Search for packages
| purl | pkg:rpm/redhat/eap7-jboss-server-migration@1.7.2-5.Final_redhat_00006.1?arch=el8eap |
| Next non-vulnerable version | None. |
| Latest non-vulnerable version | None. |
| Risk | 4.0 |
| Vulnerability | Summary | Fixed by |
|---|---|---|
|
VCID-73st-24ck-uydb
Aliases: CVE-2020-10687 GHSA-p9w3-gwc2-cr49 |
HTTP Request Smuggling in Undertow A flaw was discovered in all versions of Undertow before Undertow 2.2.0.Final, where HTTP request smuggling related to CVE-2017-2666 is possible against HTTP/1.x and HTTP/2 due to permitting invalid characters in an HTTP request. This flaw allows an attacker to poison a web-cache, perform an XSS attack, or obtain sensitive information from request other than their own. | There are no reported fixed by versions. |
|
VCID-amzx-sbps-xke5
Aliases: CVE-2020-28052 GHSA-73xv-w5gp-frxh |
Logic error in Legion of the Bouncy Castle BC Java An issue was discovered in Legion of the Bouncy Castle BC Java 1.65 and 1.66. The OpenBSDBCrypt.checkPassword utility method compared incorrect data when checking the password, allowing incorrect passwords to indicate they were matching with previously hashed ones that were different. | There are no reported fixed by versions. |
|
VCID-bdyj-ymzs-hfcc
Aliases: CVE-2020-8908 GHSA-5mg8-w23w-74h3 |
Information Disclosure in Guava A temp directory creation vulnerability exists in Guava prior to version 32.0.0 allowing an attacker with access to the machine to potentially access data in a temporary directory created by the Guava `com.google.common.io.Files.createTempDir()`. The permissions granted to the directory created default to the standard unix-like /tmp ones, leaving the files open. Maintainers recommend explicitly changing the permissions after the creation of the directory, or removing uses of the vulnerable method. | There are no reported fixed by versions. |
|
VCID-bpuw-kn4r-6kau
Aliases: CVE-2021-20220 GHSA-qjwc-v72v-fq6r |
HTTP request smuggling in Undertow A flaw was found in Undertow. A regression in the fix for CVE-2020-10687 was found. HTTP request smuggling related to CVE-2017-2666 is possible against HTTP/1.x and HTTP/2 due to permitting invalid characters in an HTTP request. This flaw allows an attacker to poison a web-cache, perform an XSS attack, or obtain sensitive information from request other than their own. The highest threat from this vulnerability is to data confidentiality and integrity. | There are no reported fixed by versions. |
|
VCID-fxa5-np4k-2ud9
Aliases: CVE-2020-35510 GHSA-p6j8-hgv5-m35g |
Uncontrolled Resource Consumption A flaw was found in jboss-remoting in versions before 5.0.20.SP1-redhat-00001. A malicious attacker could cause threads to hold up forever in the EJB server by writing a sequence of bytes corresponding to the expected messages of a successful EJB client request, but omitting the ACK messages, or just tamper with jboss-remoting code, deleting the lines that send the ACK message from the EJB client code resulting in a denial of service. The highest threat from this vulnerability is to system availability. | There are no reported fixed by versions. |
|
VCID-nq91-ayn4-g3h2
Aliases: CVE-2021-20250 GHSA-2259-h742-5vr4 |
JBoss EJB Client information disclosure vulnerability A flaw was found in wildfly. The JBoss EJB client has publicly accessible privileged actions which may lead to information disclosure on the server it is deployed on. The highest threat from this vulnerability is to data confidentiality. | There are no reported fixed by versions. |
| Vulnerability | Summary | Aliases |
|---|---|---|
| This package is not known to fix vulnerabilities. | ||