VYPR

Karaf

by Apache

Source repositories

CVEs (3)

  • CVE-2016-8648HigAug 1, 2018
    risk 0.47cvss 7.2epss 0.02

    It was found that the Karaf container used by Red Hat JBoss Fuse 6.x, and Red Hat JBoss A-MQ 6.x, deserializes objects passed to MBeans via JMX operations. An attacker could use this flaw to execute remote code on the server as the user running the Java Virtual Machine if the…

  • CVE-2014-0219MedNov 15, 2017
    risk 0.36cvss 5.5epss 0.01

    Apache Karaf before 4.0.10 enables a shutdown port on the loopback interface, which allows local users to cause a denial of service (shutdown) by sending a shutdown command to all listening high ports.

  • CVE-2019-0226MedMay 9, 2019
    risk 0.25cvss 4.9epss 0.02

    Apache Karaf Config service provides a install method (via service or MBean) that could be used to travel in any directory and overwrite existing file. The vulnerability is low if the Karaf process user has limited permission on the filesystem. Any Apache Karaf version before…