Latest redhat openshift application runtimes Vulnerabilities

CVE-2023-1108
Undertow: infinite loop in sslconduit during close
redhat/eap7-undertow<0:2.2.22-1.SP3_redhat_00002.1.el8ea
redhat/eap7-wildfly<0:7.4.9-6.GA_redhat_00004.1.el8ea
redhat/eap7-undertow<0:2.2.23-1.SP2_redhat_00001.1.el8ea
redhat/eap7-undertow-jastow<0:2.0.14-1.Final_redhat_00001.1.el8ea
redhat/eap7-undertow<0:2.2.22-1.SP3_redhat_00002.1.el9ea
redhat/eap7-wildfly<0:7.4.9-6.GA_redhat_00004.1.el9ea
and 54 more
CVE-2022-1319
A flaw was found in Undertow. For an AJP 400 response, EAP 7 is improperly sending two response packets, and those packets have the reuse flag set even though JBoss EAP closes the connection. A failur...
redhat/eap7-undertow<0:2.2.17-2.SP4_redhat_00001.1.el8ea
redhat/eap7-undertow<0:2.2.17-2.SP4_redhat_00001.1.el7ea
redhat/rh-sso7-keycloak<0:18.0.3-1.redhat_00001.1.el7
redhat/rh-sso7-keycloak<0:18.0.3-1.redhat_00001.1.el8
redhat/rh-sso7<0:1-5.el9
redhat/rh-sso7-javapackages-tools<0:6.0.0-7.el9
and 16 more
CVE-2022-1259
A flaw was found in Undertow where a potential security issue in flow control handling by browser over HTTP/2 may potentially cause overhead or DOS in the server. The highest impact of this vulnerabil...
redhat/eap7-undertow<0:2.2.19-1.SP2_redhat_00001.1.el8ea
redhat/eap7-undertow<0:2.2.19-1.SP2_redhat_00001.1.el9ea
redhat/eap7-undertow<0:2.2.19-1.SP2_redhat_00001.1.el7ea
IBM Watson Knowledge Catalog on-prem<=4.x
Redhat Build Of Quarkus
Redhat Integration Camel K
and 12 more
CVE-2021-4178
fabric8 Kubernetes client had an arbitrary code execution flaw in versions 5.0.0-beta-1 and higher. Attackers could potentially insert malicious YAMLs due to misconfigured YAML parsing.
redhat/kubernetes-client<5.0.3
redhat/kubernetes-client<5.1.2
redhat/kubernetes-client<5.3.2
redhat/kubernetes-client<5.4.2
redhat/kubernetes-client<5.7.4
redhat/kubernetes-client<5.8.1
and 25 more
CVE-2021-4104
Deserialization of untrusted data in JMSAppender in Apache Log4j 1.2
redhat/log4j<0:1.2.14-6.5.el6_10
redhat/log4j<0:1.2.17-17.el7_4
redhat/log4j<0:1.2.17-16.el7_3
redhat/log4j-eap6<0:1.2.17-3.redhat_00008.1.ep6.el6
redhat/log4j-jboss-logmanager<0:1.1.4-3.Final_redhat_00002.1.ep6.el6
redhat/jboss-as-appclient<0:7.5.24-2.Final_redhat_00001.1.ep6.el6
and 219 more
CVE-2021-3914
It was found that the smallrye health metrics UI component did not properly sanitize some user inputs. An attacker could use this flaw to conduct cross-site scripting attacks.
Redhat Build Of Quarkus<2.7.5
Redhat Build Of Quarkus
Redhat Openshift Application Runtimes=1.0
Redhat Smallrye Health
maven/io.smallrye:smallrye-health-ui<3.1.2
CVE-2021-3690
A flaw was found in Undertow. A buffer leak on the incoming WebSocket PONG message may lead to memory exhaustion. This flaw allows an attacker to cause a denial of service. The highest threat from thi...
redhat/eap7-undertow<0:2.0.38-2.SP2_redhat_00001.1.el6ea
redhat/eap7-apache-commons-io<0:2.10.0-1.redhat_00001.1.el6ea
redhat/eap7-hal-console<0:3.2.16-1.Final_redhat_00001.1.el6ea
redhat/eap7-hibernate<0:5.3.20-4.SP2_redhat_00001.1.el6ea
redhat/eap7-ironjacamar<0:1.4.35-1.Final_redhat_00001.1.el6ea
redhat/eap7-jakarta-el<0:3.0.3-2.redhat_00006.1.el6ea
and 56 more
CVE-2021-3642
A flaw was found in Wildfly Elytron in versions prior to 1.10.14.Final, prior to 1.15.5.Final and prior to 1.16.1.Final where ScramServer may be susceptible to Timing Attack if enabled. The highest th...
redhat/eap7-apache-cxf<0:3.3.12-1.redhat_00001.1.el6ea
redhat/eap7-ironjacamar<0:1.5.3-1.Final_redhat_00001.1.el6ea
redhat/eap7-jakarta-el<0:3.0.3-3.redhat_00007.1.el6ea
redhat/eap7-jboss-ejb-client<0:4.0.43-1.Final_redhat_00001.1.el6ea
redhat/eap7-jboss-server-migration<0:1.7.2-10.Final_redhat_00011.1.el6ea
redhat/eap7-jsoup<0:1.14.2-1.redhat_00002.1.el6ea
and 47 more
CVE-2021-3597
A flaw was found in undertow where HTTP2SourceChannel fails to write final frame under some circumstances may result in DoS. The highest impact of this vulnerability is availability.
redhat/eap7-apache-commons-io<0:2.10.0-1.redhat_00001.1.el6ea
redhat/eap7-hal-console<0:3.2.16-1.Final_redhat_00001.1.el6ea
redhat/eap7-hibernate<0:5.3.20-4.SP2_redhat_00001.1.el6ea
redhat/eap7-ironjacamar<0:1.4.35-1.Final_redhat_00001.1.el6ea
redhat/eap7-jakarta-el<0:3.0.3-2.redhat_00006.1.el6ea
redhat/eap7-jberet<0:1.3.9-1.Final_redhat_00001.1.el6ea
and 65 more
CVE-2020-27782
A flaw was found in the Undertow AJP connector. Malicious requests and abrupt connection closes could be triggered by an attacker using query strings with non-RFC compliant characters resulting in a d...
redhat/Undertow<2.1.5.
redhat/Undertow<2.0.33.
redhat/Undertow<2.2.3.
redhat/eap7-activemq-artemis<0:2.9.0-7.redhat_00017.1.el6ea
redhat/eap7-glassfish-jsf<0:2.3.9-12.SP13_redhat_00001.1.el6ea
redhat/eap7-hal-console<0:3.2.12-1.Final_redhat_00001.1.el6ea
and 60 more
CVE-2020-25689
A memory leak flaw was found in WildFly in all versions up to 21.0.0.Final, where host-controller tries to reconnect in a loop, generating new connections which are not properly closed while not able ...
redhat/eap7-activemq-artemis<0:2.9.0-7.redhat_00017.1.el6ea
redhat/eap7-glassfish-jsf<0:2.3.9-12.SP13_redhat_00001.1.el6ea
redhat/eap7-hal-console<0:3.2.12-1.Final_redhat_00001.1.el6ea
redhat/eap7-hibernate<0:5.3.20-1.Final_redhat_00001.1.el6ea
redhat/eap7-httpcomponents-client<0:4.5.13-1.redhat_00001.1.el6ea
redhat/eap7-jboss-ejb-client<0:4.0.37-1.Final_redhat_00001.1.el6ea
and 63 more
CVE-2020-25644
A memory leak flaw was found in WildFly OpenSSL in versions prior to 1.1.3.Final, where it removes an HTTP session. It may allow the attacker to cause OOM leading to a denial of service. The highest t...
