Redhat Jboss Wildfly Application Server — known CVE vulnerabilities
Every CVE whose affected-product data names Redhat Jboss Wildfly Application Server, ordered by CVSS severity, with EPSS exploit prediction and CISA KEV status.
CVEs (9)
CVE-2015-3198 — CVSS 7.5 (high): The Undertow module of WildFly 9.x before 9.0.0.CR2 and 10.x before 10.0.0.Alpha1 allows remote attackers to obtain the source code of a…
CVE-2016-9589 — CVSS 7.5 (high): Undertow in Red Hat wildfly before version 11.0.0.Beta1 is vulnerable to a resource exhaustion resulting in a denial of service. Undertow…
CVE-2016-0793 — CVSS 7.5 (high): Incomplete blacklist vulnerability in the servlet filter restriction mechanism in WildFly (formerly JBoss Application Server) before…
CVE-2015-5188 — CVSS 6.8 (medium): Cross-site request forgery (CSRF) vulnerability in the Web Console (web-console) in Red Hat Enterprise Application Platform before 6.4.4…
CVE-2016-4993 — CVSS 6.1 (medium): CRLF injection vulnerability in the Undertow web server in WildFly 10.0.0, as used in Red Hat JBoss Enterprise Application Platform (EAP)…
CVE-2018-1047 — CVSS 5.5 (medium): A flaw was found in Wildfly 9.x. A path traversal vulnerability through the org.wildfly.extension.undertow.deployment.ServletResourceManager…
CVE-2015-5220 — CVSS 5.0 (medium): The Web Console in Red Hat Enterprise Application Platform (EAP) before 6.4.4 and WildFly (formerly JBoss Application Server) allows remote…
CVE-2015-5178 — CVSS 4.3 (medium): The Management Console in Red Hat Enterprise Application Platform before 6.4.4 and WildFly (formerly JBoss Application Server) does not…
CVE-2014-0018 — CVSS 1.9 (low): Red Hat JBoss Enterprise Application Platform (JBEAP) 6.2.0 and JBoss WildFly Application Server, when run under a security manager, do not…