← Back

Jboss Core Services Httpd

jboss_core_services_httpd

Vendor: Redhat • 2 CVEs

CVEs (2)

CVE
VENDORS
PRODUCTS
UPDATED
PUBLISHED
CVSS
CVE-2021-3688
1Redhat
1Jboss Core Services Httpd
Nov 21, 2024
Aug 26, 2022
N/A· v4
4.8 MEDIUM· v3
N/A· v2
A flaw was found in Red Hat JBoss Core Services HTTP Server in all versions, where it does not properly normalize the path component of a request URL contains dot-dot-semicolon(s). This flaw could allow an attacker to ac...Show more
A flaw was found in Red Hat JBoss Core Services HTTP Server in all versions, where it does not properly normalize the path component of a request URL contains dot-dot-semicolon(s). This flaw could allow an attacker to access unauthorized information or possibly conduct further attacks. The highest threat from this vulnerability is to data confidentiality and integrity.Show less
CVE-2020-25680
1Redhat
1Jboss Core Services Httpd
Nov 21, 2024
Jan 7, 2021
N/A· v4
5.4 MEDIUM· v3
5.5 MEDIUM· v2
A flaw was found in JBCS httpd in version 2.4.37 SP3, where it uses a back-end worker SSL certificate with the keystore file's ID is 'unknown'. The validation of the certificate whether CN and hostname are matching stopp...Show more
A flaw was found in JBCS httpd in version 2.4.37 SP3, where it uses a back-end worker SSL certificate with the keystore file's ID is 'unknown'. The validation of the certificate whether CN and hostname are matching stopped working and allow connecting to the back-end work. The highest threat from this vulnerability is to data integrity.Show less