Summary
| Detail | |||
|---|---|---|---|
| Vendor | Redhat | First view | 2016-05-17 |
| Product | Jboss Core Services | Last view | 2023-10-10 |
| Version | - | Type | Application |
| Update | * | ||
| Edition | * | ||
| Language | * | ||
| Sofware Edition | * | ||
| Target Software | * | ||
| Target Hardware | * | ||
| Other | * | ||
| CPE Product | cpe:2.3:a:redhat:jboss_core_services | ||
Activity : Overall
Related : CVE
| Date | Alert | Description | |
|---|---|---|---|
| 7.5 | 2023-10-10 | CVE-2023-44487 | The HTTP/2 protocol allows a denial of service (server resource consumption) because request cancellation can reset many streams quickly, as exploited in the wild in August through October 2023. |
| 6.5 | 2021-07-09 | CVE-2021-3541 | A flaw was found in libxml2. Exponential entity expansion attack its possible bypassing all existing protection mechanisms and leading to denial of service. |
| 7.8 | 2021-06-01 | CVE-2021-3516 | There's a flaw in libxml2's xmllint in versions before 2.9.11. An attacker who is able to submit a crafted file to be processed by xmllint could trigger a use-after-free. The greatest impact of this flaw is to confidentiality, integrity, and availability. |
| 7.5 | 2021-05-28 | CVE-2020-25710 | A flaw was found in OpenLDAP in versions before 2.4.56. This flaw allows an attacker who sends a malicious packet processed by OpenLDAP to force a failed assertion in csnNormalize23(). The highest threat from this vulnerability is to system availability. |
| 8.6 | 2021-05-19 | CVE-2021-3517 | There is a flaw in the xml entity encoding functionality of libxml2 in versions before 2.9.11. An attacker who is able to supply a crafted file to be processed by an application linked with the affected functionality of libxml2 could trigger an out-of-bounds read. The most likely impact of this flaw is to application availability, with some potential impact to confidentiality and integrity if an attacker is able to use memory information to further exploit the application. |
| 8.8 | 2021-05-18 | CVE-2021-3518 | There's a flaw in libxml2 in versions before 2.9.11. An attacker who is able to submit a crafted file to be processed by an application linked with libxml2 could trigger a use-after-free. The greatest impact from this flaw is to confidentiality, integrity, and availability. |
| 7.5 | 2021-05-18 | CVE-2020-25709 | A flaw was found in OpenLDAP. This flaw allows an attacker who can send a malicious packet to be processed by OpenLDAP’s slapd server, to trigger an assertion failure. The highest threat from this vulnerability is to system availability. |
| 5.9 | 2021-05-14 | CVE-2021-3537 | A vulnerability found in libxml2 in versions before 2.9.11 shows that it did not propagate errors while parsing XML mixed content, causing a NULL dereference. If an untrusted XML document was parsed in recovery mode and post-validated, the flaw could be used to crash the application. The highest threat from this vulnerability is to system availability. |
| 7.5 | 2018-10-31 | CVE-2018-11759 | The Apache Web Server (httpd) specific code that normalised the requested path before matching it to the URI-worker map in Apache Tomcat JK (mod_jk) Connector 1.2.0 to 1.2.44 did not handle some edge cases correctly. If only a sub-set of the URLs supported by Tomcat were exposed via httpd, then it was possible for a specially constructed request to expose application functionality through the reverse proxy that was not intended for clients accessing the application via the reverse proxy. It was also possible in some configurations for a specially constructed request to bypass the access controls configured in httpd. While there is some overlap between this issue and CVE-2018-1323, they are not identical. |
| 6.5 | 2018-08-16 | CVE-2016-9598 | libxml2, as used in Red Hat JBoss Core Services, allows context-dependent attackers to cause a denial of service (out-of-bounds read and application crash) via a crafted XML document. NOTE: this vulnerability exists because of a missing fix for CVE-2016-4483. |
| 6.5 | 2018-08-16 | CVE-2016-9596 | libxml2, as used in Red Hat JBoss Core Services and when in recovery mode, allows context-dependent attackers to cause a denial of service (stack consumption) via a crafted XML document. NOTE: this vulnerability exists because of an incorrect fix for CVE-2016-3627. |
| 7.1 | 2017-10-23 | CVE-2017-12613 | When apr_time_exp*() or apr_os_exp_time*() functions are invoked with an invalid month field value in Apache Portable Runtime APR 1.6.2 and prior, out of bounds memory may be accessed in converting this value to an apr_time_exp_t value, potentially revealing the contents of a different static heap value or resulting in program termination, and may represent an information disclosure or denial of service vulnerability to applications which call these APR functions with unvalidated external input. |
