Redhat: >> Jboss Enterprise Application Platform >> 7.2 Security Vulnerabilities
SubTypeValidator.java in FasterXML jackson-databind before 2.9.9.2 mishandles default typing when ehcache is used (because of net.sf.ehcache.transaction.manager.DefaultTransactionManagerLookup), leading to remote code execution.
CVSS Score
9.8
EPSS Score
0.015
Published
2019-07-29
undertow before version 2.0.23.Final is vulnerable to an information leak issue. Web apps may have their directory structures predicted through requests without trailing slashes via the api.
CVSS Score
5.3
EPSS Score
0.007
Published
2019-07-25
An information leak vulnerability was found in Undertow. If all headers are not written out in the first write() call then the code that handles flushing the buffer will always write out the full contents of the writevBuffer buffer, which may contain data from previous requests.
CVSS Score
5.3
EPSS Score
0.008
Published
2018-09-18
Page 3