maven/org.wildfly.openssl:wildfly-openssl-natives-parent<1.1.3.Final
redhat/eap7-activemq-artemis<0:2.9.0-6.redhat_00016.1.el6ea
redhat/eap7-fge-btf<0:1.2.0-1.redhat_00007.1.el6ea
redhat/eap7-fge-msg-simple<0:1.1.0-1.redhat_00007.1.el6ea
redhat/eap7-hal-console<0:3.2.11-1.Final_redhat_00001.1.el6ea
redhat/eap7-hibernate-validator<0:6.0.21-1.Final_redhat_00001.1.el6ea
and 67 more
CVE-2020-14297
A flaw was discovered in Wildfly's EJB Client as shipped with Red Hat JBoss EAP 7, where some specific EJB transaction objects may get accumulated over the time and can cause services to slow down and...
redhat/qpid-cpp<0:1.36.0-31.el6_10a
redhat/qpid-proton<0:0.32.0-1.el6_10
redhat/qpid-cpp<0:1.36.0-31.el7a
redhat/qpid-proton<0:0.32.0-2.el7
redhat/nodejs-rhea<0:1.0.24-1.el8
redhat/qpid-proton<0:0.32.0-2.el8
and 135 more
CVE-2020-14307
A vulnerability was found in Wildfly's Enterprise Java Beans (EJB) versions shipped with Red Hat JBoss EAP 7, where SessionOpenInvocations are never removed from the remote InvocationTracker after a r...
redhat/qpid-cpp<0:1.36.0-31.el6_10a
redhat/qpid-proton<0:0.32.0-1.el6_10
redhat/qpid-cpp<0:1.36.0-31.el7a
redhat/qpid-proton<0:0.32.0-2.el7
redhat/nodejs-rhea<0:1.0.24-1.el8
redhat/qpid-proton<0:0.32.0-2.el8
and 128 more
CVE-2020-14299
A flaw was found in JBoss EAP, where the authentication configuration is set-up using a legacy SecurityRealm, to delegate to a legacy PicketBox SecurityDomain, and then reloaded to admin-only mode. Th...
redhat/eap7-activemq-artemis<0:2.9.0-5.redhat_00011.1.el6ea
redhat/eap7-activemq-artemis-native<1:1.0.2-1.redhat_00001.1.el6ea
redhat/eap7-apache-commons-codec<0:1.14.0-1.redhat_00001.1.el6ea
redhat/eap7-apache-commons-lang<0:3.10.0-1.redhat_00001.1.el6ea
redhat/eap7-apache-cxf<0:3.3.7-1.redhat_00001.1.el6ea
redhat/eap7-artemis-native<1:1.0.2-3.redhat_1.el6ea
and 81 more
CVE-2020-10758
A vulnerability was found in Keycloak before 11.0.1 where DoS attack is possible by sending twenty requests simultaneously to the specified keycloak server, all with a Content-Length header value that...
redhat/keycloak<11.0.1
redhat/rh-sso7-keycloak<0:9.0.5-1.redhat_00001.1.el6
redhat/rh-sso7-keycloak<0:9.0.5-1.redhat_00001.1.el7
redhat/rh-sso7-keycloak<0:9.0.5-1.redhat_00001.1.el8
Redhat Keycloak<11.0.1
Redhat Openshift Application Runtimes
and 4 more
CVE-2020-10734
A vulnerability was found in keycloak in the way that the OIDC logout endpoint does not have CSRF protection. Versions shipped with Red Hat Fuse 7, Red Hat Single Sign-on 7, and Red Hat Openshift Appl...
