VYPR

JBossWeb

by Red Hat

CVEs (3)

  • CVE-2020-14384Sep 9, 2020
    risk 0.00cvss epss 0.01

    A flaw was found in JBossWeb in versions before 7.5.31.Final-redhat-3. The fix for CVE-2020-13935 was incomplete in JBossWeb, leaving it vulnerable to a denial of service attack when sending multiple requests with invalid payload length in a WebSocket frame. The highest threat…

  • CVE-2011-4610Feb 10, 2014
    risk 0.00cvss epss 0.02

    JBoss Web, as used in Red Hat JBoss Communications Platform before 5.1.3, Enterprise Web Platform before 5.1.2, Enterprise Application Platform before 5.1.2, and other products, allows remote attackers to cause a denial of service (infinite loop) via vectors related to a crafted…

  • CVE-2012-4529Oct 28, 2013
    risk 0.00cvss epss 0.02

    The org.apache.catalina.connector.Response.encodeURL method in Red Hat JBoss Web 7.1.x and earlier, when the tracking mode is set to COOKIE, sends the jsessionid in the URL of the first response of a session, which allows remote attackers to obtain the session id (1) via a…