VYPR

Jboss Middleware Text Only Advisories

by Red Hat

CVEs (2)

  • CVE-2016-4437CriKEVJun 7, 2016
    risk 0.79cvss 9.8epss 0.93

    Apache Shiro before 1.2.5, when a cipher key has not been configured for the "remember me" feature, allows remote attackers to execute arbitrary code or bypass intended access restrictions via an unspecified request parameter.

  • CVE-2016-4970HigApr 13, 2017
    risk 0.50cvss 7.5epss 0.11

    handler/ssl/OpenSslEngine.java in Netty 4.0.x before 4.0.37.Final and 4.1.x before 4.1.1.Final allows remote attackers to cause a denial of service (infinite loop).