Redhat Keycloak
Redhat Jboss Fuse=7.0.0
Redhat Openshift Application Runtimes
Redhat Single Sign-on=7.0
redhat/keycloak<18.0.0
CVE-2020-10719
A flaw was found in Undertow in versions before 2.1.1.Final, regarding the processing of invalid HTTP requests with large chunk sizes. This flaw allows an attacker to take advantage of HTTP request sm...
redhat/eap7-activemq-artemis<0:2.9.0-4.redhat_00010.1.el6ea
redhat/eap7-apache-cxf<0:3.2.12-1.redhat_00001.1.el6ea
redhat/eap7-bouncycastle<0:1.60.0-2.redhat_00002.1.el6ea
redhat/eap7-codehaus-jackson<0:1.9.13-10.redhat_00007.1.el6ea
redhat/eap7-cryptacular<0:1.2.4-1.redhat_00001.1.el6ea
redhat/eap7-glassfish-el<0:3.0.1-5.b08_redhat_00004.1.el6ea
and 278 more
CVE-2020-10688
A cross-site scripting (XSS) flaw was found in RESTEasy in versions before 3.11.1.Final and before 4.5.3.Final, where it did not properly handle URL encoding when the RESTEASY003870 exception occurs. ...
redhat/resteasy<3.11.1.
redhat/resteasy<4.5.3.
redhat/eap7-activemq-artemis<0:2.9.0-4.redhat_00010.1.el6ea
redhat/eap7-apache-cxf<0:3.3.5-1.redhat_00001.1.el6ea
redhat/eap7-bouncycastle<0:1.60.0-2.redhat_00002.1.el6ea
redhat/eap7-codehaus-jackson<0:1.9.13-10.redhat_00007.1.el6ea
and 174 more
CVE-2020-10705
A flaw was discovered in Undertow in versions before Undertow 2.1.1.Final where certain requests to the "Expect: 100-continue" header may cause an out of memory error. This flaw may potentially lead t...
Redhat Undertow<2.1.1
NetApp OnCommand Insight
Redhat Jboss Enterprise Application Platform
Redhat Openshift Application Runtimes
Redhat Jboss Enterprise Application Platform=7.2
Redhat Enterprise Linux=8.0
and 269 more
CVE-2020-1732
A flaw was found in Soteria before 1.0.1, in a way that multiple requests occurring concurrently causing security identity corruption across concurrent threads when using EE Security with WildFly Elyt...
Redhat Soteria<1.0.1
Redhat Jboss Enterprise Application Platform=7.0.0
Redhat Jboss Enterprise Application Platform Continuous Delivery
Redhat Openshift Application Runtimes
redhat/eap7-activemq-artemis<0:2.9.0-4.redhat_00010.1.el6ea
redhat/eap7-apache-cxf<0:3.2.12-1.redhat_00001.1.el6ea
and 136 more
CVE-2020-1724
A flaw was found in Keycloak in versions before 9.0.2. This flaw allows a malicious user that is currently logged in, to see the personal information of a previously logged out user in the account man...
Redhat Keycloak<9.0.2
Redhat Openshift Application Runtimes
Redhat Single Sign-on=7.0
redhat/keycloak<9.0.2
maven/org.keycloak:keycloak-core<9.0.2
<9.0.2
and 2 more
CVE-2020-1718
A flaw was found in the reset credential flow in all Keycloak versions before 8.0.0. This flaw allows an attacker to gain unauthorized access to the application.
redhat/rh-sso7-keycloak<0:4.8.20-1.Final_redhat_00001.1.el6
redhat/rh-sso7-keycloak<0:4.8.20-1.Final_redhat_00001.1.el7
redhat/rh-sso7-keycloak<0:4.8.20-1.Final_redhat_00001.1.el8
Redhat Jboss Fuse=7.0.0
Redhat Keycloak<8.0.0
Redhat Openshift Application Runtimes
CVE-2020-1717
A flaw was found in Keycloak 7.0.1. A logged in user can do an account email enumeration attack.
