Created
September 1, 2021 07:55
-
-
Save AB-xdev/b089f02206596979dbe46523917f9a39 to your computer and use it in GitHub Desktop.
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
opt/jboss/wildfly/bin/client/jboss-client.jar | |
============================================= | |
Total: 2 (UNKNOWN: 0, LOW: 0, MEDIUM: 1, HIGH: 1, CRITICAL: 0) | |
+---------------------------+------------------+----------+-------------------+---------------+--------------------------------------+ | |
| LIBRARY | VULNERABILITY ID | SEVERITY | INSTALLED VERSION | FIXED VERSION | TITLE | | |
+---------------------------+------------------+----------+-------------------+---------------+--------------------------------------+ | |
| io.undertow:undertow-core | CVE-2018-1048 | HIGH | 2.2.8.Final | | undertow: ALLOW_ENCODED_SLASH | | |
| | | | | | option not taken into account | | |
| | | | | | in the AjpRequestParser | | |
| | | | | | -->avd.aquasec.com/nvd/cve-2018-1048 | | |
+ +------------------+----------+ +---------------+--------------------------------------+ | |
| | CVE-2018-1067 | MEDIUM | | 7.1.2 | undertow: HTTP header | | |
| | | | | | injection using CRLF with UTF-8 | | |
| | | | | | Encoding (incomplete fix of... | | |
| | | | | | -->avd.aquasec.com/nvd/cve-2018-1067 | | |
+---------------------------+------------------+----------+-------------------+---------------+--------------------------------------+ | |
opt/jboss/wildfly/modules/system/layers/base/io/undertow/core/main/undertow-core-2.2.8.Final.jar | |
================================================================================================ | |
Total: 2 (UNKNOWN: 0, LOW: 0, MEDIUM: 1, HIGH: 1, CRITICAL: 0) | |
+---------------------------+------------------+----------+-------------------+---------------+--------------------------------------+ | |
| LIBRARY | VULNERABILITY ID | SEVERITY | INSTALLED VERSION | FIXED VERSION | TITLE | | |
+---------------------------+------------------+----------+-------------------+---------------+--------------------------------------+ | |
| io.undertow:undertow-core | CVE-2018-1048 | HIGH | 2.2.8.Final | | undertow: ALLOW_ENCODED_SLASH | | |
| | | | | | option not taken into account | | |
| | | | | | in the AjpRequestParser | | |
| | | | | | -->avd.aquasec.com/nvd/cve-2018-1048 | | |
+ +------------------+----------+ +---------------+--------------------------------------+ | |
| | CVE-2018-1067 | MEDIUM | | 7.1.2 | undertow: HTTP header | | |
| | | | | | injection using CRLF with UTF-8 | | |
| | | | | | Encoding (incomplete fix of... | | |
| | | | | | -->avd.aquasec.com/nvd/cve-2018-1067 | | |
+---------------------------+------------------+----------+-------------------+---------------+--------------------------------------+ | |
opt/jboss/wildfly/modules/system/layers/base/org/apache/activemq/artemis/main/artemis-server-2.16.0.jar | |
======================================================================================================= | |
Total: 1 (UNKNOWN: 0, LOW: 0, MEDIUM: 1, HIGH: 0, CRITICAL: 0) | |
+------------------------------------+------------------+----------+-------------------+-----------------+---------------------------------------+ | |
| LIBRARY | VULNERABILITY ID | SEVERITY | INSTALLED VERSION | FIXED VERSION | TITLE | | |
+------------------------------------+------------------+----------+-------------------+-----------------+---------------------------------------+ | |
| org.apache.activemq:artemis-server | CVE-2020-13947 | MEDIUM | 2.16.0 | 5.15.14, 5.16.1 | Cross-site Scripting | | |
| | | | | | -->avd.aquasec.com/nvd/cve-2020-13947 | | |
+------------------------------------+------------------+----------+-------------------+-----------------+---------------------------------------+ | |
opt/jboss/wildfly/modules/system/layers/base/org/apache/commons/io/main/commons-io-2.5.jar | |
========================================================================================== | |
Total: 1 (UNKNOWN: 0, LOW: 0, MEDIUM: 1, HIGH: 0, CRITICAL: 0) | |
+-----------------------+------------------+----------+-------------------+---------------+---------------------------------------+ | |
