Skip to main content

Jboss Wildfly Application Server

8 CVEs product

Monthly

CVE-2018-1047 Maven MEDIUM PATCH This Month

A flaw was found in Wildfly 9.x. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.

Information Disclosure Path Traversal Jboss Wildfly Application Server Jboss Enterprise Application Platform
NVD
CVSS 3.0
5.5
EPSS
0.5%
CVE-2015-3198 Maven HIGH PATCH This Week

The Undertow module of WildFly 9.x before 9.0.0.CR2 and 10.x before 10.0.0.Alpha1 allows remote attackers to obtain the source code of a JSP page via a "/" at the end of a URL. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Exposure of Sensitive Information vulnerability could allow attackers to access sensitive data that should not be disclosed.

Information Disclosure Jboss Wildfly Application Server
NVD
CVSS 3.0
7.5
EPSS
0.4%
CVE-2016-4993 Maven MEDIUM PATCH This Month

CRLF injection vulnerability in the Undertow web server in WildFly 10.0.0, as used in Red Hat JBoss Enterprise Application Platform (EAP) 7.x before 7.0.2, allows remote attackers to inject arbitrary. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Red Hat Code Injection Jboss Enterprise Application Platform Jboss Wildfly Application Server
NVD
CVSS 3.0
6.1
EPSS
1.5%
CVE-2016-0793 Maven HIGH POC PATCH THREAT Act Now

Incomplete blacklist vulnerability in the servlet filter restriction mechanism in WildFly (formerly JBoss Application Server) before 10.0.0.Final on Windows allows remote attackers to read the. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and EPSS exploitation probability 35.3%.

Information Disclosure Microsoft Jboss Wildfly Application Server
NVD Exploit-DB
CVSS 3.0
7.5
EPSS
35.3%
Threat
4.1
CVE-2015-5220 MEDIUM PATCH This Month

The Web Console in Red Hat Enterprise Application Platform (EAP) before 6.4.4 and WildFly (formerly JBoss Application Server) allows remote attackers to cause a denial of service (memory consumption). Rated medium severity (CVSS 5.0), this vulnerability is remotely exploitable, low attack complexity. This Buffer Overflow vulnerability could allow attackers to corrupt memory to execute arbitrary code or crash the application.

Denial Of Service Red Hat Buffer Overflow Jboss Enterprise Application Platform Jboss Wildfly Application Server
NVD
CVSS 2.0
5.0
EPSS
1.5%
CVE-2015-5188 MEDIUM This Month

Cross-site request forgery (CSRF) vulnerability in the Web Console (web-console) in Red Hat Enterprise Application Platform before 6.4.4 and WildFly (formerly JBoss Application Server) before. Rated medium severity (CVSS 6.8), this vulnerability is remotely exploitable. No vendor patch available.

CSRF File Upload Red Hat Jboss Enterprise Application Platform Jboss Wildfly Application Server
NVD
CVSS 2.0
6.8
EPSS
0.3%
CVE-2015-5178 MEDIUM This Month

The Management Console in Red Hat Enterprise Application Platform before 6.4.4 and WildFly (formerly JBoss Application Server) does not send an X-Frame-Options HTTP header, which makes it easier for. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable. No vendor patch available.

Red Hat Information Disclosure Jboss Wildfly Application Server Jboss Enterprise Application Platform
NVD
CVSS 2.0
4.3
EPSS
0.5%
CVE-2014-0018 LOW Monitor

Red Hat JBoss Enterprise Application Platform (JBEAP) 6.2.0 and JBoss WildFly Application Server, when run under a security manager, do not properly restrict access to the Modular Service Container. Rated low severity (CVSS 1.9). No vendor patch available.

Red Hat Privilege Escalation Jboss Enterprise Application Platform Jboss Wildfly Application Server
NVD
CVSS 2.0
1.9
EPSS
0.1%
EPSS 0% CVSS 5.5
MEDIUM PATCH This Month

A flaw was found in Wildfly 9.x. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.

Information Disclosure Path Traversal Jboss Wildfly Application Server +1
NVD
EPSS 0% CVSS 7.5
HIGH PATCH This Week

The Undertow module of WildFly 9.x before 9.0.0.CR2 and 10.x before 10.0.0.Alpha1 allows remote attackers to obtain the source code of a JSP page via a "/" at the end of a URL. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Exposure of Sensitive Information vulnerability could allow attackers to access sensitive data that should not be disclosed.

Information Disclosure Jboss Wildfly Application Server
NVD
EPSS 1% CVSS 6.1
MEDIUM PATCH This Month

CRLF injection vulnerability in the Undertow web server in WildFly 10.0.0, as used in Red Hat JBoss Enterprise Application Platform (EAP) 7.x before 7.0.2, allows remote attackers to inject arbitrary. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Red Hat Code Injection Jboss Enterprise Application Platform +1
NVD
EPSS 35% 4.1 CVSS 7.5
HIGH POC PATCH THREAT Act Now

Incomplete blacklist vulnerability in the servlet filter restriction mechanism in WildFly (formerly JBoss Application Server) before 10.0.0.Final on Windows allows remote attackers to read the. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and EPSS exploitation probability 35.3%.

Information Disclosure Microsoft Jboss Wildfly Application Server
NVD Exploit-DB
EPSS 2% CVSS 5.0
MEDIUM PATCH This Month

The Web Console in Red Hat Enterprise Application Platform (EAP) before 6.4.4 and WildFly (formerly JBoss Application Server) allows remote attackers to cause a denial of service (memory consumption). Rated medium severity (CVSS 5.0), this vulnerability is remotely exploitable, low attack complexity. This Buffer Overflow vulnerability could allow attackers to corrupt memory to execute arbitrary code or crash the application.

Denial Of Service Red Hat Buffer Overflow +2
NVD
EPSS 0% CVSS 6.8
MEDIUM This Month

Cross-site request forgery (CSRF) vulnerability in the Web Console (web-console) in Red Hat Enterprise Application Platform before 6.4.4 and WildFly (formerly JBoss Application Server) before. Rated medium severity (CVSS 6.8), this vulnerability is remotely exploitable. No vendor patch available.

CSRF File Upload Red Hat +2
NVD
EPSS 1% CVSS 4.3
MEDIUM This Month

The Management Console in Red Hat Enterprise Application Platform before 6.4.4 and WildFly (formerly JBoss Application Server) does not send an X-Frame-Options HTTP header, which makes it easier for. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable. No vendor patch available.

Red Hat Information Disclosure Jboss Wildfly Application Server +1
NVD
EPSS 0% CVSS 1.9
LOW Monitor

Red Hat JBoss Enterprise Application Platform (JBEAP) 6.2.0 and JBoss WildFly Application Server, when run under a security manager, do not properly restrict access to the Modular Service Container. Rated low severity (CVSS 1.9). No vendor patch available.

Red Hat Privilege Escalation Jboss Enterprise Application Platform +1
NVD

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy