exploit the possibilities
Showing 1 - 7 of 7 RSS Feed

CVE-2020-35510

Status Candidate

Overview

A flaw was found in jboss-remoting in versions before 5.0.20.SP1-redhat-00001. A malicious attacker could cause threads to hold up forever in the EJB server by writing a sequence of bytes corresponding to the expected messages of a successful EJB client request, but omitting the ACK messages, or just tamper with jboss-remoting code, deleting the lines that send the ACK message from the EJB client code resulting in a denial of service. The highest threat from this vulnerability is to system availability.

Related Files

Red Hat Security Advisory 2021-5134-05
Posted Dec 15, 2021
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2021-5134-05 - This release of Red Hat Fuse 7.10.0 serves as a replacement for Red Hat Fuse 7.9, and includes bug fixes and enhancements, which are documented in the Release Notes document linked to in the References. Issues addressed include code execution, cross site scripting, denial of service, deserialization, information leakage, memory leak, privilege escalation, server-side request forgery, and traversal vulnerabilities.

tags | advisory, denial of service, vulnerability, code execution, xss, memory leak
systems | linux, redhat
advisories | CVE-2019-10744, CVE-2019-12415, CVE-2020-11987, CVE-2020-11988, CVE-2020-13943, CVE-2020-13949, CVE-2020-15522, CVE-2020-17521, CVE-2020-17527, CVE-2020-26217, CVE-2020-26259, CVE-2020-27218, CVE-2020-27223, CVE-2020-27782, CVE-2020-28491, CVE-2020-2875, CVE-2020-2934, CVE-2020-35510, CVE-2020-9488, CVE-2021-20218, CVE-2021-21290, CVE-2021-21295, CVE-2021-21341, CVE-2021-21342, CVE-2021-21343, CVE-2021-21344
MD5 | 2ec6c192f967aaba032e6430137aa593
Red Hat Security Advisory 2021-2210-01
Posted Jun 3, 2021
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2021-2210-01 - These are CVE issues filed against XP1 releases that have been fixed in the underlying EAP 7.3.x base, so no changes to the EAP XP1 code base. Issues addressed include bypass, code execution, and information leakage vulnerabilities.

tags | advisory, vulnerability, code execution
systems | linux, redhat
advisories | CVE-2020-13936, CVE-2020-28052, CVE-2020-35510, CVE-2020-8908, CVE-2021-20220, CVE-2021-20250, CVE-2021-21290
MD5 | a23516211312cbc119ab1026f0d46c4f
Red Hat Security Advisory 2021-0974-01
Posted Mar 23, 2021
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2021-0974-01 - Red Hat Single Sign-On 7.4 is a standalone server, based on the Keycloak project, that provides authentication and standards-based single sign-on capabilities for web and mobile applications. This release of Red Hat Single Sign-On 7.4.6 serves as a replacement for Red Hat Single Sign-On 7.4.5, and includes bug fixes and enhancements, which are documented in the Release Notes document linked to in the References. Issues addressed include bypass, cross site scripting, and information leakage vulnerabilities.

tags | advisory, web, vulnerability, xss
systems | linux, redhat
advisories | CVE-2020-14302, CVE-2020-28052, CVE-2020-35510, CVE-2020-7676, CVE-2020-8908, CVE-2021-20220, CVE-2021-20250
MD5 | c83639cf9e776c60527f889bf632c6f1
Red Hat Security Advisory 2021-0873-01
Posted Mar 17, 2021
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2021-0873-01 - Red Hat JBoss Enterprise Application Platform 7 is a platform for Java applications based on the WildFly application runtime. This release of Red Hat JBoss Enterprise Application Platform 7.3.6 serves as a replacement for Red Hat JBoss Enterprise Application Platform 7.3.5, and includes bug fixes and enhancements. See the Red Hat JBoss Enterprise Application Platform 7.3.6 Release Notes for information about the most significant bug fixes and enhancements included in this release. Issues addressed include bypass and information leakage vulnerabilities.

tags | advisory, java, vulnerability
systems | linux, redhat
advisories | CVE-2020-10687, CVE-2020-28052, CVE-2020-35510, CVE-2020-8908, CVE-2021-20220, CVE-2021-20250
MD5 | ced55fda1d17a07102899bad300c6084
Red Hat Security Advisory 2021-0872-01
Posted Mar 17, 2021
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2021-0872-01 - Red Hat JBoss Enterprise Application Platform 7 is a platform for Java applications based on the WildFly application runtime. This release of Red Hat JBoss Enterprise Application Platform 7.3.6 serves as a replacement for Red Hat JBoss Enterprise Application Platform 7.3.5, and includes bug fixes and enhancements. See the Red Hat JBoss Enterprise Application Platform 7.3.6 Release Notes for information about the most significant bug fixes and enhancements included in this release. Issues addressed include bypass and information leakage vulnerabilities.

tags | advisory, java, vulnerability
systems | linux, redhat
advisories | CVE-2020-10687, CVE-2020-28052,