| LIBRARY | VULNERABILITY ID | SEVERITY | INSTALLED VERSION | FIXED VERSION | TITLE | | |
+-----------------------+------------------+----------+-------------------+---------------+---------------------------------------+ | |
| commons-io:commons-io | CVE-2021-29425 | MEDIUM | 2.5 | 2.7 | apache-commons-io: Limited | | |
| | | | | | path traversal in Apache | | |
| | | | | | Commons IO 2.2 to 2.6 | | |
| | | | | | -->avd.aquasec.com/nvd/cve-2021-29425 | | |
+-----------------------+------------------+----------+-------------------+---------------+---------------------------------------+ | |
opt/jboss/wildfly/modules/system/layers/base/org/apache/sshd/main/sshd-core-2.6.0.jar | |
===================================================================================== | |
Total: 1 (UNKNOWN: 0, LOW: 0, MEDIUM: 1, HIGH: 0, CRITICAL: 0) | |
+---------------------------+------------------+----------+-------------------+---------------+---------------------------------------+ | |
| LIBRARY | VULNERABILITY ID | SEVERITY | INSTALLED VERSION | FIXED VERSION | TITLE | | |
+---------------------------+------------------+----------+-------------------+---------------+---------------------------------------+ | |
| org.apache.sshd:sshd-core | CVE-2021-30129 | MEDIUM | 2.6.0 | 2.7.0 | mina-sshd-core: Memory leak denial | | |
| | | | | | of service in Apache Mina SSHD Server | | |
| | | | | | -->avd.aquasec.com/nvd/cve-2021-30129 | | |
+---------------------------+------------------+----------+-------------------+---------------+---------------------------------------+ | |
opt/jboss/wildfly/modules/system/layers/base/org/apache/thrift/main/libthrift-0.13.0.jar | |
======================================================================================== | |
Total: 1 (UNKNOWN: 0, LOW: 0, MEDIUM: 0, HIGH: 1, CRITICAL: 0) | |
+-----------------------------+------------------+----------+-------------------+---------------+---------------------------------------+ | |
| LIBRARY | VULNERABILITY ID | SEVERITY | INSTALLED VERSION | FIXED VERSION | TITLE | | |
+-----------------------------+------------------+----------+-------------------+---------------+---------------------------------------+ | |
| org.apache.thrift:libthrift | CVE-2020-13949 | HIGH | 0.13.0 | 0.14.0 | libthrift: potential DoS when | | |
| | | | | | processing untrusted payloads | | |
| | | | | | -->avd.aquasec.com/nvd/cve-2020-13949 | | |
+-----------------------------+------------------+----------+-------------------+---------------+---------------------------------------+ | |
opt/jboss/wildfly/modules/system/layers/base/org/jboss/resteasy/resteasy-client-microprofile/main/resteasy-client-microprofile-3.15.1.Final.jar | |
=============================================================================================================================================== | |
Total: 1 (UNKNOWN: 0, LOW: 0, MEDIUM: 1, HIGH: 0, CRITICAL: 0) | |
+-------------------------------------------------+------------------+----------+-------------------+---------------+---------------------------------------+ | |
| LIBRARY | VULNERABILITY ID | SEVERITY | INSTALLED VERSION | FIXED VERSION | TITLE | | |
+-------------------------------------------------+------------------+----------+-------------------+---------------+---------------------------------------+ | |
| org.jboss.resteasy:resteasy-client-microprofile | CVE-2020-25633 | MEDIUM | 3.15.1.Final | 4.5.7.Final | resteasy-client: potential | | |
| | | | | | sensitive information leakage | | |
| | | | | | in JAX-RS RESTEasy Client's | | |
| | | | | | WebApplicationException handling | | |
| | | | | | -->avd.aquasec.com/nvd/cve-2020-25633 | | |
+-------------------------------------------------+------------------+----------+-------------------+---------------+---------------------------------------+ | |
opt/jboss/wildfly/modules/system/layers/base/org/jboss/resteasy/resteasy-jaxrs/main/resteasy-client-3.15.1.Final.jar | |
==================================================================================================================== | |
Total: 2 (UNKNOWN: 0, LOW: 0, MEDIUM: 2, HIGH: 0, CRITICAL: 0) | |