Redhat Keycloak=7.0.1
Redhat Jboss Fuse=7.0.0
Redhat Openshift Application Runtimes
Redhat Single Sign-on=7.0
maven/org.keycloak:keycloak-parent<=7.0.1
=7.0.1
and 3 more
CVE-2020-1710
The issue appears to be that JBoss EAP 6.4.21 does not parse the field-name in accordance to RFC7230[1] as it returns a 200 instead of a 400.
redhat/eap7-dom4j<0:2.1.3-1.redhat_00001.1.el6ea
redhat/eap7-elytron-web<0:1.2.5-1.Final_redhat_00001.1.el6ea
redhat/eap7-glassfish-jsf<0:2.3.5-13.SP3_redhat_00011.1.el6ea
redhat/eap7-hal-console<0:3.0.23-1.Final_redhat_00001.1.el6ea
redhat/eap7-hibernate<0:5.3.17-1.Final_redhat_00001.1.el6ea
redhat/eap7-hibernate-validator<0:6.0.20-1.Final_redhat_00001.1.el6ea
and 111 more
CVE-2019-14887
It was found that the OpenSSL security provider does not honor TLS version in 'enabled-protocols' value of Wildfly's legacy security configuration. An attacker could target traffic sent over a TLS con...
redhat/eap7-activemq-artemis<0:2.9.0-2.redhat_00009.1.el6ea
redhat/eap7-apache-commons-beanutils<0:1.9.4-1.redhat_00002.1.el6ea
redhat/eap7-glassfish-el<0:3.0.1-4.b08_redhat_00003.1.el6ea
redhat/eap7-glassfish-jaxb<0:2.3.3-4.b02_redhat_00001.1.el6ea
redhat/eap7-glassfish-jsf<0:2.3.5-7.SP3_redhat_00005.1.el6ea
redhat/eap7-hal-console<0:3.0.20-1.Final_redhat_00001.1.el6ea
and 224 more
CVE-2019-10219
A vulnerability was found in Hibernate-Validator. The SafeHtml validator annotation fails to properly sanitize payloads consisting of potentially malicious code in HTML comments and instructions. This...
redhat/eap7-apache-cxf<0:3.2.11-1.redhat_00001.1.el6ea
redhat/eap7-glassfish-jsf<0:2.3.5-6.SP3_redhat_00004.1.el6ea
redhat/eap7-hal-console<0:3.0.19-1.Final_redhat_00001.1.el6ea
redhat/eap7-hibernate<0:5.3.14-1.Final_redhat_00001.1.el6ea
redhat/eap7-hibernate-validator<0:6.0.18-1.Final_redhat_00001.1.el6ea
redhat/eap7-jackson-annotations<0:2.9.10-1.redhat_00003.1.el6ea
and 779 more
CVE-2019-10212
A flaw was found in the Undertow DEBUG log for io.undertow.request.security. If enabled, an attacker could abuse this flaw to obtain the user’s credentials from the log files.
redhat/eap7-activemq-artemis<0:2.9.0-1.redhat_00005.1.el6ea
redhat/eap7-codehaus-jackson<0:1.9.13-9.redhat_00006.1.el6ea
redhat/eap7-glassfish-jsf<0:2.3.5-4.SP3_redhat_00002.1.el6ea
redhat/eap7-hal-console<0:3.0.16-1.Final_redhat_00001.1.el6ea
redhat/eap7-hibernate<0:5.3.11-2.SP1_redhat_00001.1.el6ea
redhat/eap7-infinispan<0:9.3.7-1.Final_redhat_00001.1.el6ea
and 110 more
CVE-2019-10184
undertow before version 2.0.23.Final is vulnerable to an information leak issue. Web apps may have their directory structures predicted through requests without trailing slashes via the api.
maven/io.undertow:undertow-servlet<2.0.23
redhat/eap7-activemq-artemis<0:2.9.0-1.redhat_00005.1.el6ea
redhat/eap7-codehaus-jackson<0:1.9.13-9.redhat_00006.1.el6ea
redhat/eap7-glassfish-jsf<0:2.3.5-4.SP3_redhat_00002.1.el6ea
redhat/eap7-hal-console<0:3.0.16-1.Final_redhat_00001.1.el6ea
redhat/eap7-hibernate<0:5.3.11-2.SP1_redhat_00001.1.el6ea
and 117 more
CVE-2020-1714
A flaw was found in Keycloak before version 11.0.0, where the code base contains usages of ObjectInputStream without type checks. This flaw allows an attacker to inject arbitrarily serialized Java Obj...
maven/org.keycloak:keycloak-common<11.0.0
maven/org.keycloak:keycloak-core<11.0.0
Redhat Keycloak<11.0.0
Redhat Decision Manager=7.0
Redhat Jboss Fuse=7.0.0
Redhat Openshift Application Runtimes
and 3 more
CVE-2019-10174
A vulnerability was found in Infinispan such that the invokeAccessibly method from the public class ReflectionUtil allows any application class to invoke private methods in any class with Infinispan's...
redhat/eap7-glassfish-jsf<0:2.3.5-11.SP3_redhat_00009.1.el6ea
redhat/eap7-infinispan<0:9.3.9-1.Final_redhat_00001.1.el6ea
redhat/eap7-glassfish-jsf<0:2.3.5-11.SP3_redhat_00009.1.el7ea
redhat/eap7-infinispan<0:9.3.9-1.Final_redhat_00001.1.el7ea
redhat/eap7-glassfish-jsf<0:2.3.5-11.SP3_redhat_00009.1.el8ea
redhat/eap7-infinispan<0:9.3.9-1.Final_redhat_00001.1.el8ea
and 17 more
CVE-2019-3888
A vulnerability was found in Undertow web server before 2.0.21. An information exposure of plain text credentials through log files because Connectors.executeRootHandler:402 logs the HttpServerExchang...
redhat/eap7-apache-commons-codec<0:1.11.0-2.redhat_00001.1.el6ea
redhat/eap7-apache-cxf<0:3.2.7-2.redhat_00002.1.el6ea
redhat/eap7-hal-console<0:3.0.11-1.Final_redhat_00001.1.el6ea
redhat/eap7-hibernate<0:5.3.10-1.Final_redhat_00001.1.el6ea
redhat/eap7-hornetq<0:2.4.7-7.Final_redhat_2.1.el6ea
redhat/eap7-ironjacamar<0:1.4.16-2.Final_redhat_00001.1.el6ea
and 80 more
CVE-2020-1757
A flaw was found in all undertow-2.x.x SP1 versions prior to undertow-2.0.30.SP1, all undertow-1.x.x and undertow-2.x.x versions prior to undertow-2.1.0.Final, where the Servlet container causes servl...
redhat/eap7-activemq-artemis<0:2.9.0-4.redhat_00010.1.el6ea
redhat/eap7-apache-cxf<0:3.2.12-1.redhat_00001.1.el6ea
redhat/eap7-bouncycastle<0:1.60.0-2.redhat_00002.1.el6ea
redhat/eap7-codehaus-jackson<0:1.9.13-10.redhat_00007.1.el6ea
redhat/eap7-cryptacular<0:1.2.4-1.redhat_00001.1.el6ea
redhat/eap7-glassfish-el<0:3.0.1-5.b08_redhat_00004.1.el6ea
and 273 more

Company

Resources

Contact

SecAlerts Pty Ltd.
132 Wickham Terrace
Fortitude Valley,
QLD 4006, Australia
info@secalerts.co
By using SecAlerts services, you agree to our services end-user license agreement. This website is safeguarded by reCAPTCHA and governed by the Google Privacy Policy and Terms of Service. All names, logos, and brands of products are owned by their respective owners, and any usage of these names, logos, and brands for identification purposes only does not imply endorsement. If you possess any content that requires removal, please get in touch with us.
© 2024 SecAlerts Pty Ltd.
ABN: 70 645 966 203, ACN: 645 966 203