This CPE summary could be partial or incomplete. Please contact us for a detailed listing.

Summary

Detail
Vendor Redhat First view 2018-08-16
Product Jboss Core Services Last view 2021-07-09
Version - Type Application
Update *  
Edition *  
Language *  
Sofware Edition *  
Target Software *  
Target Hardware *  
Other *  
 
CPE Product cpe:2.3:a:redhat:jboss_core_services

Activity : Overall

Related : CVE

  Date Alert Description
6.5 2021-07-09 CVE-2021-3541

A flaw was found in libxml2. Exponential entity expansion attack its possible bypassing all existing protection mechanisms and leading to denial of service.

7.8 2021-06-01 CVE-2021-3516

There's a flaw in libxml2's xmllint in versions before 2.9.11. An attacker who is able to submit a crafted file to be processed by xmllint could trigger a use-after-free. The greatest impact of this flaw is to confidentiality, integrity, and availability.

7.5 2021-05-28 CVE-2020-25710

A flaw was found in OpenLDAP in versions before 2.4.56. This flaw allows an attacker who sends a malicious packet processed by OpenLDAP to force a failed assertion in csnNormalize23(). The highest threat from this vulnerability is to system availability.

8.6 2021-05-19 CVE-2021-3517

There is a flaw in the xml entity encoding functionality of libxml2 in versions before 2.9.11. An attacker who is able to supply a crafted file to be processed by an application linked with the affected functionality of libxml2 could trigger an out-of-bounds read. The most likely impact of this flaw is to application availability, with some potential impact to confidentiality and integrity if an attacker is able to use memory information to further exploit the application.

8.8 2021-05-18 CVE-2021-3518

There's a flaw in libxml2 in versions before 2.9.11. An attacker who is able to submit a crafted file to be processed by an application linked with libxml2 could trigger a use-after-free. The greatest impact from this flaw is to confidentiality, integrity, and availability.

7.5 2021-05-18 CVE-2020-25709

A flaw was found in OpenLDAP. This flaw allows an attacker who can send a malicious packet to be processed by OpenLDAP’s slapd server, to trigger an assertion failure. The highest threat from this vulnerability is to system availability.

5.9 2021-05-14 CVE-2021-3537

A vulnerability found in libxml2 in versions before 2.9.11 shows that it did not propagate errors while parsing XML mixed content, causing a NULL dereference. If an untrusted XML document was parsed in recovery mode and post-validated, the flaw could be used to crash the application. The highest threat from this vulnerability is to system availability.

7.5 2018-10-31 CVE-2018-11759

The Apache Web Server (httpd) specific code that normalised the requested path before matching it to the URI-worker map in Apache Tomcat JK (mod_jk) Connector 1.2.0 to 1.2.44 did not handle some edge cases correctly. If only a sub-set of the URLs supported by Tomcat were exposed via httpd, then it was possible for a specially constructed request to expose application functionality through the reverse proxy that was not intended for clients accessing the application via the reverse proxy. It was also possible in some configurations for a specially constructed request to bypass the access controls configured in httpd. While there is some overlap between this issue and CVE-2018-1323, they are not identical.

6.5 2018-08-16 CVE-2016-9598

libxml2, as used in Red Hat JBoss Core Services, allows context-dependent attackers to cause a denial of service (out-of-bounds read and application crash) via a crafted XML document. NOTE: this vulnerability exists because of a missing fix for CVE-2016-4483.

6.5 2018-08-16 CVE-2016-9596

libxml2, as used in Red Hat JBoss Core Services and when in recovery mode, allows context-dependent attackers to cause a denial of service (stack consumption) via a crafted XML document. NOTE: this vulnerability exists because of an incorrect fix for CVE-2016-3627.

CWE : Common Weakness Enumeration

%idName
20% (2) CWE-617 Reachable Assertion
20% (2) CWE-416 Use After Free
10% (1) CWE-787 Out-of-bounds Write
10% (1) CWE-776 Unrestricted Recursive Entity References in DTDs ('XML Bomb')
10% (1) CWE-476 NULL Pointer Dereference
10% (1) CWE-400 Uncontrolled Resource Consumption ('Resource Exhaustion')
10% (1) CWE-125 Out-of-bounds Read
10% (1) CWE-22 Improper Limitation of a Pathname to a Restricted Directory ('Path ...

Snort® IPS/IDS

Date Description
2018-12-14 Apache Tomcat mod_jk access control bypass attempt
RuleID : 48384 - Type : SERVER-APACHE - Revision : 1
2018-12-14 Apache Tomcat mod_jk access control bypass attempt
RuleID : 48383 - Type : SERVER-APACHE - Revision : 1
2018-12-14 Apache Tomcat mod_jk access control bypass attempt
RuleID : 48382 - Type : SERVER-APACHE - Revision : 1
2018-12-14 Apache Tomcat mod_jk access control bypass attempt
RuleID : 48381 - Type : SERVER-APACHE - Revision : 1

Nessus® Vulnerability Scanner

id Description
2018-12-24 Name: The remote Debian host is missing a security-related update.
File: debian_DSA-4357.nasl - Type: ACT_GATHER_INFO
2018-12-18 Name: The remote Debian host is missing a security update.
File: debian_DLA-1609.nasl - Type: ACT_GATHER_INFO