VulnerableCode Package Details - pkg:rpm/redhat/eap7-hal-console@3.2.12-1.Final_redhat

Search for packages

Vulnerability	Summary	Fixed by
VCID-39c9-6rv1-9kg9 Aliases: CVE-2020-25689 GHSA-97hp-6q9g-5cw2	Uncontrolled Resource Consumption in WildFly A memory leak flaw was found in WildFly in all versions up to 21.0.0.Final, where host-controller tries to reconnect in a loop, generating new connections which are not properly closed while not able to connect to domain-controller. This flaw allows an attacker to cause an Out of memory (OOM) issue, leading to a denial of service. The highest threat from this vulnerability is to system availability.	There are no reported fixed by versions.
VCID-4tqr-jxeh-f7d8 Aliases: CVE-2020-27822 GHSA-qx3p-9mmp-4v8h	Wildfly has a memory leak vulnerability A flaw was found in Wildfly affecting versions 19.0.0.Final, 19.1.0.Final, 20.0.0.Final, 20.0.1.Final, and 21.0.0.Final. When an application uses the OpenTracing API's java-interceptors, there is a possibility of a memory leak. This flaw allows an attacker to impact the availability of the server. The highest threat from this vulnerability is to system availability.	There are no reported fixed by versions.
VCID-54ek-p545-k3fj Aliases: CVE-2020-25633 GHSA-hr32-mgpm-qf2f	Generation of Error Message Containing Sensitive Information in RESTEasy client A flaw was found in RESTEasy client in all versions of RESTEasy up to 4.5.6.Final. It may allow client users to obtain the server's potentially sensitive information when the server got WebApplicationException from the RESTEasy client call. The highest threat from this vulnerability is to data confidentiality.	There are no reported fixed by versions.
VCID-beaj-uk9m-17be Aliases: CVE-2020-27782 GHSA-rhcw-wjcm-9h6g	Denial of service in Undertow A flaw was found in the Undertow AJP connector. Malicious requests and abrupt connection closes could be triggered by an attacker using query strings with non-RFC compliant characters resulting in a denial of service. The highest threat from this vulnerability is to system availability. This affects Undertow 2.1.5.SP1, 2.0.33.SP2, and 2.2.3.SP1.	There are no reported fixed by versions.
VCID-gmv1-qasy-tbcq Aliases: CVE-2020-25640 GHSA-jw3v-5ch2-wfmm	Insertion of Sensitive Information into Log File A flaw was discovered in WildFly before 21.0.0.Final where, Resource adapter logs plain text JMS password at warning level on connection error, inserting sensitive information in the log file.	There are no reported fixed by versions.
VCID-mrdq-9pb2-3qb5 Aliases: CVE-2020-13956 GHSA-7r82-7xv7-xcpj	Cross-site scripting in Apache HttpClient Apache HttpClient versions prior to version 4.5.13 and 5.0.3 can misinterpret malformed authority component in request URIs passed to the library as java.net.URI object and pick the wrong target host for request execution.	There are no reported fixed by versions.

Vulnerability

Summary

Fixed by

VCID-39c9-6rv1-9kg9
Aliases:
CVE-2020-25689
GHSA-97hp-6q9g-5cw2

Uncontrolled Resource Consumption in WildFly A memory leak flaw was found in WildFly in all versions up to 21.0.0.Final, where host-controller tries to reconnect in a loop, generating new connections which are not properly closed while not able to connect to domain-controller. This flaw allows an attacker to cause an Out of memory (OOM) issue, leading to a denial of service. The highest threat from this vulnerability is to system availability.