+------------------------------------+------------------+----------+-------------------+---------------+---------------------------------------+ | |
| LIBRARY | VULNERABILITY ID | SEVERITY | INSTALLED VERSION | FIXED VERSION | TITLE | | |
+------------------------------------+------------------+----------+-------------------+---------------+---------------------------------------+ | |
| org.jboss.resteasy:resteasy-client | CVE-2020-25633 | MEDIUM | 3.15.1.Final | 4.5.7.Final | resteasy-client: potential | | |
| | | | | | sensitive information leakage | | |
| | | | | | in JAX-RS RESTEasy Client's | | |
| | | | | | WebApplicationException handling | | |
| | | | | | -->avd.aquasec.com/nvd/cve-2020-25633 | | |
+ +------------------+ + +---------------+---------------------------------------+ | |
| | CVE-2021-20289 | | | 4.6.1.Alpha1 | resteasy: Error message exposes | | |
| | | | | | endpoint class information | | |
| | | | | | -->avd.aquasec.com/nvd/cve-2021-20289 | | |
+------------------------------------+------------------+----------+-------------------+---------------+---------------------------------------+ | |
opt/jboss/wildfly/modules/system/layers/base/org/jboss/resteasy/resteasy-jaxrs/main/resteasy-jaxrs-3.15.1.Final.jar | |
=================================================================================================================== | |
Total: 1 (UNKNOWN: 0, LOW: 0, MEDIUM: 1, HIGH: 0, CRITICAL: 0) | |
+-----------------------------------+------------------+----------+-------------------+---------------+---------------------------------------+ | |
| LIBRARY | VULNERABILITY ID | SEVERITY | INSTALLED VERSION | FIXED VERSION | TITLE | | |
+-----------------------------------+------------------+----------+-------------------+---------------+---------------------------------------+ | |
| org.jboss.resteasy:resteasy-jaxrs | CVE-2021-20289 | MEDIUM | 3.15.1.Final | | resteasy: Error message exposes | | |
| | | | | | endpoint class information | | |
| | | | | | -->avd.aquasec.com/nvd/cve-2021-20289 | | |
+-----------------------------------+------------------+----------+-------------------+---------------+---------------------------------------+ | |
opt/jboss/wildfly/modules/system/layers/base/org/jsoup/main/jsoup-1.8.3.jar | |
=========================================================================== | |
Total: 1 (UNKNOWN: 0, LOW: 0, MEDIUM: 0, HIGH: 1, CRITICAL: 0) | |
+-----------------+------------------+----------+-------------------+---------------+---------------------------------------+ | |
| LIBRARY | VULNERABILITY ID | SEVERITY | INSTALLED VERSION | FIXED VERSION | TITLE | | |
+-----------------+------------------+----------+-------------------+---------------+---------------------------------------+ | |
| org.jsoup:jsoup | CVE-2021-37714 | HIGH | 1.8.3 | 1.14.2 | jsoup: Crafted input may cause the | | |
| | | | | | jsoup HTML and XML parser to... | | |
| | | | | | -->avd.aquasec.com/nvd/cve-2021-37714 | | |
+-----------------+------------------+----------+-------------------+---------------+---------------------------------------+ | |
opt/jboss/wildfly/modules/system/layers/base/org/picketlink/common/main/picketlink-common-2.5.5.SP12-redhat-00009.jar | |
===================================================================================================================== | |
Total: 1 (UNKNOWN: 0, LOW: 0, MEDIUM: 0, HIGH: 1, CRITICAL: 0) | |
+----------------------------------+------------------+----------+-------------------------+---------------+--------------------------------------+ | |
| LIBRARY | VULNERABILITY ID | SEVERITY | INSTALLED VERSION | FIXED VERSION | TITLE | | |
+----------------------------------+------------------+----------+-------------------------+---------------+--------------------------------------+ | |
| org.picketlink:picketlink-common | CVE-2014-3530 | HIGH | 2.5.5.SP12-redhat-00009 | 2.6.1.Final | PicketLink: XXE via insecure | | |
| | | | | | DocumentBuilderFactory usage | | |
| | | | | | -->avd.aquasec.com/nvd/cve-2014-3530 | | |
+----------------------------------+------------------+----------+-------------------------+---------------+--------------------------------------+ |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment