VYPR

EAP

by JBoss

CVEs (3)

  • CVE-2022-0866MedMay 10, 2022
    risk 0.35cvss 5.3epss 0.01

    This is a concurrency issue that can result in the wrong caller principal being returned from the session context of an EJB that is configured with a RunAs principal. In particular, the org.jboss.as.ejb3.component.EJBComponent class has an incomingRunAsIdentity field. This field…

  • CVE-2020-1710MedSep 16, 2020
    risk 0.35cvss 5.3epss 0.01

    The issue appears to be that JBoss EAP 6.4.21 does not parse the field-name in accordance to RFC7230[1] as it returns a 200 instead of a 400.

  • CVE-2022-1319HigAug 31, 2022
    risk 0.00cvss 7.5epss 0.01

    A flaw was found in Undertow. For an AJP 400 response, EAP 7 is improperly sending two response packets, and those packets have the reuse flag set even though JBoss EAP closes the connection. A failure occurs when the connection is reused after a 400 by CPING since it reads in…