| 7.5 | 2016-05-17 | CVE-2016-3627 | The xmlStringGetNodeList function in tree.c in libxml2 2.9.3 and earlier, when used in recovery mode, allows context-dependent attackers to cause a denial of service (infinite recursion, stack consumption, and application crash) via a crafted XML document. |
CWE : Common Weakness Enumeration
| % | id | Name |
|---|---|---|
| 15% (2) | CWE-617 | Reachable Assertion |
| 15% (2) | CWE-416 | Use After Free |
| 15% (2) | CWE-400 | Uncontrolled Resource Consumption ('Resource Exhaustion') |
| 15% (2) | CWE-125 | Out-of-bounds Read |
| 7% (1) | CWE-787 | Out-of-bounds Write |
| 7% (1) | CWE-776 | Unrestricted Recursive Entity References in DTDs ('XML Bomb') |
| 7% (1) | CWE-674 | Uncontrolled Recursion |
| 7% (1) | CWE-476 | NULL Pointer Dereference |
| 7% (1) | CWE-22 | Improper Limitation of a Pathname to a Restricted Directory ('Path ... |
Snort® IPS/IDS
| Date | Description |
|---|---|
| 2018-12-14 | Apache Tomcat mod_jk access control bypass attempt RuleID : 48384 - Type : SERVER-APACHE - Revision : 1 |
| 2018-12-14 | Apache Tomcat mod_jk access control bypass attempt RuleID : 48383 - Type : SERVER-APACHE - Revision : 1 |
| 2018-12-14 | Apache Tomcat mod_jk access control bypass attempt RuleID : 48382 - Type : SERVER-APACHE - Revision : 1 |
| 2018-12-14 | Apache Tomcat mod_jk access control bypass attempt RuleID : 48381 - Type : SERVER-APACHE - Revision : 1 |
Nessus® Vulnerability Scanner
| id | Description |
|---|---|
| 2019-01-11 | Name: The remote device is missing a vendor-supplied security patch. File: juniper_jsa10916.nasl - Type: ACT_GATHER_INFO |
| 2018-12-24 | Name: The remote Debian host is missing a security-related update. File: debian_DSA-4357.nasl - Type: ACT_GATHER_INFO |
| 2018-12-18 | Name: The remote Debian host is missing a security update. File: debian_DLA-1609.nasl - Type: ACT_GATHER_INFO |
| 2018-11-02 | Name: The remote device is missing a vendor-supplied security patch. File: f5_bigip_SOL52319810.nasl - Type: ACT_GATHER_INFO |
| 2018-10-31 | Name: The remote host is missing a macOS security update that fixes multiple vulner... File: macosx_SecUpd_10_13_6_2018-002.nasl - Type: ACT_GATHER_INFO |
| 2018-10-31 | Name: The remote host is missing a macOS or Mac OS X security update that fixes mul... File: macosx_SecUpd2018-005.nasl - Type: ACT_GATHER_INFO |
| 2018-10-18 | Name: The remote host is missing a macOS update that fixes multiple security vulner... File: macos_10_14.nasl - Type: ACT_GATHER_INFO |
| 2018-08-17 | Name: The remote PhotonOS host is missing multiple security updates. File: PhotonOS_PHSA-2017-0053.nasl - Type: ACT_GATHER_INFO |
| 2018-08-17 | Name: The remote PhotonOS host is missing multiple security updates. File: PhotonOS_PHSA-2017-1_0-0093.nasl - Type: ACT_GATHER_INFO |
| 2018-01-15 | Name: The remote Fedora host is missing a security update. File: fedora_2017-48368de8c9.nasl - Type: ACT_GATHER_INFO |
| 2017-12-07 | Name: The remote Amazon Linux AMI host is missing a security update. File: ala_ALAS-2017-928.nasl - Type: ACT_GATHER_INFO |
| 2017-12-07 | Name: The remote Virtuozzo host is missing a security update. File: Virtuozzo_VZLSA-2017-3270.nasl - Type: ACT_GATHER_INFO |
| 2017-12-01 | Name: The remote EulerOS host is missing a security update. File: EulerOS_SA-2017-1304.nasl - Type: ACT_GATHER_INFO |
| 2017-12-01 | Name: The remote EulerOS host is missing a security update. File: EulerOS_SA-2017-1303.nasl - Type: ACT_GATHER_INFO |
| 2017-11-30 | Name: The remote Scientific Linux host is missing one or more security updates. File: sl_20171129_apr_on_SL6_x.nasl - Type: ACT_GATHER_INFO |
| 2017-11-29 | Name: The remote Red Hat host is missing one or more security updates. File: redhat-RHSA-2017-3270.nasl - Type: ACT_GATHER_INFO |
| 2017-11-29 | Name: The remote Oracle Linux host is missing one or more security updates. File: oraclelinux_ELSA-2017-3270.nasl - Type: ACT_GATHER_INFO |
| 2017-11-29 | Name: The remote CentOS host is missing one or more security updates. File: centos_RHSA-2017-3270.nasl - Type: ACT_GATHER_INFO |
| 2017-11-16 | Name: The remote Fedora host is missing a security update. File: fedora_2017-8d2cfc3752.nasl - Type: ACT_GATHER_INFO |
| 2017-11-07 | Name: The remote Debian host is missing a security update. File: debian_DLA-1162.nasl - Type: ACT_GATHER_INFO |
| 2017-03-22 | Name: A data aggregation application installed on the remote host is affected by mu... File: lce_4_8_1.nasl - Type: ACT_GATHER_INFO |
| 2017-01-17 | Name: The remote Gentoo host is missing one or more security-related patches. File: gentoo_GLSA-201701-37.nasl - Type: ACT_GATHER_INFO |
| 2016-12-21 | Name: The remote device is missing a vendor-supplied security patch. File: f5_bigip_SOL54225343.nasl - Type: ACT_GATHER_INFO |
| 2016-08-29 | Name: The remote FreeBSD host is missing a security-related update. File: freebsd_pkg_e195679d045b4953bb33be0073ba2ac6.nasl - Type: ACT_GATHER_INFO |
| 2016-07-15 | Name: The remote Amazon Linux AMI host is missing a security update. File: ala_ALAS-2016-719.nasl - Type: ACT_GATHER_INFO |
