Skip to main content

Jboss Data Grid CVE-2020-1710

MEDIUM
2020-09-16 secalert@redhat.com
5.3
CVSS 3.1 · NVD
Share

Severity by source

NVD PRIMARY
5.3 MEDIUM
AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N

Primary rating from NVD · only source for this CVE.

CVSS VectorNVD

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N
Attack Vector
Network
Attack Complexity
Low
Privileges Required
None
User Interaction
None
Scope
Unchanged
Confidentiality
None
Integrity
Low
Availability
None

Lifecycle Timeline

1
CVE Published
Sep 16, 2020 - 15:15 nvd
MEDIUM 5.3

DescriptionNVD

The issue appears to be that JBoss EAP 6.4.21 does not parse the field-name in accordance to RFC7230[1] as it returns a 200 instead of a 400.

AnalysisAI

The issue appears to be that JBoss EAP 6.4.21 does not parse the field-name in accordance to RFC7230[1] as it returns a 200 instead of a 400. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Technical ContextAI

The issue appears to be that JBoss EAP 6.4.21 does not parse the field-name in accordance to RFC7230[1] as it returns a 200 instead of a 400. Affected products include: Redhat Jboss Data Grid, Redhat Jboss Enterprise Application Platform, Redhat Openshift Application Runtimes, Redhat Single Sign-On.

RemediationAI

No vendor patch is available at time of analysis. Monitor vendor advisories for updates. Apply vendor patches when available. Implement network segmentation and monitoring as interim mitigations.

CVE-2021-4104 HIGH
7.5 Dec 14

JMSAppender in Log4j 1.2 is vulnerable to deserialization of untrusted data when the attacker has write access to the Lo

CVE-2020-25689 MEDIUM POC
6.5 Nov 02

A memory leak flaw was found in WildFly in all versions up to 21.0.0.Final, where host-controller tries to reconnect in

CVE-2019-10219 MEDIUM POC
6.1 Nov 08

A vulnerability was found in Hibernate-Validator. Rated medium severity (CVSS 6.1), this vulnerability is remotely explo

CVE-2019-10212 CRITICAL
9.8 Oct 02

A flaw was found in, all under 2.0.20, in the Undertow DEBUG log for io.undertow.request.security. Rated critical severi

CVE-2019-3888 CRITICAL
9.8 Jun 12

A vulnerability was found in Undertow web server before 2.0.21. Rated critical severity (CVSS 9.8), this vulnerability i

CVE-2016-4970 HIGH
7.5 Apr 13

handler/ssl/OpenSslEngine.java in Netty 4.0.x before 4.0.37.Final and 4.1.x before 4.1.1.Final allows remote attackers t

CVE-2022-1271 HIGH
8.8 Aug 31

An arbitrary file write vulnerability was found in GNU gzip's zgrep utility. Rated high severity (CVSS 8.8), this vulner

CVE-2019-10174 HIGH
8.8 Nov 25

A vulnerability was found in Infinispan such that the invokeAccessibly method from the public class ReflectionUtil allow

CVE-2018-1131 HIGH
8.8 May 15

Infinispan permits improper deserialization of trusted data via XML and JSON transcoders under certain server configurat

CVE-2020-1757 HIGH
8.1 Apr 21

A flaw was found in all undertow-2.x.x SP1 versions prior to undertow-2.0.30.SP1, all undertow-1.x.x and undertow-2.x.x

CVE-2020-25644 HIGH
7.5 Oct 06

A memory leak flaw was found in WildFly OpenSSL in versions prior to 1.1.3.Final, where it removes an HTTP session. Rate

CVE-2019-10184 HIGH
7.5 Jul 25

undertow before version 2.0.23.Final is vulnerable to an information leak issue. Rated high severity (CVSS 7.5), this vu

Share

CVE-2020-1710 vulnerability details – vuln.today

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy