all versions

A flaw was found in JBoss EAP, where the authentication configuration is set-up using a legacy SecurityRealm, to delegate to a leg

6.5MEDIUM

CVE-2020-25644

all versions

A memory leak flaw was found in WildFly OpenSSL in versions prior to 1.1.3.Final, where it removes an HTTP session. It may allow t

7.5HIGH

CVE-2020-10758

all versions

A vulnerability was found in Keycloak before 11.0.1 where DoS attack is possible by sending twenty requests simultaneously to the

7.5HIGH

CVE-2020-1710

all versions

The issue appears to be that JBoss EAP 6.4.21 does not parse the field-name in accordance to RFC7230[1] as it returns a 200 instea

5.3MEDIUM

CVE-2020-14307

all versions

A vulnerability was found in Wildfly's Enterprise Java Beans (EJB) versions shipped with Red Hat JBoss EAP 7, where SessionOpenInv

6.5MEDIUM

CVE-2020-14297

all versions

A flaw was discovered in Wildfly's EJB Client as shipped with Red Hat JBoss EAP 7, where some specific EJB transaction objects may

6.5MEDIUM

CVE-2020-10705

all versions

A flaw was discovered in Undertow in versions before Undertow 2.1.1.Final where certain requests to the "Expect: 100-continue" hea

7.5HIGH

CVE-2020-10719

all versions

A flaw was found in Undertow in versions before 2.1.1.Final, regarding the processing of invalid HTTP requests with large chunk si

6.5MEDIUM

CVE-2020-1714

all versions

A flaw was found in Keycloak before version 11.0.0, where the code base contains usages of ObjectInputStream without type checks.

8.8HIGH

CVE-2020-1718

all versions

A flaw was found in the reset credential flow in all Keycloak versions before 8.0.0. This flaw allows an attacker to gain unauthor

7.1HIGH

CVE-2020-1724

all versions

A flaw was found in Keycloak in versions before 9.0.2. This flaw allows a malicious user that is currently logged in, to see the p

4.3MEDIUM

CVE-2020-1732

all versions

A flaw was found in Soteria before 1.0.1, in a way that multiple requests occurring concurrently causing security identity corrupt

4.2MEDIUM

CVE-2020-1757

all versions

A flaw was found in all undertow-2.x.x SP1 versions prior to undertow-2.0.30.SP1, all undertow-1.x.x and undertow-2.x.x versions p

8.1HIGH

CVE-2019-14887

all versions

A flaw was found when an OpenSSL security provider is used with Wildfly, the 'enabled-protocols' value in the Wildfly configuratio

9.1CRITICAL

CVE-2019-10174

all versions

A vulnerability was found in Infinispan such that the invokeAccessibly method from the public class ReflectionUtil allows any appl

8.8HIGH

CVE-2019-10219

all versions

A vulnerability was found in Hibernate-Validator. The SafeHtml validator annotation fails to properly sanitize payloads consisting

6.1MEDIUM

CVE-2019-10212

all versions

A flaw was found in, all under 2.0.20, in the Undertow DEBUG log for io.undertow.request.security. If enabled, an attacker could a

9.8CRITICAL

CVE-2019-10184

all versions

undertow before version 2.0.23.Final is vulnerable to an information leak issue. Web apps may have their directory structures pred

7.5HIGH

CVE-2019-3888

all versions

A vulnerability was found in Undertow web server before 2.0.21. An information exposure of plain text credentials through log file

9.8CRITICAL